How Google reinvented security and eliminated the need for firewalls

bodium castle fortress
Everyman Films (CC BY 2.0)

SAN FRANCISCO -- In some ways, Google is like every other large enterprise. It had the typical defensive security posture based on the concept that the enterprise is your castle and security involves building moats and walls to protect the perimeter.

Over time, however, that perimeter developed holes as Google’s increasingly mobile workforce, scattered around the world, demanded access to the network. And employees complained about having to go through a sometimes slow, unreliable VPN. On top of that, Google, like everyone else, was moving to the cloud, which was also outside of the castle.

In other ways, Google is unlike any other company. Without much of a detailed business plan or cost/benefit analysis, Google execs gave the green light to an ambitious project aimed at totally reinventing the company’s security infrastructure.

The basic premise was simple: “Walls don’t work,” said Heather Adkins, Google’s director of security. Speaking at RSAC, Adkins said the goal was to de-emphasize firewalls and other perimeter defenses and to move to a “zero trust” model.


That means every device – whether it’s inside corporate headquarters or in a Starbucks somewhere -- starts out as untrusted. Under the new model, it’s all about users and devices. Access is granted based on what Google knows about the end user and their device. And all access to services must be authenticated, authorized and encrypted.

The ultimate goal of the multi-year project, dubbed BeyondCorp, was that every employee be able to work successfully from an untrusted network without the use of a VPN, she added. That meant single sign-on or other type of access proxy.

There were multiple steps to the project. First, they had to build a user inventory that detailed every employee’s job classification and what services that employee should have access to. The next step was to build a similar inventory for devices, including tracking each device from procurement to end of life.

Next, Google built its own access control engine capable of checking every network access from any employee and any device anywhere in the world. In order to create access control policies, Google needed to pull data from 20 different sources.

It took two to three years to build everything, according to Rory Ward, site reliability engineering manager at Google. And that wasn’t even the hard part.

Now, they had to migrate people off the old network and onto the new “zero trust” network without “breaking anybody,” said Ward. In other words, without denying anyone access to applications or services that they need to do their job.

+ MORE FROM THE SHOW: RSA: Elite cryptographers scoff at idea that law enforcement can ‘overcome’ encryption +

The migration itself took another two years, according to Ward. The team installed the new system in 200 Google buildings around the world, but didn’t turn it on right away. They used sniffers to capture all of the real traffic associated with the privileged network at that location and re-ran that traffic through the new, unprivileged system, which remained offline for the time being.

Little by little, Ward and his team gained confidence in the new system and began moving people over. Over time, Ward said, his team accumulated “a giant database of stuff that wouldn’t work on the new network.”

But they kept plugging away. “We kept doing it until it worked,” he said. “We managed to reinvent the world and not break anybody in the process.”

Adkins said the team learned several valuable lessons that could be helpful to other companies that might want to try this. In fact, Google has publicly posted information on BeyondCorp.

The key takeaways are that you need unwavering executive support, you need to have accurate data and the migration has to be painless. Also, there has to be clear user communication and the underlying systems need to be highly reliable.

The result, Adkins said, is that Google employees are happier and more productive. And the new system makes IT simpler, which helps cut costs.

This story, "How Google reinvented security and eliminated the need for firewalls" was originally published by Network World.

Copyright © 2017 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)