Finally, SDP must be included into a disaster recovery planning. Furthermore, any changes with network security must be communicated and accommodated in the SDP architecture. To realize Google’s goals, the network architecture was redesigned. To ensure these key elements are in place, every request is fully authenticated, authorized and encrypted no matter where it is made from. Google readily admits that SDP depends on real-time and continuous data collection/analysis, so sparse data, out-of-date data or issues associated with data integrity can impact overall SDP effectiveness. Google’s BeyondCorp was built on the basis of these core components. Since large organizations are quite interested in the SDP model, it is worthwhile to read the Google BeyondCorp paper, as it describes several of Google’s challenges and lessons learned.
40% of enterprise organizations want to use VLANs and other forms of network segmentation technologies to limit endpoint access and decrease the network attack surface. 43% of enterprise organizations want to deny access to any endpoint device that is suspected to contain malware and/or does not conform to a configuration requirement. 43% of enterprise organizations want to maintain continuous monitoring of all devices connected to the network in order to detect or block suspicious behavior. 49% of enterprise organizations want to require user and device authentication for network access controls. According to ESG research (note: I am an ESG employee): In fact, enterprise organizations are quite interested in doing a similar type of SDP deployment. Google has certainly thrown some of its best and brightest at BeyondCorp, but this is not an exclusive esoteric project that is applicable only to the Googles of the world. This paper performs a typical survey of the composition and key technologies of zero trust, and combines the application of this technology in some scenarios to introduce the advantages of zero trust, such as big data function, cloud network and IoT. It also correlates this connection data with new information about threats and vulnerabilities so it can make network access decisions based on changing risks. In this way, SDP can enforce the principle of least privilege, which can be used to limit access to sensitive applications and data.įinally, SDP is based upon continuous monitoring of what’s on the network and what each device is doing on the network. In other words, who gets access to which assets. Aside from authentication, SDP can also include access controls for authorization.
0 kommentar(er)
