With the rapid proliferation of remote work and the use of virtual private networks (VPN) over the past few months, we’ve seen customers run into many challenges with their remote-access VPN. These include bandwidth and security concerns.
When it comes to network security, the best rule of thumb is to trust no one. This means not just those on the outside of your network but also those on the inside. That concept has evolved since its 2010 inception and has gained momentum in IT departments in recent years as work-from-anywhere becomes a norm, rather than the exception. Here’s a look at how that happens.
What is Zero Trust Security?
Solutions like Google’s BeyondCorp Remote Access eliminate these issues, reduce IT project risks and deliver a secure enterprise computing environment that doesn’t focus on secure perimeters. For reference, in a traditional perimeter-based security model, outsiders have a tough time gaining access to a network. Everyone on the inside, however, is trusted by default.
That sounds great until someone inside launches a malicious attack or a hacker breaches the network and becomes an “insider.” This has been the case in some of the most damaging data breaches.
Each year, IBM and the Ponemon Institute co-release the co-branded “Cost of a Data Breach Report.” The 2019 study shows that the average data breach costs $3.92 million with the most costly at $8.19 million. What’s at stake during the average breach? About 25,575 data records, the report reveals.
Such breaches gave birth to the Zero Trust security model. Fun fact: This security model grew out of work from analyst John Kindervag in 2010 when he was working for Forrester Research Inc. Kindverag, now CTO at Palo Alto Networks, continues to spread the gospel of Zero Trust.
Zero Trust security is based on the idea that organizations shouldn’t trust anyone, inside or outside of its network perimeters. Every attempt to access the network needs to be verified before access is granted. That means no access to IP addresses, machines, business apps, data...absolutely nothing. This approach authenticates both the user and the device before allowing role-based, context-aware access.
VPNs still run on a perimeter model, which doesn’t allow close scrutiny of every account and device logging into the network. Organizations are still using them, even in this era of widespread distributed workforces, but increasingly, this method of connecting remotely is losing favor.
In fact, Gartner predicts that over the next three years, 60% of enterprises will be phasing out VPNs. VPNs death march has begun, as noted in this Network World article from December 2019.
This is where BeyondCorp comes in.
What’s the Story about BeyondCorp Zero Trust Security?
BeyondCorp grew out of Google’s own need to improve its security. In late 2009, the company suffered a prolonged, advanced persistent attack (APT) named Operation Aurora. APTs seek to gain and maintain ongoing access to a network in order to mine sensitive data.
During the recovery phase, Google officials realized it needed better enterprise security and looked toward Zero Trust as the solution. It sought a way to move away from network segmentation and implement its own Zero Trust security network. BeyondCorp was born.
Google now deploys all of its corporate apps to the public Internet, making them accessible through user and device-centric authentication and authorization workflows. This ultimately meant its employees can securely work from anywhere on an untrusted network without needing to use a traditional VPN.
It’s a game-changer, and it’s now available for enterprise use. BeyondCorp Remote Access gives your remote workers a secure, reliable way to access work apps through Google’s global network using any device from any location. It’s all driven by Zero Trust security.
