How BeyondCorp Helps You Get to Zero Trust Security

Wursta is thrilled to be hosting an event with Google in Miami in July, “How BeyondCorp Helps you Get to Zero Trust Security.” An event that’s nearly as exciting occurred in June: the release of the new Verizon 2023 Data Breach Investigations Report (DBIR). Seriously. It’s highly informative and actually an entertaining read, with some impressive humor infused. In this blog, we’ll take a quick look at the report findings as well as how BeyondCorp can reduce your risk of suffering a breach for the DBIR team to analyze for the 2024 report.

Zero Trust: What & Why

With a zero trust approach, you literally trust no one and nothing. Organizations can no longer rely on a perimeter which confirms the identity of each user, and then fully trust those inside the perimeter. Attackers use a wide variety of approaches; thus security must affirm access rights in a variety of ways.

The Verizon 2023 DBIR again quantified the threat landscape.

• 83% of breaches involved External actors
  • Internal Actors account for 19% of breaches, which includes intentional harm as well as Error actions. In the remaining breaches, Actors consist of partners or multiple.
• 74% of all breaches include the human element
  • People were involved either via Error, Privilege Misuse, Use of stolen credentials or Social Engineering.
• 49% of breaches involved credentials
• 24% of breaches involved Ransomware
  • At 24%, Ransomware continues to be one of the top Action types present in breaches. Ransomware is ubiquitous among organizations of all sizes and in all industries.

Zero Trust: From Buzzword to Boon

According to Gartner, “The term ‘zero trust’ is widely abused in security product marketing.” Google’s technology certainly far exceeds mere empty marketing platitudes.

Google had started developing their BeyondCorp approach to security in 2010, after Chinese cyber-spies successfully infiltrated it and other Silicon Valley tech giants’ networks and stole intellectual property. As written in The Register, “The security breach spurred Google to shift access controls from the network perimeter to individual users and devices – what has since become the zero-trust buzzword.”

Google describes BeyondCorp as, “Google’s implementation of the zero trust model. It builds upon a decade of experience at Google, combined with ideas and best practices from the community.” BeyondCorp shifts access controls from the network perimeter to individual users. It enables secure work from virtually any location without the need for a traditional VPN. Specifically, BeyondCorp allows for

• Single sign-on
• Access control policies
• Access proxy
• User- and device-based authentication and authorization

Essentially, this approach assumes you’re in wild jungles surrounded by threats and no security. Considering the steep upward slope of breaches analyzed each year by the DBIR, “wild jungles” is a fair description of the modern threat landscape.

BeyondCorp Adds Contextual Analysis

At the Google Cloud Security Summit on May 17, 2022, Google announced the launch of BeyondCorp Enterprise Essentials, which offers enterprises context-aware access controls. It helps companies create multiple checks and assessments throughout interactions with Google cloud services to ensure systems and users’ data all remain secure. Beyond Corp is helping make policies more granular, expanding a company’s options.

Support to Stay Ahead of Persistent Threats

As the DBIR authors state, “the only certain thing about information security is that nothing is certain.” There’s no one service or solution that will ever make any organization hack-proof. Wursta offers a variety of services, such as Virtual CISO and Security & Cloud Risk Assessment to help you take the steps needed to stay ahead of persistent threats. As a Premier Google partner, Wursta has the broad expertise to resolve just about any Google Workspace and Google Cloud issue. Additionally, our team members have a variety of expertise and certifications, including CMMC and certified ethical hackers.