A zero-trust security model states that organizations should not trust anything inside or outside of their network perimeters and should instead verify anything and everything that tries to connect to applications and systems before granting them access. Simply put, no traffic inside a network is any more trustworthy by default than traffic coming from the outside and it’s up to an organization to determine under which conditions they decide to trust something – a user or a device – to grant it access.
Google’s BeyondCorp architecture employs a zero-trust model to move away from outdated, centralized perimeter security.
Verify the identity of all users with secure access solutions such as two-factor authentication (2FA) before granting access to corporate applications and resources.
Gain visibility into every device used to access corporate applications, whether or not the device is corporate managed, without device management agents.
Inspect all devices used to access corporate applications and resources at the time of access to determine their security posture and trustworthiness. Devices that do not meet the minimum security and trust requirements set by your organization are denied access to protected applications.
Protect every application by defining policies that limit access only to users and devices that meet your organization's risk tolerance levels. Define, with fine granularity, which users and which devices can access what applications under which circumstances.
Download part 1 of our white paper series, where we describe the need for enterprises to adopt a zero-trust security architecture that addresses new risks beyond the perimeter. In part 2, we walk you through how to implement a zero-trust security model at your organization with detailed steps, caveats and questions to ask.
Duo Beyond creates an invisible and open gate that authorized users with trusted devices never have to see, the gate only materializes and closes when the device trust standards are not met.
We were previously trying to do this through a combination of five other products. The fact that one product can provide this level of granular access control is really awesome.