Jamf Blog
Zero Trust with BeyondCorp from Google Cloud
September 28, 2022 by Jesus Vigo

Zero Trust with BeyondCorp from Google Cloud

Learn about how you can create a strong security ecosystem for your Apple endpoints by integrating Jamf Pro’s device management capabilities with Google’s BeyondCorp Zero Trust solution. Establish a consistent, secure paradigm that provides the next evolution of support in modern computing and endpoint security management.

Like countless organizations globally, yours may have deployed (or maybe is in the planning stages of deploying) mobile devices in a shift toward a remote or hybrid work environment. While the transition isn’t a daunting one per se, it can be fraught with challenges that pose risks to your company’s infrastructure— especially the security of its sensitive data and the apps and services in use.

The truth is that the migration process will likely involve more than just purchasing new mobile devices. Your organization’s underlying infrastructure may require some changes to continue supporting a remote workforce while ensuring that mobile endpoints remain secure as end-users use devices for work (and possibly personal use) anytime, from anywhere and over any connection.

What is zero trust and why is it important?

Google’s zero trust solution subscribes to the Zero Trust Network Access (ZTNA) paradigm— which considers internal and external networks to be inherently unsafe, and therefore untrusted. Unlike the model used by enterprise VPN solutions which demarcate unsafe networks (like the Internet) from trusted networks, such as those within the borders of your company’s network, zero trust operates and adheres to a core tenant: never trust, always verify.

This is important to consider because remote users are accessing organizational resources from potentially anywhere in the world, from any device. And they're using any network connection available to them. Trust cannot exist when IT and security teams do not know who’s accessing what, how or from where, right?

Correct!

How is it enforced?

Google’s BeyondCorp technology was designed to update enterprise IT security, bring protections in line with modern computing needs, and to address the risks introduced by mobile devices and remote or hybrid computing.

You might be thinking, what does ZTNA do that is so different from VPN to fortify security and enforce compliance? Here are some of the details behind what ZTNA can do that legacy VPN does not:

  • Integrates with your infrastructure stack using an identity-centric model that permits only authenticated users through your Identity Provider (IdP)
  • Access to organizational resources is limited to managed endpoints, providing visibility into device security posture awareness
  • Device health checks are performed frequently to ensure endpoints meet minimum compliance guidelines— f not, access is denied until remediated
  • Context-aware access policies shift control from the network perimeter to verify individual users, devices and their statuses, allowing secure access to resources while mitigating risk
  • Alliance partners bring additional support for third-party solutions, like Multi-factor Authentication (MFA)

Apple + Jamf + Google = secure ecosystem

The key to successfully managing endpoint security for your fleet rests in the triad of Apple, Jamf and Google. Combining the secure Apple platform and its security and privacy frameworks with Jamf Pro as a solution enables device management: including signals and posture data that can be incorporated into policies for extra protection.

Combining agent-less on-device protections with context-aware policies within BeyondCorp:

  • Enforces access levels
  • Monitors device health for compliance
  • Leverages identity management and scaling to meet the unique demands of your organization
  • All while extending comprehensive security coverage to corporate- or personally-owned devices.

Modern computing is made possible without compromising endpoint security or user privacy.

Register for JNUC to access this session as well as other sessions on demand.

Photo of Jesus Vigo
Jesus Vigo
Jamf
Jesus is a Copywriter, Security focused on expanding the knowledge base of IT, Security Admins - generally anyone with an interest in securing their Apple devices - with Apple Enterprise Management and the Jamf solutions that will aid them in hardening the devices in the Apple ecosystem.
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.