« Previous 1 2 3 4
Zero Trust as a security strategy
Beyond the Patch
Zero Trust – No Alternatives
Anyone who has ever struggled as I have with the sometimes unusable infrastructure services of German corporate IT will sooner or later come to the conclusion that BeyondCorp is an absolute must-have. Many companies shy away from this realization because it requires a huge rebuild of their own infrastructure. For this reason, it is not possible to share tips or advice here with regard to individual components.
Anyone who gets around to implementing a zero trust concept for their own company usually starts on a green field and redesigns their IT application landscape, leading to unease and costly outlays. Google itself, however, proves with statistics from its own business that BeyondCorp does pay off in the long run. Higher employee effectiveness, a less complex infrastructure to maintain, and fewer sprawling processes in the company are just a few of the benefits that ultimately show up in the bottom line.
Of course, Google wouldn't be Google if the company hadn't long ago bundled BeyondCorp into a boxed product that is available for a price. The provider even offers migration consultancy to interested customers. Google has long since ceased to be the only player on the market. If you do not want to commit to Google's services, and they do play a major role in BeyondCorp, you will find similar approaches and complete packages on offer from other providers. Additionally, a market of consulting companies now exist that can implement similar concepts with on-premises components in the customer's data center.
Conclusions
Endpoint security can only work if the device that the user relies on is part of a tight network of security functions. From today's perspective, it is grossly negligent simply to assume no danger from a client on the VPN. Anyone who has had to deal with procedures of this type from an admin point of view will be aware that it can make daily operations extremely tiresome.
Truly, most companies in Europe are still fighting against the realization that the principle of the secure network has had its day. However, this strategy is not sustainable. The principle of "better late than never" applies here. If you decide to implement a comparable strategy today, you have the option, or at least a perspective, of getting away from the IT of the past. However, if you continue to resist, you can expect to be faced with an increasingly difficult-to-maintain and convoluted infrastructure.
Infos
- BeyondCorp: https://cloud.google.com/beyondcorp
The Author
Freelance journalist Martin Gerhard Loschwitz focuses primarily on topics such as OpenStack, Kubernetes, and Ceph.
« Previous 1 2 3 4
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Arm yourself against cloud attacks
We present approaches and solutions for protecting yourself against attacks in the cloud. - Symantec Code Exposed
-
Five Kubernetes alternatives
Many admins consider Kubernetes the obvious choice for managing containers; however, don't ignore the highly efficient alternatives just because they are less prominent. -
Vagrant, Serf, Packer, and Consul create and manage development environments
Four open source tools – Vagrant, Serf, Packer, and Consul – facilitate a developer's work by each handling one specific task elegantly. -
Security features in Windows Server 2022
The release of Windows Server 2022 adds some new security features to its server operating system that might not be earth-shattering; however, you will find Secured-core, DNS over HTTPs, TLS 1.3, and Azure Stack HCI genuinely useful in your constant fight to harden server operations.