News

Zero Trust-Based 'BeyondCorp Enterprise' Updates Lead Google Cloud Security Push

• By David Ramel
• 10/18/2021

The Google Next '21 event introduced enhancements to BeyondCorp Enterprise, Google Cloud's security offering based on the Zero Trust approach.

It's so important to the company that Google/Alphabet CEO Sundar Pichai mentioned it less than 5 minutes into his opening keynote address kicking off the three-day event. "We are a pioneer of Zero Trust computing and have deep experience running this model at scale," he said.

Zero Trust is an increasingly popular security approach as organizations are besieged by sophisticated ransomware and other cybersecurity exploits. It has been adopted by major cloud players like Microsoft to fight ransomware and has been described as the future of network security.

Instead of the traditional security approach of walling off networks and systems behind a secure perimeter, Zero Trust assumes that such fortress security approaches will fail and that systems have already been penetrated, seeking to lessen the damage that can be caused. It's one of the latest security darlings in an industry that has seen the advent of hybrid work models, the proliferation of endpoints and bring-your-own devices, disparate and interconnected systems spanning clouds and enterprise datacenters, and just general complexity all around. "The main concept behind Zero Trust is that devices should not be trusted by default, even if they are connected to a managed corporate network such as the corporate LAN and even if they were previously verified," says Wikipedia.

Google Cloud CEO Thomas Kurian picked up on the theme after joining Pichai. "We've implemented Zero Trust at the core of our services and our operations, enabling you to trust nothing," Kurian said. "Today, we're expanding BeyondCorp to all your applications -- modern and legacy, web and desktop, and even to production environments. We keep customers safe by eliminating software supply chain vulnerabilities."

BeyondCorp Enterprise is described as a Zero Trust solution that enables secure access with integrated threat and data protection that can:

• Provide secure access to critical apps and services
• Safeguard information with integrated threat and data protection
• Simplify the experience for admins and end-users with an agentless approach
• Increase visibility into unsafe user activity
• Improve security posture with a modern Zero Trust platform

"Google is no stranger to Zero Trust -- we've been on this journey for over a decade with our own implementation of BeyondCorp, a technology suite we use internally to protect Google's applications, data, and users," security exec Sunil Potti said in a blog post early this year. "BeyondCorp Enterprise brings this modern, proven technology to organizations so they can get started on their own Zero Trust journey. Living and breathing Zero Trust for this long, we know that organizations need a solution that will not only improve their security posture, but also deliver a simple experience for users and administrators."

During last week's event, the company announced a few new components:

• A preview of a client connector that enables identity and context-aware access to client-server applications
• A preview of App Connector, which provides access to enterprise web applications outside of Google Cloud
• The new BeyondCorp Enterprise Policy Troubleshooter feature, to help admins diagnose access failure, triage events and unblock users, planned to reach general availability by year's end

Google also highlighted improved threat-detection capabilities enabled by machine learning.

"Three new threat and data protection features are now generally available," Google said in an Oct. 14 post. "First, real-time URL checks provide phishing and malicious site warnings based on a machine-learning URL reputation classification service. Additionally, customers can now customize their warning messages for upload and download analysis of malware and sensitive data. Thirdly, our dynamic malware sandboxing pipeline now leverages machine learning models to detect benign documents to avoid performing dynamic analysis on unnecessary files."

As Kurian said, Google also infused more Zero Trust functionality into the supply chain, including Cloud Build, for building, testing and deploying on the Google Cloud serverless CI/CD platform. Google said Cloud Build, a new Build Integrity feature, can automatically generate a verifiable build manifest, a signed certificate that describes sources used for a build, the hashes of artifacts used and other parameters.

Other security news coming out of Google Next '21 include:

• Google Cybersecurity Action Team (GCAT): This new security advisory team was announced to help governments, critical infrastructure, enterprises and small businesses with their security and digital transformations. A new Security and Resilience Framework builds on existing security solutions engineering efforts, delivering a roadmap for a comprehensive security management program that aligns with the National Institute of Standards and Technology's Cybersecurity Framework, the company said.
• Ubiquitous Data Encryption: This packages together existing products: Confidential Computing, External Key Management and Cloud Storage. The new package is meant to seamlessly encrypt data on its trip to the cloud using an external key management solution, to make sure it can only be decrypted and run in a confidential virtual machine (VM) environment, which Google said greatly limits potential exposure.
• Automatic DLP: This Cloud Data Loss Prevention offering is another preview product. "It's a game-changing capability that discovers and classifies sensitive data for all the BigQuery projects across your entire organization without you needing to do a single thing," Google said. "With rich insights for each table and column, you can better manage your data risk."
• Chronicle and Security Command Center integration: Also in preview, integration between Chronicle and Security Command Center (SCC) on Google Cloud Platform is designed to improve detection and response capabilities. Chronicle is a cloud service providing a specialized layer atop core Google infrastructure that helps organizations privately retain, analyze and search security and network telemetry. The new integration provides one place for centralized alerts and workflow investigations across the two platforms, enabling threat-specific pivots by beefing up SCC alerts with intelligence about associated threat actors and entities.

"Security is top of mind for businesses of all sizes, as well as the public sector," Pichai said as the keynote address wound up. "And despite the progress that has been made in cybersecurity, large scale breaches continue to make headlines. That's why, in August, Google announced we will invest $10 billion over the next five years to strengthen cybersecurity. That includes expanding zero trust programs, helping secure the software supply chain, and enhancing open source security."

That August announcement post indicated some of the money will be used to extend the Zero Trust security model and secure the software supply chain.