Alphabet Inc (NASDAQ:GOOGL)’s Google is rolling out a new approach to Cloud native security called BeyondProd. This is an extension of its earlier BeyondCorp Zero Trust, which Google introduced a few years ago. BeyondCorp Zero Trust system focuses on securing the devices and users moving the security away from firewalls and VPNs. However, if a hacker breaks into the systems penetrating the perimeter security, the entire system runs into trouble. The hacker could do whatever he wants, like destroying the data, injecting malicious code, and stealing sensitive information. To mitigate this risk posed by the adoption of perimeter security, Google has come up with a new security system for cloud-native called BeyondProd.
What is BeyondProd?
In the traditional perimeter secured systems, all the services or users are protected and trusted. This level of security is not sufficient for cloud systems. If a firewall fails to safeguard the corporate network, it can’t safeguard the production network. Google has unveiled a network security model called BeyondCorp in 2014, aiming for the users that access the corporate network. It has used the zero-trust principles in defining corporate network access. The company also applied the same principles to how the machines, services, and workloads are connected. It has resulted in a new product called BeyondProd.
The following security principles are developed and optimized in the BeyondProd:
No mutual trust between the services. Each service has its level of security. Edge level protection is ensured for the network. Trusted machines execute the code using the known provenance. It allows standardized, automated, and simple rollout. Only authorized access is allowed across and between the services. It provides isolation between the workloads.
Concepts of BeyondProd
The concepts applied in the BeyondProd are transport security, mutually verified service points, runtime sandboxing, end to end code provenance, and edge termination with load balancing on a global scale. All these controls ensure the running and communication of microservices and containers. The communication is secure and ensures the running of services next to each other without an additional burden of security on individual developers.
The companies transitioning to cloud native security requires the implementation of changes to the development process and infrastructure.