Google Cloud unveils new identity tools based on Zero Trust framework

Google Cloud announced some new identity tools today at Google Cloud Next designed to simplify identity Access Management within the context of the BeyondCorp Zero Trust security model.

Zero Trust, as the name implies, means you have to assume you can’t trust anyone using your network. In the days before the cloud, you could set up a firewall and with some reasonable degree of certainty assume people inside had permission to be there. The cloud changed that, and Zero Trust was born to help provide a more modern security posture that took that into account.

The company wants to make it easier for developers to build identity into applications without a lot of heavy lifting. It sees identity as more than a way to access applications, but as an integral part of the security layer, especially in the context of the BeyondCorp approach. If you know who the person is, and can understand the context of how they are interacting with you, that can give strong clues as to whether the person is who they actually say they are.

This is about more than protecting your applications, it’s about making sure that your entire system from your virtual machine to your APIs are all similarly protected. “Over the past few months, we added context-aware access capabilities in Beta to C​loud Identity-Aware Proxy ​(IAP) and V​PC Service Controls ​to help protect web apps, VMs and Google Cloud Platform (GCP) APIs. Today, we are making these capabilities generally available in Cloud IAP, as well as extending them in Beta to C​loud Identity​ to help you protect access to G Suite apps,” the company wrote in an introductory blog post.

Diagram: Google

This context-aware access layer protects all of these areas across the cloud. “Context-aware access allows you to define and enforce granular access to apps and infrastructure based on a user’s identity and the context of their request. This can help increase your organization’s security posture while giving users an easy way to more securely access apps or infrastructure resources, from virtually any device, anywhere,” the company wrote.

The G Suite protection is in beta, but the rest is generally available starting today.