Trust Nothing: A New Way to View Corporate Networks

Author: Category: Category: Blog Date: 11th December, 2013
 

Trust Nothing: A New Way to View Corporate NetworksNews has hit about Google looking to do away with the corporate network system they, and many others, have had previously. How can they possibly pull this one off you ask? With a complete removal of Windows from the corporate ecosystem and a tonne of security measures implemented essentially lending an unparalleled level of encryption to the Google Network.

How does the Trust nothing method work?

Well Google has a network but it is not built with a perimeter around it. Essentially most networks in use currently have a digital perimeter. Usually this is in the form of a firewall or series of firewalls seperating specific sections of the network. The reason this is not ideal for a large corporation is quite simple really. A social engineer can use tricks to get access codes from unsuspecting employees and once they have access through one of these firewalls they have near unlimited access.

With Google’s system though the encryption is moved away from a simple firewall setup to something that on the one hand seems simple but on the other is quite a bit more involved than you might think. Each employee has a company issued Apple Macbook which is registered in their stock system. Each system has certain security measures implemented within and will only be allowed to connect to Googles servers if firstly it is indeed one of the company issued devices and secondly is seen to be secure. If one or more of the various security implementations is bypassed for whatever reason whether innocent or otherwise it is deemed to not be secure and will not be allowed to connect.

While this may seem a little extreme it is in fact a solid way of ensuring that the number of potential access points is limited. In the event that somebody gains access to someones Mac without it being listed as insecure then it once the intrusion is detected the point of origin is easily identified. 

Can i use a similar system?

While it might be difficult to switch to such a system within a larger organisation it is not without benefit. Having said that it is of course easier for smaller organisations though the cost might be a bit much for those companies of a considerably minute size. 

An overview of the state of networks beyond the perimeter you can view a presentation with this link. Presentation is by Googles Jan Monsch and Harald Wagener. You can also see how they manage their Mac armada through this presentation presented by Clay Caviness and Edward Eigerman