Google, Zero Trust and Securing the Breach

Last updated: 28 April 2016

Google HeadquartersIt may have taken five years, but as far as the company is concerned, the effort has paid off: last week, Google announced the completion of its deployment of BeyondCorp, a zero-trust IT and security architecture based on protecting identity and data, rather than looking to protect the perimeter of the organization’s IT hardware.

We can only applaud this move. As we wrote in our Secure the Breach Manifesto, “Whether internal or external, breaches are inevitable. In today’s environment, the core of any security strategy needs to shift from ‘breach prevention’ to ‘breach acceptance.’ And, when one approaches security from a breach-acceptance viewpoint, the world becomes a relatively simple place: securing data, not the perimeter, is the top priority.”

BeyondCorp equates to a complete overhaul of Google’s IT and security architecture. It focuses on user/device repudiation through authentication, user behavior and identity analytics, device reputation and intelligence statistics, all of which feeds into a completely new ‘Access Intelligence’ framework to protect company resources.

At the same time, the new approach removes any network controls or protections. The assumption is that the network is breachable, internally or externally, one way or another, so there is no point in trying to protect it. Rather that trusting the network to any extent, this zero-trust model puts all of its effort behind protecting applications, and the data they access.

In this model there is no room for BYOD: only company-issue devices are managed in the central asset register, and only these are given any kind of access to corporate applications and services via a centralised Mobile Device Management facility. For companies that follow the zero trust model they should also encrypt all of their sensitive data and communications.

At the same time as increasing security however, the BeyondCorp approach makes lives easier for Google employees, who can now work wherever they like without the need for tools such as VPNs. “We are removing the requirement for a privileged intranet and moving our corporate applications to the Internet,” explained an initial brief on the topic.

The deployment has not been straightforward: indeed, it has taken the company five years with many lessons learned along the way — not least how to deal with edge cases caused, for example, by hardware reconfigurations such as moving a hard drive from one computer to another.

Overall, the company has found itself better off. By moving to a zero-trust model it is not only better protected, but it also provides greater flexibility to deal with future attacks.

This move, from a company as large and as sensitive (from a vulnerability standpoint) as Google, could well be a game-changer in the industry, and we expect many other organizations to follow its lead. Quite clearly it should not be undertaken without a great deal of planning, but if Google is already experiencing the benefits, then other organizations can, too.

Leave a Reply

Your email address will not be published. Required fields are marked *