Zero Trust Security and BeyondCorp™

By Ryan Squires Posted March 11, 2019

Google BeyondCorp Zero Trust Security

What is the relationship between Zero Trust Security and BeyondCorp™? This question is especially pertinent considering the fact that many organizations are looking to take their IT security up to the next level. Read on to find out about how Zero Trust Security and BeyondCorp intersect, and what they can do to bolster your IT security.

A Sharp Departure: Zero Trust and the Domain

In short, Zero Trust Security is a modern approach to IT security. Instead of the perimeter model of security where those on the inside are trusted and everything on the outside is not, Zero Trust Security asserts that everything is untrusted. For example, users, systems, networks, and even IT resources are all untrusted by default. This is much different from the concept of the domain in that once you’ve logged into the domain, you have instant access to your Windows®-based tools. With Zero Trust Security, every connection needs to be verified through a variety of mechanisms in order for it to be trusted. It is a radical departure from how network security has typically been viewed by IT organizations and admins in the past.

How Does Google™ Intersect with Zero Trust?

BeyondCorp is Google™’s model implementation of Zero Trust Security. With their global requirements and intense focus on security, Google realized that their approach to security needed to change and innovate with the times. As a result, Google created the BeyondCorp model, which is employed at brick and mortar Google offices and beyond to anywhere its users are working around the globe. That means users don’t need to authenticate into VPNs to access Active Directory®. IT organizations don’t need to forgo VPNs altogether either; they’re still incredibly useful tools, they just don’t need them to access AD, and by extension, their Windows-based IT resources. But, in order for this all to work, authentication must be done safely and securely, which brings us to the impetus for this change in network security philosophy.

Why Now?

For most IT organizations, the changing IT landscape from on-prem to cloud and from Windows-based solutions to mixed-platform environments is creating a significant ripple effect in terms of security. IT organizations are realizing that their traditional perimeter approach to security won’t work in today’s modern, cloud-forward IT environments. As a result of this change, the tenets of the Zero Trust Security model are quite interesting. Of course, the challenge is how to implement Zero Trust from their current position. This is where Google’s BeyondCorp model comes in. BeyondCorp gives IT organizations a variety of ideas and approaches that can be leveraged to help organizations implement Zero Trust Security.

Zero Trust Security and IAM

At the core of the Zero Trust Security model is identity and access management (IAM). Strong IAM practices ensure that the right people are accessing the right IT resources in a given organization. This is also one of the key tenets of Zero Trust Security and BeyondCorp. Further, system security settings and policies are an important factor to help generate trust. And then, of course, network access is a critical component of this model as well. All of these crucial areas and more are covered in the modern cloud identity management platform, JumpCloud® Directory-as-a-Service®.

A Modern Directory for Modern Security Initiatives

Directory-as-a-Service enables IT admins and organizations to lock down their systems and do so without Active Directory calling the shots. With JumpCloud, IT admins can remotely deploy policies to disable USB ports, automatically push OS updates, and set screen locks. And, because JumpCloud is a platform agnostic solution, most of these policies work across the three major platforms—Windows, Mac®, and Linux®.

Essentially, when you can ensure that the systems users are working on are safe, you can trust them to enter the network. In addition, with RADIUS-as-a-Service, IT admins can increase their network security posture by authenticating users via their unique, core set of credentials—the ones they use to get into their system. Now, trust is built into the network because unauthorized users are kept out. Further, when you apply multi-factor authentication (MFA) to the user portal, you can ensure that only those with the correctly linked smartphone and TOTP code can access applications. In short, trust is something to be earned in the modern network, and JumpCloud helps you build it into your IT environment.

Ready for More?

If you want to see how Zero Trust Security and BeyondCorp can be implemented at your organization with JumpCloud, drop us a line today. Or, if you want to just test the product out, sign up for an account. It’s good for 10 users and requires no credit card at all. Once you’re signed up, pay a visit to our Knowledge Base or YouTube channel to learn more about implementation and how JumpCloud works.

Ryan Squires

Ryan Squires is a content writer at JumpCloud, a company dedicated to connecting users to the IT resources they need securely and efficiently. He has a degree in Journalism and Media Communication from Colorado State University.

Recent Posts