Google BeyondCorp Zero Trust

Overview

Definition

BeyondCorp is Google's implementation of the zero trust model. It builds upon a decade of experience at Google, combined with ideas and best practices from the community. By shifting access controls from the network perimeter to individual users, BeyondCorp enables secure work from virtually any location without the need for a traditional VPN.

BeyondCorp began as an internal Google initiative to enable every employee to work from untrusted networks without the use of a VPN. Now, BeyondCorp is used by most Googlers every day to provide user- and device-based authentication and authorization for Google's core infrastructure and corporate resources.

Principles

BeyondCorp allows for single sign-on, access control policies, access proxy, and user- and device-based authentication and authorization. The BeyondCorp principles are:

• Access to services must not be determined by the network from which you connect 

• Access to services is granted based on contextual factors from the user and their device

• Access to services must be authenticated, authorized, and encrypted

Architecture

• Securely identify the device

  • Build a meta-inventory database of “managed device” identities using device certificates, which are issued upon a qualification process with periodic reviews.

• Securely identify the user

  • Generate short-lived authorization tokens using a centralized SSO portal with MFA, which validates identity against an user and group database.

• Remove trust from the network

  • RADIUS servers dynamically assign “managed devices” to an unprivileged net or “unmanaged devices” to a guest net via 802.1x auth, which checks for device certs.

• Externalize apps and workflows

  • An internet-facing reverse access proxy enforces encryption between the client and application for all web-based apps via CNAME (public DNS) records.

• Implement inventory-based access control

  • Per app access request, enforce service-level authorization by first interrogating multiple data sources to dynamically infer the level of device or user trustworthiness.

High level diagram

Top Resources

This series of whitepapers published by Google describes the BeyondCorp network security model in more detail:

• BeyondCorp: A New Approach to Enterprise Security
• BeyondCorp: Design to Deployment at Google
• Google's frontend infrastructure: The Access Proxy
• Migrating to BeyondCorp: Maintaining Productivity while Improving Security
• The Human Element: The User Experience
• Secure your Endpoints: Building a Healthy Fleet

Webinars from Google Cloud Security Talks 2021.