This is why we implemented a successful Zero Trust access approach over a decade ago with our BeyondCorp framework, shared our use case with the world, and delivered BeyondCorp Enterprise, a productized version which includes integrated threat and data protection so that any organization can implement similar capabilities for their own applications.
We needed additional layers of defense against unauthorized access that would not impede user productivity. Early on in our security journey, we understood that despite our best efforts, user credentials would periodically fall into the hands of malicious actors. Google has applied a zero trust approach to most aspects of our operations. While end-user access is a domain to which this model can be applied to gain significant security improvements, it can just as readily be applied to domains such as the end-to-end process of running production systems and protecting workloads on cloud-native infrastructure. Instead, trust needs to be established via multiple mechanisms and continuously verified. At the core of a Zero Trust approach is the idea that implicit trust in any single component of a complex, interconnected system can create significant security risks.
Some attempts to explain or simplify zero trust assert that “zero trust means trust nothing” or “zero trust is about delivering secure access without a VPN.” This conventional wisdom is mostly incorrect and limiting. One of the most used buzzwords in cybersecurity today is undoubtedly “Zero Trust.” It’s been used to describe a wide range of approaches and products, leading to a fair bit of confusion about the term itself and to what it actually means.
0 kommentar(er)
