On August 9, 2006, something interesting happened at a technology conference. During an interview, then Google CEO Eric Schmidt introduced the term “cloud computing” as a new model for data services (http://www.google.com/press/podium/ses2006.html). Since then, the use of cloud services and infrastructure has skyrocketed as enterprises embrace the cloud’s agility and scale. This trend, combined with a growing mobile workforce, has forced IT to change the way it thinks about security and has given way to a new term: “zero-trust.”
What exactly is zero-trust security?
In 2010, Forrester Research published a paper (PDF) that popularized the concept of zero-trust. In its paper, Forrester discussed how the zero-trust security model is built around the idea that enterprises should not inherently trust any user or network, and the belief that any attempt to access a business system or application must always be verified before any level of access is granted.
Google was among the first companies to embrace this new approach—initially as a way to connect Google employees to their internal applications—and spent six years creating zero-trust networks. The Google BeyondCorp service was born out of this development, and has led to the popularization of a new network security approach within enterprises called the software-defined perimeter (SDP). SDPs provide zero-trust access using cloud-based technology, not appliances, to deliver consistent and granular security for all users, applications, devices, and locations—without ever trusting users or placing them on an internal network.
But what about enterprises not named Google? How can they can adopt a similar security approach within their organizations?
In an April 2018 webcast, Ameet Jani, Product Manager Google BeyondCorp at Google Cloud, and Manoj Apte, Chief Strategy Officer at Zscaler, addressed this question in a discussion about zero-trust security that covered:
How cloud and mobility are driving enterprise transformation
The challenge of legacy network-centric methods
Why a user- and application-centric approach strengthens security
How to support access to internal apps from any device, anywhere
You can view the webcast on demand at: https://info.zscaler.com/adopting-a-zero-trust-model-google.html
As you look to embrace cloud and mobility at your enterprise, consider the zero-trust security model. Your application security will become stronger, your users will applaud the improved remote access experience, and the complexity of the traditional network-centric world will cease to exist. Not too shabby.
Good luck in your endeavors. Oh, and remember: trust no one.
Take a look at the Zscaler software-defined perimeter service: (https://www.zscaler.com/products/zscaler-private-access)