Each work device has a certificate issued by Google. For identity management, the company uses security keys, which are much harder to forge than passwords and are tied to the individual users themselves. “The access is granted based on context: Who are you? Have you authenticated in a strong way? What are you using? What do I know about your device?” Saltonstall summarized. Lower levels of access require less stringent checks on the device itself. Employees get the appropriate level of access regardless of what device they are using or where in the world they are logging in from. A Device Inventory Service collects a variety of live information about each device from multiple system management sources, such as Active Directory or Puppet.Īuthentication is then based on a set of “Trust Tiers” represent levels of increasing sensitivity. Google’s approach involves comprehensive inventory management, one that keeps track of who owns which machine in the network. “Rather than have a VPN around all this infrastructure, we decided to get rid of the walls entirely.” This is followed by a lot of testing.įor cloud apps,Google ditched VPNs for zero-trust identity-aware proxy #OreillySecurity /XeoAbKzv7sĪt Google, “we embraced the fact that walls don’t work,” Mueller said. And it is no walk in the park for admins either. To set up a new user, the admin would typically have to configure the cloud network, along with setting up the IPSec rules and firewall rules, the VPN. Plus, a VPN was cumbersome to use, and slowed performance, especially for overseas workers. Phishing, man-in-the-middle, SQL Injection attacks all find fertile ground on VPNs. It is probably already owned,” added Max Saltonstall, a Google program manager for corporate engineering, who also participated in the presentation. The problem with the “castle” approach is that once the perimeter is breached, the entire internal network, and all the associated applications, are at risk. It is the opposite of the traditional approach of security, which Mueller described as “the castle” approach, in which a strong firewall is used to set off an internal network that can only be accessed by way of a virtual private network (VPN). This model can be fall under a number of rubrics in the security community, including “zero-trust” or “perimeter-less” security. The company feels this approach, which it has dubbed BeyondCorp, is the “new cloud model,” for doing cloud security, asserted Neal Mueller, head of infrastructure product marketing at Google, who gave a presentation on this approach at the O’Reilly Security conference, held recently in New York. Today, none of Google’s employee-facing applications are on a virtual private network.