When a company gets this right, not only does it liberate employees from the tyranny of obnoxious access control measures, but it also makes administering that security more straightforward. "BeyondCorp isn't security that gets in the way, it's security that helps people do their jobs," he added. No company represents web scale more than Google, and they're a company that cares about speed and productivity. "Zero Trust is the model, and BeyondCorp is evidence that it works," said Querna. SEE: Insider secrets of a white hat hacker on security that actually works (TechRepublic)īefore BeyondCorp, these were impossible questions to answer, but now Google's insight offers a new architecture and fresh definition of identity to follow. How do you know the state of the user and their device at the time of the request to make a decision? Once that decision is made, how do you maintain a secure session between the device and the resource? "Anyone can write security policies that sound right, but adhering to them with the proper access controls is a challenge," Querna asserted. That may sound obvious at first glance, but it takes a fresh approach to system design to shift access controls away from the network like this. It's no longer about some desktop being plugged into the office network, it's about a policy that states I can access a specific application from a known device that is up-to-date, or that I can't access another application from an unknown device that hasn't been patched in years. Querna explains: Making smarter trust decisions means understanding the context surrounding a request.
![google.acquire beyondcorp google.acquire beyondcorp](https://www.cisco.com/c/en/us/products/security/zero-trust-network/_jcr_content/Grid/category_atl_7882/layout-category-atl/anchor_info_1a53/image.img.jpg)
Here, identity is redefined as a user on their device, and trust is only granted once a request has been fully authenticated and authorized. Where traditional perimeter-based security methods are focused on protecting the network, BeyondCorp treats every network as untrusted, shifting the access controls to the application layer. Google got a lot of things right with BeyondCorp, and it starts with rethinking security architecture from the ground up. We set out to build the capabilities of BeyondCorp for companies that aren't Google." A new hope "We started ScaleFT around the same time as the first BeyondCorp research paper was released, and it lined up almost exactly with our thinking. "As we were still putting out fires, we saw what Google was doing across the way and believed they had the right model," said Querna.
![google.acquire beyondcorp google.acquire beyondcorp](https://www.beyondcorp.com/img/icons/access.png)
Only Google had the foresight at the time to recognize that the perimeter was fundamentally broken.
![google.acquire beyondcorp google.acquire beyondcorp](https://nykdaily.com/wp-content/uploads/2020/07/Google-extends-work-from-home-order-till-mid-2021.jpg)
Indeed, every other company targeted by the Aurora attack-Yahoo, Symantec, Morgan Stanley, among others-went about defense in much the same way, failing to achieve a better security outcome. Sadly, the (all too common) approach of bolstering the perimeter by piling VPNs on firewalls never really works. It should, because odds are very good that your company operates much the same.
#GOOGLE.ACQUIRE BEYONDCORP PRO#
SEE: Information security incident reporting policy (Tech Pro Research) People were either too frustrated to work, or they did what they could to circumvent the security controls." "That didn't result in any better security outcome, and in fact, it made things even worse because the added security measures just made it harder for employees to do their jobs. "Our response to Aurora was very much reactive and fear driven-buy more firewalls, buy more VPNs," Querna said.