Saturday, March, 25, 2023 01:38:15
Google, the American multinational technology giant specializing in internet related services and products, has reportedly announced to launch another model to secure its cloud-native security architecture. BeyondProd, as the new security model is being called, is the subject of new white paper that elaborates how Google implements cloud-native security principles within its organization. Google created BeyondProd to secure its modern, cloud-native framework, which runs solely on software containers and is managed by Borg, the predecessor to the organization’s well-known Kubernetes, a tool for managing containerized applications. Cloud-native uses microservices, that are the components of modern applications hosted in software containers, to spill the workload into smaller and more manageable units. Google stated that using a firewall to protect corporate networks won’t be sufficient enough, so cloud-native technology framework requires a fundamentally new model to do things, rather than the older way. Maya Kaczorowski, product manager, and Brandon Baker, horizontal lead of cloud security, Google, reportedly stated that the network perimeter needs to be protected in an environment that is cloud-native, if a firewall cannot protect a corporate network fully then it cannot protect a production network as well. BeyondCorp is a zero-trust security model created by Google to shift access controls from the perimeter to individual devices and users, authorizing the employees to work securely from any location without the need for any VPN. With the new model BeyondProd, Google would implement similar zero-trust security principles and how it connects machines, services and workloads. The zero-trust principles are based on the notion that there’s no innate trust between services and there should always be segregation between workloads. The other principles that are applied include protection of the system at the edge, the need for chokepoints to ensure policy implementation across services, like ensuring authorized access and trusted machines running the code with a known source. Kaczorowski and Baker, further stated that BeyondProd uses concepts such as transport security, end-to-end code provenance, runtime sandboxing, denial of service protection, edge termination with load balancing and mutually authenticated service endpoints. BeyondProd, by using these principles ensures that microservices and containers could be deployed, run and communicated with each other in a safe way. Furthermore, it removes the load in implementing security from developers of applications. Kaczorowski and Baker, stated that applying these security principles in the new BeyondProd model the user can benefit from the company’s experience, to strengthen the deployment of their workloads, how communications are secured and how it can affect other workloads. Source credit: