Nearly two months ago, Google announced its decision to move all of its corporate applications to the cloud. In an initiative known as ‘BeyondCorp’ that regards internal firewall networks being just as unsecure as cloud-based networks, this transition is being hailed by analysts and experts as a bold move that is worthy of recognition and one from which many businesses can learn.
“A lot of companies can learn from Google’s aggressiveness, there’s not a company anywhere that won’t have to develop something like this”
— Jon Oltsik, Enterprise Strategy Group’s senior principal analyst
This move by Google will thus mark a beginning of a new era in the area of enterprise network security.
How it works
The BeyondCorp initiative seeks to replace reliance on a company’s internal network with a network model where users can access data and information anywhere; the device authentication measures and required user credentials are of course stringent. The new model seeks to put focus on the security of the device rather than the security of a particular location whereby the employee is given access to a network’s applications only after the device used to access the applications has been authenticated.
User authentication hinges on more than just secure passwords and usernames; instead, the user is tracked in a database linking to the HR processes. For example, if an employee leaves the company, access to applications will be automatically disabled.
“Virtually every company today uses firewalls to enforce perimeter security. However, this security model is problematic because, when that perimeter is breached, an attacker has relatively easy access to a company’s privileged intranet”
The network also ensures that the devices in question are updated or patched before use – a decreased trust level will be signaled otherwise. If the devices do not contain the necessary security protocols, then the applications will be denied access. Also, if the network identifies access from a new location, some applications will be disabled accordingly.
5 things every company should learn and get prepared
As highlighted by Jon Olstik in the aforementioned quote, every company will inevitably have to move applications to the cloud to benefit from lower costs and efficiencies and implement an entirely new kind of network security system. So what are the things every business could learn from Google? Here are 5.
1) Embracing the new security landscape
First off, companies need to accept the fact that they are operating in a radically new reality today. Data is no longer only accessed within the organization; rather, many employees obtain access applications from their devices outside the company firewall which limits its effectiveness. Google has understood this which is why its new initiative to boost security emphasizes device authentication rather than just user credentials.
“As companies adopt mobile and cloud technologies, the perimeter is becoming increasingly difficult to enforce. Google is taking a different approach to network security. We are removing the requirement for a privileged intranet and moving our corporate applications to the Internet.”
— Google report
2) Enabling workers to work remotely
Due to the way the nature of work today has evolved, employees need to be granted greater convenience in working from outside the wall of their work office. The BYOB policy as a determinant of enabling business growth should accommodate employees to access applications remotely without the need for VPNs or LANs.
The emerging trend of companies enabling their employees to use wearable technology as part of its BYOB policy extension will be of further relevance in this regard. If corporations realize the benefits of this, they will be more willing to depart from using existing company firewall systems.
3) Challenge IT rules about data security
Google’s move to transfer its applications to the cloud only materialized after realizing that change is possible and inevitable. IT rules about storing data in a specific space are becoming obsolete. Companies need to realize that the demon is both inside and outside the wall, and no matter how securely data is stored in the central server with cloud backup, there will always be a risk of data breach if devices are not authenticated properly.
4) Firewalls not fit for cloud network
The transition to cloud-based networks presents a mismatch with the previously adopted network security systems. As more and more companies adopt cloud, the gaping hole in security will remain until a new security network is implemented that fulfills its conditions and terms.
This is because companies require a more fluid stream of operations and activities and access of data from devices has become a new phenomenon. Apart from Google, companies such as Coca-Cola and Mazda Motor Corp are also experimenting with a new kind cloud based security network.
As witnessed last year with confidential data at Sony, among other big names, being breached, existing security protocols are insufficient in meeting a corporation’s security demands.
5) Devices constitute a major source for data security breaches
Gartner’s press release from last year details how nearly three quarters of all mobile security breaches will be due to application data leaks which firms may be heedless of. Mobile devices also reported to be the top leading cause of data breaches in the healthcare industry.
This only suggests that firms need to double their efforts into ensuring that devices are properly authenticated before any applications and services are granted access from the network. Google’s approach to validating mobile security before access is granted to the user demonstrates how well it has understood and countered the problem.
Along with adopting other methods to secure cloud data, companies need to move beyond giving authorization to key personnel and instead focus their efforts on tightening security for mobile devices.