What is zero trust identity security?
A zero trust network is one in which no person, device, or network enjoys inherent trust. All trust, which allows access to information, must be earned, and the first step of that is demonstrating valid identity. A system needs to know who you are, confidently, before it can determine what you should have access to. Add to that the understanding of what you can access–authorization–and you’ve got the core foundation of zero trust security.
At Google we rely on a zero trust system known as BeyondCorp, to move beyond the idea of a privileged corporate network.
In this issue of GCP Comics we discuss ways of acquiring trust, as our friend attempts to visit some distant relatives.
Why set up a zero trust model?
Here are a few compelling reasons for setting up a zero trust system:
Preserve the productivity of your employees working from home, from the office, from a coffee shop, or from anywhere else
- Deploy quickly, faster than a traditional VPN system, for rapid onboarding
- Spin up new device access quickly in case of unexpected latté-applied-to-laptop and similar incidents
- Give each web application its own access control, for precise security and lower risk
- Decide access based on identity, device health, location, time of day, or other factors
Google zero trust tools can protect your workloads on any public cloud, or on-premises, so you don’t need to move your applications to improve their security
Benefits of zero trust
Zero trust systems can be invisible to the employees at your company. They sign in, they use a strong second factor, and they are ready to go.
The authentication and authorization aren’t tied to your location. Previous methods of access control relied on trusted networks, giving privileged access to anyone inside the established corporate network. With a zero trust model it’s easy to work from home and access all the same systems and tools.
Switching to a zero trust system has helped Google, and many other enterprises, reduce their exposure and minimize security incidents, proactively stopping phishing-based attacks and lateral movement after a compromise.
- BeyondCorp Remote Access, our enterprise grade security offering for protecting workloads on Google Cloud, other clouds, or on-premises
- BeyondCorp at Google, our own zero trust implementation
- Published research papers on how Google created, deployed, and evolved the BeyondCorp model.
- Identity-Aware Proxy, The Google Cloud protective layer used to create context-based access to apps, VMs, and services.
Related Google News:
- Earning customer trust through a pandemic: delivering our 2020 CCAG pooled audit April 22, 2021
- Use Virtual Private Cloud Service Controls to create security perimeters around Google Cloud… April 21, 2021
- A New Standard for Mobile App Security April 15, 2021
- New Rules homepage in the Admin console make security simpler April 13, 2021
- Keyless API authentication—Better cloud security through workload identity federation, no… April 8, 2021
- Building global momentum with government and security compliance certifications April 8, 2021
- How Google Cloud can help the Public Sector embrace zero trust March 30, 2021
- Devices and zero trust March 29, 2021