No Perimeter: Zero Trust & BeyondCorp Remote Access

Posted by Doug Sainato, Enterprise Cloud Account Executive

Jun 16, 2020

featured-image

With the rapid proliferation of remote work and the use of virtual private networks (VPN) over the past few months, we’ve seen customers run into many challenges with their remote-access VPN. These include bandwidth and security concerns.

When it comes to network security, the best rule of thumb is to trust no one. This means not just those on the outside of your network but also those on the inside. That concept has evolved since its 2010 inception and has gained momentum in IT departments in recent years as work-from-anywhere becomes a norm, rather than the exception. Here’s a look at how that happens.

What is Zero Trust Security?

Solutions like Google’s BeyondCorp Remote Access eliminate these issues, reduce IT project risks and deliver a secure enterprise computing environment that doesn’t focus on secure perimeters. For reference, in a traditional perimeter-based security model, outsiders have a tough time gaining access to a network. Everyone on the inside, however, is trusted by default. 

That sounds great until someone inside launches a malicious attack or a hacker breaches the network and becomes an “insider.” This has been the case in some of the most damaging data breaches. 

ransomewareEach year, IBM and the Ponemon Institute co-release the co-branded “Cost of a Data Breach Report.” The 2019 study shows that the average data breach costs $3.92 million with the most costly at $8.19 million. What’s at stake during the average breach? About 25,575 data records, the report reveals.

Such breaches gave birth to the Zero Trust security model. Fun fact: This security model grew out of work from analyst John Kindervag in 2010 when he was working for Forrester Research Inc. Kindverag, now CTO at Palo Alto Networks, continues to spread the gospel of Zero Trust.

Zero Trust security is based on the idea that organizations shouldn’t trust anyone, inside or outside of its network perimeters. Every attempt to access the network needs to be verified before access is granted. That means no access to IP addresses, machines, business apps, data...absolutely nothing. This approach authenticates both the user and the device before allowing role-based, context-aware access.

VPN

VPNs still run on a perimeter model, which doesn’t allow close scrutiny of every account and device logging into the network. Organizations are still using them, even in this era of widespread distributed workforces, but increasingly, this method of connecting remotely is losing favor. 

In fact, Gartner predicts that over the next three years, 60% of enterprises will be phasing out VPNs. VPNs death march has begun, as noted in this Network World article from December 2019. 

This is where BeyondCorp comes in.

What’s the Story about BeyondCorp Zero Trust Security?

zero trustBeyondCorp grew out of Google’s own need to improve its security. In late 2009, the company suffered a prolonged, advanced persistent attack (APT) named Operation Aurora. APTs seek to gain and maintain ongoing access to a network in order to mine sensitive data.

During the recovery phase, Google officials realized it needed better enterprise security and looked toward Zero Trust as the solution. It sought a way to move away from network segmentation and implement its own Zero Trust security network. BeyondCorp was born.

Google now deploys all of its corporate apps to the public Internet, making them accessible through user and device-centric authentication and authorization workflows. This ultimately meant its employees can securely work from anywhere on an untrusted network without needing to use a traditional VPN.

It’s a game-changer, and it’s now available for enterprise use. BeyondCorp Remote Access gives your remote workers a secure, reliable way to access work apps through Google’s global network using any device from any location. It’s all driven by Zero Trust security.

beyondcorp webinar

Subscribe for Updates

Doug Sainato, Enterprise Cloud Account Executive

Across his 20+-year tech career, Doug Sanaito has helped organizations get the most out of the cloud. He has served as a business analyst, sales/solution engineer and sales account executive, roles that reflect his lifelong love of analytical problem-solving. It comes in handy more often than not in the tech world, as he can attest. When he joined Onix six years ago, he started as a Google Apps SESolution Engineer, a role that helped him quickly develop a passion for the cloud infrastructure and all of the possibilities it offers to organizations launching a cloud journey. He’s an original member of Onix’s GCP team and has held sales, consulting and leadership roles. When his head is out of the cloud, Doug enjoys listening to the Beatles, visiting the beach and finally hoping to catch a big fish.

Popular posts

AWS 101: What is Amazon S3 and Why Should I Use It?

Kubernetes 101: What are Nodes and Clusters?

Update: How to Pass the AWS Solutions Architect Professional Exam