How Google Tools Use Zero Trust Principles to Secure Enterprises
In the session “Trusted Access and Beyond: A Roundtable Conversation with Google and Jamf,” experts from the two companies gathered to discuss the issues facing organizations today and how security solutions from both vendors help support the trusted-access philosophy.
When asked about the biggest challenges facing organizations today, panelists agreed that the technology environment at businesses is increasingly complex. With the rise of remote and hybrid work, the number of security tools available from different vendors, and the challenges associated with maintaining compliance, organizations have a lot on their plate.
Using BeyondCorp, an application that creates a zero-trust environment, Google can ensure that only secure devices are able to access critical systems, sensitive data and apps. Jamf is an important part of this integration, said Prashant Jain, product manager for BeyondCorp alliances at Google.
“Chrome does collect security posture and where the user request is coming from, but we want to democratize that,” he said. “We want customers to leverage whatever tools they want to leverage, and Jamf integration is part of that. When Jamf says this device is compliant, BeyondCorp will allow access to that application and access to that data. It is not done one time, only at login, but is a continuous authorization.”
Because most work happens within browsers, Google’s secure enterprise browsing tool ensures user safety as well as corporate resource protection within the Google Chrome browser.
“The first part is to ensure that users are protected,” Jain said. “Secure enterprise browsing will make sure users are not able to connect to malicious websites. The second part, when users are trying to download or upload content, will make sure that that content is protecting the user and stop any exfiltration the user is trying to do, accidentally or maliciously. The third part is basically to understand each and every request that is coming from the user and give administrators visibility into what the users are doing.”
Matt Vlasach, vice president of product management for Jamf, said trusted access is a “destination” on an organization’s zero-trust journey. For Jamf, it’s a combination of the company’s own products with ecosystem partners to ensure that only trusted users are able to access corporate data. It’s important that these security features work for users right out of the box, he said.
“You're not waiting an hour for some magic system to kick into play before you can start having these zero-trust outcomes,” he said. “They start working right away.”
Okta Identity Management Can Make a Passwordless Future Possible
Jamf’s partnership with Okta is another important way that the platform offers secure identity and access management solutions. Jamf itself does not offer an identity provider; instead, it integrates tools such as Okta for identity management. In the “Identity Innovation on Apple Devices” session, panelists from Jamf and Okta discussed the future of identity management.
Jamie Fitz-Gerald, director of product management, device security and risk products at Okta, said multifactor authentication isn’t enough to protect an organization’s assets. He wanted attendees to leave the session thinking about investing more time in passwordless authentication.
“Single sign-on is probably the most elementary aspect of all this, but also probably some of the most profound and the biggest opportunity,” Jamf’s Vlasach said. “SSO means something different to everyone, but on the Apple platform, it really is making it so you can log in to your applications and your services on the web or on native apps seamlessly, like with one login, truly one login, and that can even include, like, biometrics and fewer passwords.”
When paired with Jamf, Okta Verify uses one login session to allow users access to multiple applications. Using biometric sign-on capabilities such as Apple’s Face ID and Touch ID can allow users to get closer to the passwordless future Fitz-Gerald envisions.
“It’s magic,” Vlasach said. “This thing comes up, Face ID happens, the device posture checks all those user privileges, everything happens immediately without typing a single password and without a push to another device, with higher assurance than what you would get even with a push or a text message.”
Passwordless SSO reduces manual password entry fatigue, leveraging consumer-friendly biometrics using the same technology that Apple users are already familiar with, he said.
“There's no learning curve, and it just works exactly the way that they're used to,” Vlasach said.
Taking SSO and identity management into the zero-trust mindset means continually authenticating the user and the user’s device.
“You want to be able to certify that the user is who they say they are through the identity provider and you want to be able to certify that the device is managed and compliant before you give access to data,” Vlasach said. “You want to be continuously reevaluating, because devices contexts change” — for example, he said, “if a device's OS falls out of date, and there are vulnerabilities that are exposed.”
Jamf Connect — offering zero-trust network architecture features and integrations with identity providers like Okta — helps organizations get closer to a zero-trust security posture.
“You have this really nice layered-defense approach that allows you to have the best that Jamf knows about that device and posture, coupled with very strong identity assertions,” Vlasach said. “Combined, it's getting you really close to some of those optimal zero-trust models.”