Zero-trust defence can help India shield world from cyberattacks: Google VP

With cyberattacks rising due to coronavirus and firms becoming vulnerable as employees WFH, Google is betting big on its zero-trust platform BeyondCorp Enterprise for Indian businesses

At a time when cyberattacks are rising due to the Covid-19 pandemic and organisations are becoming increasingly vulnerable as employees work from home, technology giant Google is betting big on its zero-trust turnkey security offering Beyond­Corp Enterprise for businesses in India.

BeyondCorp is modelled after how Google keeps its network safe without relying on virtual private network (VPN). The platform allows employees and extended workforce to access applications in the Cloud or on-premises and work from anywhere without a traditional remote-access VPN.

“Our approach to creating a safer normal is predicated on the fact that cyberattacks are going to accelerate. People cannot do this patchwork of security solutions that they’ve had for the past two decades. A zero-trust operating system like BeyondCorp allows you to make your safety posture better,” said Sunil Potti, vice-president and general manager of Google Cloud Security.

Google competes with global rivals, such as Amazon Web Services, Microsoft, and Alibaba, to dominate Cloud computing services. In India, Google is eyeing areas such as banking, financial services and insurance, manufacturing, health care, public sector, media and entertainment, telecommunications, and retail.

“This (BeyondCorp) has changed the game, in terms of how India can serve the world, in addition to India protecting itself,” said Potti. He said the distributed global workforce construct was limited by speed and security. One had to move applications closer (to the market) like having a Cloud region. But one couldn’t solve security in a foundational way, which made the global workforce less productive. For instance, a call centre provider will have access to one or two applications (apps) and for using other apps, it will require workflow changes.

“In a world of zero-trust, productivity gains are 10-100x. It’s a question of policy change,” said Potti. BeyondCorp enables organisations to have a flexible workforce that can be located anywhere. “I think zero-trust operating systems will actually unleash a new era of global productivity and countries like India have a good chance to benefit from it.”

To move the core aspects of various industries, including financial services and insurance to a particular market, there were concerns related to intellectual property and trade secrets. Many industries with sensitive data had to be centralised at the expense of productivity. With the new approach of zero-trust security, Potti said India can become a productivity hub and Google will play a key role to enable that with its BeyondCorp platform.

Zero-trust is founded on the concept that no device or user, whether outside or inside a network, can be trusted. It’s a preventative method useful for controlling access to data, networks, and applications.

Google started developing BeyondCorp in 2010. Before that, it had fallen victim to Operation Aurora in 2009, along with other companies. Operation Aurora was a series of cyberattacks from China that targeted US private sector companies.

Many years later, when Covid-19 struck, 100,000-plus Google employees working in different offices globally were able to move quickly and safely to a work-from-home model. But there was no change in performance and functionality.

“We actually improved our productivity. We didn’t have to run between meetings,” said Potti, adding, “At Google, whether we are at work, home or Starbucks, it is all the same from a BeyondCorp perspective.”

BeyondCorp’s scalable architecture includes non-disruptive, agentless support delivered through the Chrome browser, which supports more than 2 billion users worldwide, according to Rick Caccia, chief marketing officer, Google Cloud Security.

Google’s global network with 144 network-edge locations, available in more than 200 countries and territories, ensures users can work reliably from anywhere.

Caccia said the entire surface area is protected by scalable distributed denial-of-service (DDoS) protection service. “We recently published a blog that showed our network was able to withstand the largest DDoS attacks recorded (2.5 TB/sec) in recent times, without any impact on users or slowdown in performance,” said Caccia.

Also, the SolarWinds breach, recently uncovered in the US, has become one the biggest cyberattacks against the government, its agencies, and private firms. The attack is believed to be ‘Russian in origin’. It has been called a ‘supply-chain’ attack, as hackers target a third-party vendor supplying software to the government or companies, instead of directly attacking them. In this case, the target was the software called ‘Orion’ supplied by US-based company SolarWinds.

Caccia said BeyonCorp has built-in, verifiable platform security, which has been become more important with recent software supply-chain attacks. “We allow customers to have verified security ranging from chips to apps.”

By 2023, Gartner predicts that 60 per cent of enterprises will phase out most of their VPNs in favour of zero-trust network access.