Many people are familiar with Zero Trust, an IT security model that removes the concept of trust from a network so an organization can better protect its assets. Otherwise, an attacker can easily move around within the network and take whatever data they want without anyone knowing. Visibility: Once a user has access to an organization’s network or applications, the organization must continually view and inspect all traffic to identify any unauthorized activity or malicious content. However, access control alone is not enough to ensure effective security. It provides organizations with an automated, scalable way to verify a user’s identity, confirm they’re an authorized user, and apply rules and access policies. This engine sits in front of every network request and applies rules and access policies based on the context of each request – such as user identity, device information, and location – and the amount of sensitive data in an application. The two most important tenets of BeyondCorp are:Ĭontrolling access to the network and applications: In BeyondCorp, all decisions about whether to give a person or device access to a network are made through an access control engine. This prompted many organizations to completely rethink their approach to security and look for new ways to consistently enforce security policies across multiple, disparate environments, such on-premises data centers cloud services, such as Google Cloud Platform (GCP™), Amazon Web Services (AWS®) and Microsoft Azure® software-as-a-service applications, such as Box.com and Office 365® and others. However, attackers that circumvented perimeter protections were able to quickly advance on goals with lateral movement, encountering few protection protocols.īeyondCorp came to life by posing the question, “How would you design your security if nothing could be trusted?” In other words, how would you protect your applications if your internal network was just as untrusted as a public network?
The security model they used was based on the notion that everything bad was outside of the perimeter and everything inside it could be trusted. Years ago, organizations kept all their applications and data in on-site data centers. The goal is to enable users to securely work anytime, anywhere and on any device without having to use a virtual private network, or VPN, to access an organization’s resources. BeyondCorp ® is a cybersecurity architecture developed at Google that shifts access control from the traditional network perimeter to individual devices and users.
0 kommentar(er)
