Zero trust is a security model and framework originally described by John Kindervag in 2010. Around that time, as a result of the Operation Aurora breach, Google also began developing BeyondCorp which shared similar ideas.
Zero trust improves on perimeter security's shortcomings, namely:
- Insider threat is not properly addressed; 28% of breaches are by internal actors.
- Impenetrable fortress in theory; multiple entry points (like VPNs), lots of firewall rules in practice.
- The perimeter's scope has expanded. Enterprises today support heterogeneous mix of cloud, on-premise, cloud, and multi-cloud environments.
- Do not trust the network. Network location does not impart trust.
- There are always internal and external threats. Act like you are already breached, because your probably are.
- Every device, user, and application communication should be authenticated, authorized, and encrypted.
- Policy should be dynamic, and built from multiple sources.
- Zero Trust Networks by Gilman and Barth
- Forrester Build Security Into Your Network’s DNA: The Zero Trust Network Architecture
- Google BeyondCorp 1 An overview: “A New Approach to Enterprise Security”
- Google BeyondCorp 2 How Google did it: “Design to Deployment at Google”
- Google BeyondCorp 3 Google’s front-end infrastructure: “The Access Proxy”
- Google BeyondCorp 4 Migrating to BeyondCorp: Maintaining Productivity While Improving Security
- Google BeyondCorp 5 The human element: “The User Experience”
- Google BeyondCorp 6 Secure your endpoints: "Building a Healthy Fleet"
- Google Securing your business and securing your fleet the BeyondCorp way
- Google Preparing for a BeyondCorp world: Understanding your device inventory
- Google How BeyondCorp can help businesses be more productive
- Google How to use BeyondCorp to ditch your VPN, improve security and go to the cloud
- Cloudflare Introducing Cloudflare Access: Like BeyondCorp, But You Don’t Have To Be A Google Employee To Use It
- Duo BeyondCorp For The Rest Of Us
- Microsoft Building Zero Trust networks with Microsoft 365
- Wall Street Journal Google Moves Its Corporate Applications to the Internet
- USENIX Enigma 2016 - NSA TAO Chief on Disrupting Nation State Hackers
- What, Why, and How of Zero Trust Networking by Armon Dadgar, Hashicorp
- O'Reilly Security 2017 NYC Beyondcorp: Beyond Fortress Security by Neal Muller, Google
- Be Ready for BeyondCorp: enterprise identity, perimeters and your application by Jason Kent