Jump to content

What is zero trust identity security?

Recommended Posts

A zero trust network is one in which no person, device, or network enjoys inherent trust. All trust, which allows access to information, must be earned, and the first step of that is demonstrating valid identity. A system needs to know who you are, confidently, before it can determine what you should have access to. Add to that the understanding of what you can access–authorization–and you've got the core foundation of zero trust security.

At Google we rely on a zero trust system known as BeyondCorp, to move beyond the idea of a privileged corporate network.

In this issue of GCP Comics we discuss ways of acquiring trust, as our friend attempts to visit some distant relatives.
full comic

Why set up a zero trust model?

Here are a few compelling reasons for setting up a zero trust system:
Preserve the productivity of your employees working from home, from the office, from a coffee shop, or from anywhere else

  • Deploy quickly, faster than a traditional VPN system, for rapid onboarding
  • Spin up new device access quickly in case of unexpected latté-applied-to-laptop and similar incidents
  • Give each web application its own access control, for precise security and lower risk
  • Decide access based on identity, device health, location, time of day, or other factors

Google zero trust tools can protect your workloads on any public cloud, or on-premises, so you don't need to move your applications to improve their security

Benefits of zero trust

Lower friction 

Zero trust systems can be invisible to the employees at your company. They sign in, they use a strong second factor, and they are ready to go. 


The authentication and authorization aren't tied to your location. Previous methods of access control relied on trusted networks, giving privileged access to anyone inside the established corporate network. With a zero trust model it's easy to work from home and access all the same systems and tools.


Switching to a zero trust system has helped Google, and many other enterprises, reduce their exposure and minimize security incidents, proactively stopping phishing-based attacks and lateral movement after a compromise.


BeyondCorp Remote Access, our enterprise grade security offering for protecting workloads on Google Cloud, other clouds, or on-premisesBeyondCorp at Google, our own zero trust implementationPublished research papers on how Google created, deployed, and evolved the BeyondCorp model.Identity-Aware Proxy, The Google Cloud protective layer used to create context-based access to apps, VMs, and services.

Want more GCP Comics? Visit gcpcomics.com & follow us on Twitter at @pvergadia and @maxsaltonstall  for updates on the next issue!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...