Implementing Zero Trust with Google:
What it is
So what is ZTNA? “Zero Trust” is an approach to security where you treat all networks, users and devices as hostile. It's a shift from traditional network architecture that assumes access points are trusted (usually because they're owned by the same company). In reality, most organizations have employees who use VPNs or other methods to access their corporate network remotely. Additionally, many companies host applications on third-party cloud platforms to reduce costs and speed up response time for new features.
To ensure your company doesn't lose its data in one of these scenarios, you need to adopt a Zero Trust approach: authenticating employees with multi-factor authentication; segmenting your network by function and application; isolating production environments from development environments; monitoring all traffic at each layer of your infrastructure stack so that threats can be detected before they reach sensitive data sources.
Security: Zero trust security is a risk-based approach to access control. Instead of basing it on the user’s identity, this strategy looks at the risk associated with each action you take or resource you want to access.
User experience: The goal of zero trust is to give users what they need, when they need it and only what they need. This means there are no more passwords or PINs -- users authenticate themselves by using their mobile device or other personal devices (like a keycard). They get easy access to all necessary apps and content -- even if they aren't in their native language.
Cost savings: By adopting a zero-trust model for identity management and access control, you can reduce costs for hardware, software licenses, maintenance contracts, provisioning systems and training employees on multiple security toolsets that have differing functionalities
Challenges with ZTNA
There are some challenges with implementing ZTNA. The first is the lack of identity management and single sign-on solutions. This means that you need to come up with a new way to securely authenticate users, as well as manage their authentication credentials.
Another challenge is that you need a central authentication server, directory service and/or web proxy to handle user authentication requests across all of your applications and services.
Thankfully, if you’re using Google Cloud Identity for authentication and BeyondCorp Essentials you can avoid some of the challenges implementing ZTNA. There are some additional solutions from Google that help with the other challenges above.
Key Google Products
BeyondCorp is a Zero Trust implementation that changes the way Google secures access to internal resources. BeyondCorp has allowed us to implement a model where users are granted access based on their identity and location, with no need for additional user-generated passwords or other authentication factors. BeyondCorp Enterprise is an end-to-end solution that can be deployed on top of your existing infrastructure to secure Cloud and Legacy applications, while ChromeOS offers a Zero Trust experience built into the operating system. Endpoint Verification provides secure device management capabilities and Securing Google Cloud Platform helps protect your cloud environment from external threats. Finally, Workspace with BeyondCorp essentials allows context-aware access to any application in your SAML catalog. Additionally, Enterprise gives you the tools needed to protect sensitive data by implementing application allowlisting and DLP policies for email attachments, attachments downloaded from apps, files created with Docs/Sheets/Slides/Drawings, etc.
As you can see, the benefits of this approach are numerous. It’s a more secure way to run your organization and can help prevent data breaches. These solutions also provide the flexibility needed when working with different teams or partners who have their own security needs. If you’re looking for a way to ensure better protection against cyberattacks, implementing ZTNA might be right up your alley!
In our next article we'll dive deeper into how to setup the various components of Google's ZTNA solutions.