The News: Google Cloud’s BeyondCorp Enterprise Zero Trust enhancements feature three new BeyondCorp Enterprise features designed to help its customers provide their users simple and secure access to key applications. The three new features include certificate-based access via VPC-SC, On-prem connector, and easy to configure custom access policies. Read the Google Cloud Blog here.
Google Cloud’s BeyondCorp Enterprise Zero Trust Enhancements Are Designed to Boost Customer Trust
Analyst Take: Google Cloud’s BeyondCorp Enterprise Zero Trust enhancements are three appealing new features aimed at using zero trust capabilities to improve overall security and deliver a more satisfactory user experience. In January, Google introduced its zero-trust product solution, BeyondCorp Enterprise, which augments and replaces BeyondCorp Remote Access.
For over a decade, Google has internally implemented BeyondCorp to protect its own applications, data, and users. In sum, when it comes to BeyondCorp-based security, Google drinks its own punch and eats its own chow. With BeyondCorp Enterprise, Google is using itself as a prime reference and offering its zero-trust security proposition to organizations with the goal of kick-starting their own zero-start journey and fulfilling the company’s objective of supporting security innovation without disrupting security operations.
Google Cloud’s BeyondCorp Enterprise Offering Enhancements the Result of Client-Focused Collaboration
Since BeyondCorp Enterprise’s launch, Google Cloud has collaborated with clients to find ways to improve and advance their overall zero trust journey. The collaboration produced three new features consisting of:
Certificate-based access via VPC-SC. Certificate-based access for GCP (Google Cloud Platform) APIs through VPC Service Controls (VPC-SC) is now GA (generally available). Using certificate-based access protects against credential theft or accidental exposure by only granting when credentials plus a verified device certificate are presented. Google Cloud is now offering native support for client certificates for eight types of VPC-SC resources: GCE, GKE, PubSub, Spanner, Cloud KMS, GCS, BigQuery, and Logging, with more to follow.
On-prem Connector. Google Cloud is giving customers the choice on how to connect to on-premises resources with its now generally available On-prem connector. Customers can secure HTTP or HTTPS based on-premises applications (outside of Google Cloud) with IAP (Identity Aware Proxy) by deploying a connector. When a request is made for an on-premises app, IAP authenticates and authorizes the user request and then routes the request to the connector.
Easy to configure custom access policies. Google Cloud announced the availability of even more zero trust access conditions in Access Context Manager, the zero-trust policy engine behind BeyondCorp Enterprise. The ability to leverage new attributes gives administrators more ways to build fine-grained access control policies to safeguard their applications and Google Cloud resources. The set of attributes are in public preview and include time and date restrictions, credential strength leveraging two-step verification, and Chrome browser zero-trust activation capabilities.
Google’s BeyondCorp Enterprise Enhancements Are Critical in the Face of Cloud Rival Activity
The BeyondCorp Enterprise enhancements are critical as Google Cloud needed to counter the recent zero-trust initiatives of key cloud rivals. For example, in June HPE launched Project Aurora built specifically to bring zero-trust to the HPE GreenLake edge to cloud platform. HPE is emphasizing that it has standardized its security portfolio by measuring, attesting, and verifying everything – from silicon to cloud.
HPE’s Project Aurora builds upon HPE’s Silicon Root of Trust approach, which is HPE’s hardware-validated boot process built to ensure a system can only be started using code from an immutable source. This approach involves an anchor for the boot process rooted in hardware that cannot be updated or modified. I see HPE gaining invaluable mind share across enterprises already familiar with HPE portfolio capabilities and giving extra consideration to Project Aurora in their assessment of zero-trust cloud solutions, due in good part to its immutable source assurances.
Microsoft is touting its collaboration with the National Institute of Standards and Technology (NIST), one of the agencies chartered with creating the cybersecurity standards and requirements outlined in Section 3 of Executive Order (EO) 14028 requiring federal agencies to adopt a zero-trust architectural approach. To help protect US national security, the White House on May 12, 2021, issued Presidential EO 14028 focused on Improving the nation’s cybersecurity, particularly in the wake of the 2020 Nobelium attack, 2021 Hafnium attack, and an expanding array of ransomware attacks on critical infrastructure.
Microsoft is working with NIST’s National Cybersecurity Center of Excellence (NCCoE) on the Implementing a Zero Trust Architecture Project to develop practical, interoperable approaches to designing and building Zero Trust architectures that align with the tenets and principles documented in NIST SP 800-207, Zero Trust Architecture. The NCCoE public-private partnership applies standards and best practices to develop modular, adaptable examples of cybersecurity solutions by using commercially available technology. I see Microsoft’s work with the NIST as boosting the zero-trust credibility of its Azure platform, putting pressure on Google Cloud and others to demonstrate their contributions and capabilities in working with the government to advance zero-trust capabilities.
AWS needs to refresh its lead zero-trust sales and marketing messaging from the 2020 re:Invent event and related supporting materials. From my perspective, Google Cloud, as well as HPE GreenLake and Azure are more up-to-date and demonstrating more urgency in driving the adoption of zero-trust capabilities by organizations in cloud environments.
Key Takeaways on Google Cloud’s New BeyondCorp Enterprise Zero Trust Features
Through the BeyondCorp Enterprise offering, I believe Google can make serious inroads across the enterprise realm delivering cloud-based zero-trust capabilities, especially across organizations prioritizing zero-trust policies to help combat increasingly sophisticated cyberattacks including ransomware.
I also see zero-trust as an integral driver to emerging SASE (Secure Access Service Edge) architectures as SASE integrates zero-trust (i.e., zero-trust network access), next-generation firewall, and other security services with network services like SD-WAN and bandwidth aggregation into a cloud-native platform. As such, organizations that use the SASE architecture gain the benefits of zero-trust as well as an array of network and security solutions that align with cloud advantages like massive scalability and administration flexibility.
Overall, I see Google Cloud advancing its zero-trust proposition with the new BeyondCorp Enterprise features, especially in relation to AWS. Now Google Cloud needs to show more separation from rivals like HPE GreenLake and Microsoft Azure in driving broader enterprise adoption of zero trust capabilities.
Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Other insights from Futurum Research:
Image Credit: VentureBeat
The original version of this article was first published on Futurum Research.
Ron is an experienced research expert and analyst, with over 20 years of experience in the digital and IT transformation markets. He is a recognized authority at tracking the evolution of and identifying the key disruptive trends within the service enablement ecosystem, including software and services, infrastructure, 5G/IoT, AI/analytics, security, cloud computing, revenue management, and regulatory issues.