Feb 09, 2021
Tanium Provides Endpoint Visibility and Intelligence for Google’s BeyondCorp Enterprise
Tanium brings the perspective of the endpoint to Zero Trust, and the endpoint is the new perimeterBy Brian McKee, Director of Product Management, Tanium
Once upon a time, network security was about letting the good guys in and keeping the bad guys out. But we’re living in a different world now.
Cyberattacks are sophisticated and targeted. Bad actors aren’t just rogue hackers looking to cause trouble and grab some headlines. Attacks are often nation-state or professionally driven — going after data they can sell or use to cripple organizations and governments. Add a global pandemic that’s forced hundreds of millions of people around the world to work remotely, and virtually overnight, the idea of a secure network perimeter became the Edsel of IT — a failure of epic proportions.
Enter the concept of Zero Trust.
In this blog, I’ll explain what Zero Trust means in today’s world of cybersecurity, provide a little history on the origin of Zero Trust and describe how Tanium is part of a Zero Trust solution through its partnership with Google BeyondCorp.
Don’t trust anyone
That is the essence of Zero Trust. Enterprises must recognize that the environment they operate in is hostile. Zero Trust security assumes no device or user can be trusted without verification. Organizations should not automatically trust anything inside or outside its perimeters.
The idea of a perimeter — the castle-and-moat approach — should be abandoned. The Zero Trust framework was created in 2010 by John Kindervag, who at the time was a principal analyst at Forrester Research Inc. But that’s not where Zero Trust really began.
The breach heard round the world
In 2010, highly sophisticated hackers originating from China targeted Google’s corporate infrastructure and, using layers of encryption and multiple malware programs, managed to steal intellectual property.
Google’s response was to completely redesign its network structure. The company wrote a paper called BeyondCorp, about a futuristic company that jettisoned traditional security concepts and re-architected its network in the image of what we know today as Zero Trust. This is where Forrester got the idea, coined the term and created a market for Zero Trust solutions.
As more and more organizations moved traditional on-premises workloads to the cloud, they looked to Google for help with security. They kept asking about BeyondCorp. So, as Google formed the Google Cloud Platform (GCP) business unit and continued to add products and features to the platform, it made BeyondCorp a product. BeyondCorp is not a single technology, a silver bullet that solves all security problems, but it’s opened the door for companies to begin the journey to Zero Trust.
The endpoint is the new perimeter
You’ll hear analysts say identity is the new perimeter. And that’s great until you ask the question — and COVID dramatically highlighted this — what if a user is accessing the corporate network from a personal computer at home that hasn’t been patched in four years? What if that endpoint has been compromised? It now has access to a company’s product development data, possibly its code repository, and its customers’ credit card information. The user was validated, but what about the device and the software on it?
This realization triggered Google’s interest in the Tanium Platform. Its customers constantly ask for more intelligence at the endpoint.
While Google can look at the user, it can’t deeply interrogate the endpoint. So our partnership with Google and BeyondCorp gives them this intelligence. They have more data available at the endpoint at the time of user authentication to truly enforce the concept of Zero Trust.
“Tanium is a really good endpoint sensor, which is built not just for security, but for operations as well,” says Anton Chuvakin, head of solutions strategy, Google Cloud Security. “Tanium offers a good way to collect trusted telemetry from the endpoint and channel it into authentication and monitoring decisions. Tanium is an endpoint source of truth, which Zero Trust relies on.”
In other words, Tanium brings the perspective of the endpoint to Zero Trust. Identity isn’t the new perimeter; the endpoint is the new perimeter.
Lots of Zero Trust network access (ZTNA) providers can help address the identity problem. But these vendors authenticate only the users and then send them onto the resource they requested.
Since there’s not a traditional front door into the enterprise anymore, they simplify accessing resources without compromising security, which is important for productivity.
That’s been security’s big trade-off for the past two decades. If you don’t have enough security, you’re compromised. It’s the same problem, just fast-forwarded to a new architecture.
Tanium and the BeyondCorp partnership
Last year, Google assembled a group of partners that share its Zero Trust vision to create the BeyondCorp Alliance. In April 2020, Google announced BeyondCorp Remote Access: its first commercial product based on the Zero Trust approach.
The company introduced a second BeyondCorp Zero Trust product on January 27, 2021, with additional enterprise capabilities and an expanded partner ecosystem that includes Tanium.
These partners allow BeyondCorp customers to leverage existing controls to make Zero Trust adoption easier while adding key functionality and intelligence, such as contextual access to the highest-value data, supporting better security decision-making.
For example, a Zero Trust best practice would be having much more robust access controls for an endpoint that regularly accesses business-critical information than for one that is routinely accessing company email.
In fact, for the highest-priority data, an endpoint might be restricted to that data alone. This is just an updated approach to tiered access controls, which have been an accepted security practice since the early 1990s.
Like any large IT initiative, you need to move toward a Zero Trust methodology gradually, prioritizing the applications you address first. No one wakes up and says, “We’re going to implement Zero Trust today.”
Companies that have been around for decades have thousands of servers running internal applications in their data centers. Entirely re-architecting this via a Zero Trust model is an enormous undertaking.
Don’t do the hardest thing first. With BeyondCorp, organizations can avoid this by starting small and moving to bigger projects as their understanding of Zero Trust matures.
Check out this short webcast where I share more information on the topic of Zero Trust in a cloud-first world.
For additional information about Tanium, Zero Trust and Google BeyondCorp, be sure to check out the Google Q&A on Endpoint, “It’s Time to Ditch the VPN for Zero Trust.”