In light of the ongoing ascendancy of clouding computing, Google has released a new whitepaper addressing cloud-native security.
The whitepaper highlights a new approach to cloud security, emphasizing the unique needs of cloud-based systems. For example, in traditional computer security, tremendous emphasis is placed on perimeter security—keeping people out. As Google points out, however, that approach doesn’t work well with cloud-based systems.
“It had become clear to us that a perimeter-based security model wasn’t secure enough,” the whitepaper reads. “If an attacker were to breach the perimeter, they would have free movement within the network. While we realized we needed stronger security controls throughout our infrastructure, we also wanted to make it easy for Google developers to write and deploy secure applications without having to implement security features themselves.
“Moving from monolithic applications to distributed microservices deployed from containers using an orchestration system had tangible operational benefits: simpler management and scalability. This cloud-native architecture required a different security model with different tools to protect deployments aligned with the management and scalability benefits of microservices.”
This new approach is called BeyondProd. BeyondProd builds on the principles outlined in a previous approach called BeyondCorp, and emphasizes zero trust between services.
“In the same way that BeyondCorp helped us to evolve beyond a perimeter based security model, BeyondProd represents a similar leap forward in our approach to production security. The BeyondProd approach describes a cloud-native security architecture that assumes no trust between services, provides isolation between workloads, verifies that only centrally built applications are deployed, automates vulnerability management, and enforces strong access controls to critical data. The BeyondProd architecture led Google to innovate several new systems in order to meet these requirements.
“All too often, security is ‘called in’ last一when the decision to migrate to a new architecture has already been made. By involving your security team early and focusing on the benefits of the new security model like simpler patch management and tighter access controls, a cloud-native architecture can provide significant benefits to both application development and security teams. When applying the security principles outlined in this paper to your cloud-native infrastructure, you can strengthen the deployment of your workloads, how your workloads’ communications are secured, and how they affect other workloads.”
The full whitepaper is a must read for companies designing and deploying cloud-based systems and illustrates the unique approach cloud security demands.