A Guide to Complete Zero Trust - How Forrester and Google have made Zero Trust mainstream?

A Guide to Complete Zero Trust – How Forrester and Google have made Zero Trust mainstream?

In this third part of our blog on “A Guide to Complete Zero Trust”, we delve deeper into the historical aspects related to the origin and evolution of the concept of Zero Trust. Historically, the idea of Zero Trust dates back to the work of the Jericho Forum, a security consortium, in 2003. The basic idea that Jericho had back then was that we shall not trust anyone or anything just because it’s within company boundaries.

Forrester took up this idea in 2011 and launched the Zero Trust model with the motto “Never trust, always verify”. The starting point for the Zero Trust model was the realization that perimeter firewalls are no longer sufficient to protect trade secrets and assets. Subsequently, Zero Trust as we know it today is evolved from Forrester’s Zero Trust model. And soon, the companies like Google or Microsoft have started to operationalize and adapt the Zero Trust model.

Google, in particular, with its BeyondCorp approach, is considered the driving factor that made Zero Trust popular. Started as an internal Google initiative, on the one hand to increase security and adapt it to the new circumstances and on the other hand “to enable [all] employees […] to work over untrustworthy networks without using a VPN”. In particular, the following sentence characterizes the complete redesign of Google’s security approach: “We’re removing the need for a privileged intranet and moving our corporate applications to the Internet.”

The relocation of all company applications from the internal network to the Internet was a radical departure from previous IT and IT security concepts. Google relies on the following three principles in their BeyondCorp platform:

Access to services must not be determined by the network through which you connect.
Access to services is granted based on the contact factors of the user and his device.
Every access to services must be authenticated, authorised and encrypted.

In addition to the aspect that access must not be determined by the network and the authentication, authorization and encryption of each call, which ultimately corresponds to the “never trust, always verify” approach, user- and device-based authentication and authorization in particular serves a key element of Google’s Zero Trust approach. 

The benefits of the Zero Trust model are so far-reaching that the forward-thinking organizations are increasingly looking for a Zero Trust architecture that includes proactive capabilities for immediate response to any suspicious activity. Authentication and authorization as integral elements of Identity and Access Management, cidaas, lives and breathes Zero Trust day-by-day. cidass, the Europe’s leading Cloud Identity & Access Management, provides with its feature set complete, continuous insights and behavior-based clustering to detect and respond to risks and threats in real-time. With cidaas, companies create unique user identification and maximum security across all channels. Based on the standards OAuth2.0, OpenID and its “Everything is an API” architecture, cidaas can be seamlessly integrated into any software landscape and scales effortlessly up to many millions of users. 

Don’t miss our further parts of our ‘Guide to complete Zero Trust’ blog series If you would like to learn in detail about “Complete Zero Trust – The Paradigm Shift in IT Security”, our whitepaper is now available to you!