With BeyondProd Google unveils its approach to secure cloud microservices
To secure cloud-native architectures, Google has developed BeyondProd. This system will notably allow him to connect from unapproved networks, without resorting to a VPN. After working on BeyondCorp a few years ago, we can therefore imagine significant progress for BeyondProd.
BeyondProd would be an extension of the BeyondCorp Zero Trust system
A few years ago, Google was working on BeyondCorp, the system used to move the security of VPNs and firewalls to users and their devices. BeyondProd, meanwhile, will focus on the Zero Trust approach that Google tells it in how it will then connect machines, workloads and services.
The operation of BeyondProd does not seem so different from that of BeyondCorp. Both systems are indeed based on similar principles, they both focus on securing native cloud applications. The latter communicate using APIs.
Today, in detail, BeyondProd has been designed for the following security principles:
- Network protection on the periphery
- No mutual trust between services
- Reliable machines running code with known provenance
- Choke points for consistent application of policies across all services
- Deployment of simple, automated and standardized modifications
- Isolation between workloads
BeyondProd to focus on security
In its white paper, Google says that thanks to its new system, microservices running on containers can communicate with each other and work, at the same time, without adding to the work of microservice developers.
Google makes available to developers all of its features, in particular through its own services such as GKE or Anthos, available in hybrid cloud. These open source tools therefore allow companies to create systems compatible with platforms such as Envoy, Istio, Gvisor.
Also, by using the security principles of BeyondProd in their CloudNative infrastructure, users will be able to take advantage of Google’s security and thereby strengthen the deployment of unique tasks that applications complete, in other words workloads, securing communications. and how these affect other workloads.
Finally, in its white paper, Google offers many security tools and also gives advice to strengthen network security, beyond the BeyondPro system.