Zero Trust as a security strategy

Beyond the Patch

Zero Trust – No Alternatives

Anyone who has ever struggled as I have with the sometimes unusable infrastructure services of German corporate IT will sooner or later come to the conclusion that BeyondCorp is an absolute must-have. Many companies shy away from this realization because it requires a huge rebuild of their own infrastructure. For this reason, it is not possible to share tips or advice here with regard to individual components.

Anyone who gets around to implementing a zero trust concept for their own company usually starts on a green field and redesigns their IT application landscape, leading to unease and costly outlays. Google itself, however, proves with statistics from its own business that BeyondCorp does pay off in the long run. Higher employee effectiveness, a less complex infrastructure to maintain, and fewer sprawling processes in the company are just a few of the benefits that ultimately show up in the bottom line.

Of course, Google wouldn't be Google if the company hadn't long ago bundled BeyondCorp into a boxed product that is available for a price. The provider even offers migration consultancy to interested customers. Google has long since ceased to be the only player on the market. If you do not want to commit to Google's services, and they do play a major role in BeyondCorp, you will find similar approaches and complete packages on offer from other providers. Additionally, a market of consulting companies now exist that can implement similar concepts with on-premises components in the customer's data center.

Conclusions

Endpoint security can only work if the device that the user relies on is part of a tight network of security functions. From today's perspective, it is grossly negligent simply to assume no danger from a client on the VPN. Anyone who has had to deal with procedures of this type from an admin point of view will be aware that it can make daily operations extremely tiresome.

Truly, most companies in Europe are still fighting against the realization that the principle of the secure network has had its day. However, this strategy is not sustainable. The principle of "better late than never" applies here. If you decide to implement a comparable strategy today, you have the option, or at least a perspective, of getting away from the IT of the past. However, if you continue to resist, you can expect to be faced with an increasingly difficult-to-maintain and convoluted infrastructure.

The Author

Freelance journalist Martin Gerhard Loschwitz focuses primarily on topics such as OpenStack, Kubernetes, and Ceph.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus