Implementing Zero Trust with Google:
Part 1


Zero Trust Networking Architecture (ZTNA) is a security model that has been catching on in recent years as the best way to protect your company. While it may sound like a complicated technical concept, ZTNA is actually very simple: it's just about being more secure. In this article, I'll explain what ZTNA is and why you should implement it into your organization's IT infrastructure.

What it is

So what is ZTNA? “Zero Trust” is an approach to security where you treat all networks, users and devices as hostile. It's a shift from traditional network architecture that assumes access points are trusted (usually because they're owned by the same company). In reality, most organizations have employees who use VPNs or other methods to access their corporate network remotely. Additionally, many companies host applications on third-party cloud platforms to reduce costs and speed up response time for new features.

To ensure your company doesn't lose its data in one of these scenarios, you need to adopt a Zero Trust approach: authenticating employees with multi-factor authentication; segmenting your network by function and application; isolating production environments from development environments; monitoring all traffic at each layer of your infrastructure stack so that threats can be detected before they reach sensitive data sources.

The Benefits

Challenges with ZTNA

There are some challenges with implementing ZTNA. The first is the lack of identity management and single sign-on solutions. This means that you need to come up with a new way to securely authenticate users, as well as manage their authentication credentials.

Another challenge is that you need a central authentication server, directory service and/or web proxy to handle user authentication requests across all of your applications and services.

Thankfully, if you’re using Google Cloud Identity for authentication and BeyondCorp Essentials you can avoid some of the challenges implementing ZTNA. There are some additional solutions from Google that help with the other challenges above.

Key Google Products

BeyondCorp is a Zero Trust implementation that changes the way Google secures access to internal resources. BeyondCorp has allowed us to implement a model where users are granted access based on their identity and location, with no need for additional user-generated passwords or other authentication factors. BeyondCorp Enterprise is an end-to-end solution that can be deployed on top of your existing infrastructure to secure Cloud and Legacy applications, while ChromeOS offers a Zero Trust experience built into the operating system. Endpoint Verification provides secure device management capabilities and Securing Google Cloud Platform helps protect your cloud environment from external threats. Finally, Workspace with BeyondCorp essentials allows context-aware access to any application in your SAML catalog. Additionally, Enterprise gives you the tools needed to protect sensitive data by implementing application allowlisting and DLP policies for email attachments, attachments downloaded from apps, files created with Docs/Sheets/Slides/Drawings, etc.


As you can see, the benefits of this approach are numerous. It’s a more secure way to run your organization and can help prevent data breaches. These solutions also provide the flexibility needed when working with different teams or partners who have their own security needs. If you’re looking for a way to ensure better protection against cyberattacks, implementing ZTNA might be right up your alley!

In our next article we'll dive deeper into how to setup the various components of Google's ZTNA solutions.