Beyond the Firewall
This week, we got a lot of response from a story we did about a Google initiative to re-engineer its entire approach to security, a “zero-trust” model which the company dubbed “BeyondCorp.” In short, the company abandoned the wall-and-moat model of establishing a firewall around the company’s internal network and apps, instead opting to authenticate users at their devices and at the individual app level.
In effect, the company entirely got rid of the virtual private network, which must sound like good news to any network admin who has struggled with that technology in the past 20 years. Even more amazing was that the team who worked on the project, discussed at the O’Reilly Security Conference in New York last fall, was able to shift all of Google’s employees, including remotes ones, over to this new model, with minimal disruption.
Zero trust is not a new idea, but with organizations moving at least some of their workloads to the cloud —not to mention how they may be hosting a whole range of public-facing apps that are tied into backend systems — the whole perimeter model gets awful muddy and difficult to coherently support by any sort of coherent strategy. Last August, we covered how ScaleFT has adopted this zero-trust approach for its access management platform. Google’s own approach uses an uber-reverse proxy, a “trust engine” that makes the decision of whether or not to provide access to the desired application. We expect to see more security companies aligning their products and services along this approach in the years to come.
As someone pointed out on Hacker News, “Most companies need to be able to answer the question, 'Is this client one of ours,’ when protecting sensitive resources. Most companies will instead answer the question, ‘is the client on our network,’ and pretend that it was the same question. The fact that it clearly is not has some very obvious security implications and attack vectors that we've been living with for decades. BeyondCorp tries to more directly answer the original question about device identity rather than subbing in the network question in its place.”
|