#GOOGLE BEYONDCORP DIAGRAM SOFTWARE#
For example, certain security-relevant properties or attributes of the user’s situation-strength of authentication, device type, ownership, posture assessment, health, network location, and others-are propagated to and through the software systems with which the user is interacting, and alter their access dynamically. Are we talking about human actors with their PCs, tablets, and phones trying to access web applications? Or are we talking about machine-to-machine, software-to-software communication, where all requests are authenticated and authorized using other kinds of techniques? Or perhaps we’re thinking of some combination of the two. The other dimension is identity and access management. Do we achieve Zero Trust by allowing all network packets to flow between all hosts or endpoints, but implement all security controls above the network layer? Or do we break our systems down into smaller logical components and implement much tighter network segments or packet-level controls-so-called micro-segments or micro-perimeters? Do we add some kind of gateway or proxy technology that enforces a new kind of trust boundary? Do we still use VPN technology for network isolation but make it more dynamic and hidden from the user experience, so that users don’t even notice that network boundaries are being created and torn down as needed? Or some combination of these techniques? Let’s consider more details and possible approaches along the two dimensions. Better security mechanisms should be understood broadly to include attributes such as greater usability and flexibility, even if the overall security posture remains the same. In a Zero Trust world, network-centric trust models are augmented or replaced by other techniques-which we can describe generally as identity-centric controls-to provide equal or better security mechanisms than we had in place previously. The zero in Zero Trust fundamentally refers to diminishing-possibly to zero!-the trust historically created by an actor’s location within a traditional network, whether we think of the actor as a person or a software component. Zero Trust is a conceptual model and an associated set of mechanisms that focus on providing security controls around digital assets that do not solely or fundamentally depend on traditional network controls or network perimeters. Let’s start out with a general definition. (A good summary of some of those can be found in the Design Principles of the AWS Well-Architected Framework.) Definition and guiding principles for Zero Trust Technological approaches rise and fall, but underlying security objectives tend to be relatively stable over time. Finally, we’ll review how AWS can help you on your own Zero Trust journey, focusing on the underlying security objectives that matter most to our customers. We’ll also talk about how AWS has woven these principles into the fabric of the AWS cloud since its earliest days, as well as into many recent developments. We’ll share our definition and guiding principles for Zero Trust, and then explore the larger subdomains that have emerged under that banner. Given the surge in interest in technology that uses the Zero Trust label, as well as the variety of concepts and models that come under the Zero Trust umbrella, we’d like to provide our perspective. From a security perspective, our customers seek answers to the ongoing question What are the optimal patterns to ensure the right level of confidentiality, integrity, and availability of my systems and data while increasing speed and agility? Increasingly, customers are asking specifically about how security architectural patterns that fall under the banner of Zero Trust architecture or Zero Trust networking might help answer this question. Our mission at Amazon Web Services (AWS) is to innovate on behalf of our customers so they have less and less work to do when building, deploying, and rapidly iterating on secure systems.