SAN FRANCISCO — Google created the BeyondCorp program because it, like many other companies, found that as more and more employees needed to work remotely the traditional notion of network perimeter security became meaningless.
Rory Ward, site reliability engineering manager at Google, told an audience at RSA Conference 2017 that he and his team have been working on BeyondCorp at Google for six years in order to move Google’s network security infrastructure to a “zero trust model” where authentication is based on trusting devices and users rather than the network itself.
Heather Adkins, director of security at Google, said that historically enterprise has envisioned the corporate network as a castle or a “bonbon” in which the sweet goodies are on the inside and surrounded by a strong perimeter.
“We designed it this way because 20-30 years ago we would buy hardware and software and we would connect it to networks inside a physical perimeter, inside a building,” Adkins said. “There came a time where we needed to protect it from the internet so we bought networking equipment that provided us with layer-3 firewall, layer-2 firewall and web application firewalls. This created the castle-like perimeter.”
However, Adkins noted as workers became mobile and people lived “outside the castle” and Google services were moving to the cloud, what had been a strong perimeter became more like Swiss cheese and difficult to maintain. Enterprises adopted VPN to extend the reach of the…