In Blog, Security

Zero Trust Security

As the IT landscape has changed, many IT organizations are looking at the Zero Trust Security model as a potential way to reduce the risk of a security breach. With web applications and cloud infrastructure usage on the rise in the majority of organizations, the perimeter for most IT organizations has effectively evaporated. With no perimeter to secure, Google has created a model for Zero Trust Security and it is called BeyondCorp™. In this article, we will discuss answers to the question, “What is BeyondCorp?” and why this Zero Trust Security implementation could be instructive.

What is Zero Trust Security?

The concept of Zero Trust Security started a few years ago and has only been gaining more ground. The reasoning behind its conception is quite simple, with web and cloud infrastructure and a more mobile workforce, the network perimeter was vanishishing. No longer were all the resources a user required locked away behind firewalls and VPNs; they were all on the web itself. Due to this distinction, Zero Trust Security’s fundamental tenet is that everything should be untrusted including: users, systems, IT resources, networks, etc.—and that trust should be generated through a variety of challenges and data points.

Google’s Take with BeyondCorp

Google understood this better than anyone because of their focus on shifting IT resources to the cloud as well as their globally dispersed workforce. In order to improve the security and productivity of their employees Google created the BeyondCorp (Beyond the Corporate network) model, which was loosely based on the concepts from Zero Trust Security. Google’s interpretation created a model to verify identities, validate the health of systems, and ensure secure connections for their employees when they were working online. This system meant that Google did not have the concept of a perimeter or domain for their employees, instead Google required that trust be generated each step of the way. A lot of these processes would happen behind the scenes, invisible to the end user, but of course ensuring that the person is who they say they are. This represents a foundational aspect of their system.

When the Rubber Hits the Road

BeyondCorpOf course, for most organizations, implementing Google’s BeyondCorp model is no easy chore. Most organizations do not have the resources, nor the expertise of Google, so finding commercial implementations that fit the bill is useful. At its base, the foundation for both BeyondCorp and the Zero Trust Security Model is identity management. That means confirming a user’s identity is foundational to establishing trust. Historically, that has been done by Microsoft’s on-prem Active Directory platform for most organizations. But, with the elimination of the perimeter concept under BeyondCorp, Active Directory® (AD) and Azure® AD in comparison are taking an orthogonal approach to this security best practices approach. With Microsoft’s approach, the perimeter remains.

In contrast, many IT organizations are shifting their attention to a cloud identity management platform that can seamlessly implement the concept under BeyondCorp and Zero Trust Security. This solution is called JumpCloud® Directory-as-a-Service®, and it uniquely secures and connects users with their IT resources.

First, by leveraging popular protocols such as SAML, LDAP, and RADIUS, users can uniquely authenticate to the variety of tools they use daily. Second, system management Policies like automatic OS updates, disable USB storage, and more can ensure that the systems your users work on are secure and healthy. Finally, with regard to network connections, JumpCloud monitors user access to each server in addition to monitoring all user logins, privileged commands, and it also alerts of abnormalities. In addition, Directory-as-a-Service uses a highly secure TLS PKI binding architecture and only requires an outbound 443 connection, so you can be sure that communication between the JumpCloud agent and individual systems is secure. In short, JumpCloud supports the tenets of BeyondCorp.

Learn More About JumpCloud and BeyondCorp

Hopefully answering the question of “What is BeyondCorp” is a bit easier now, and if you’d like to see how your organization can improve your security with JumpCloud sign up for an account today. It’s free, and with it you can manage up to 10 users forever using the full breadth of the Directory-as-a-Service product. Need more users? Head on over to the pricing page to see how you can scale with Jumpcloud. For other inquiries, check out our Knowledge Base, or drop us a line.

 

Recent Posts