In January 2010, Google made a large cyber attack public, Operation Aurora. Behind this attack, Chinese hackers not only targeting the American group, but also other technological companies, NGOs and journalists. “Hackers have managed to compromise part of our infrastructure. At the time, we thought we had all the good practices in place. We were in line with the most recognized security benchmarks, ”explains Thiebaut Meyer, cybersecurity director within the Office of the Ciso at Google Cloud. This attack highlighted the limits of the traditional approach to cybersecurity, focused on the perimeter. She marked the start of a radical overhaul of Google’s security strategy, based on a principle: the Zero Trust.
“Never Trust, Always Verify”
As early as 2010, Google decides to abandon any presumption of confidence within its infrastructure. “Zero Trust is not a product, it is not a function, it is not an objective. It is a state of mind, a process, a program, ”recalls Thiebaut Meyer. The watchword is clear: no entity should be considered reliable by default. Whether it is a user, a device, a service or a microservice, each attempt to access must be checked in a systematic and contextual manner.
The strategy is based on three pillars: reduction in privileges, early detection of compromises, and continuity of verifications. “We now assume that there will be a compromise sooner or later. Our challenge is then to locate, isolate, and contain the attack, while maintaining critical activities. »»
From Titan Chip to deployment pipeline
The implementation of this philosophy results in a deep security of the entire infrastructure. Google designs its own servers and integrates its homemade cryptographic chip, Titan. “Each start -up step is signed, verified, and validated. If a machine cannot prove its integrity, it is not allowed to communicate on the network. »»
At the software level, Google has developed the salsa framework to supervise the development channels: validation of the source code, controls of the build of build, and verification of the artifacts deployed. “Not a single image goes into production without having received all the necessary signatures. »»
Beyondcorp and Beyondprod: End of VPN, start of contextual confidence
In parallel, Google gradually removed the use of VPNs. “One of the first surprises when you arrive at Google is that there is no more VPN,” said Thiebaut Meyer. It is the Beyondcorp project, officially launched in 2014, which allows employees to access internal resources since anywhere, on the basis of strong authentication and multiple signals: user identity, device integrity, location, behavior, etc.
On the production side, the Beyondprod project, published in 2019, applies the same principles to all services and microservices. Each component must prove their identity before interacting with another. The Alth Protocol, MTLS house version, guarantees its execution. “Each microservice is not authorized to communicate only after verifying its identity and its rights. »»
A model transposable to AI
In conclusion, Google now applies these same requirements to its artificial intelligence models. “We want to guarantee the safety of the model as soon as it is created during training during updates, until its deployment,” explains a speaker. At each stage of the life cycle, checks apply, as for traditional software.
For Google, Zero Trust is not a multinational privilege. “Everyone can start with small touches. There is no need for a big bang. But it takes automation, and above all, rigor. »»
“Zero Trust is a philosophy, not a functionality. »»
📄 Operational sheet: deploy the trust zero in steps
| Stage | Objective | Recommended tools |
|---|---|---|
| 1. Cartography of the existing | Identify risk areas, implicit access | CMDB, Active Directory, vulnerability scanners |
| 2. Strong authentication | Secure user identity | MFA, Fido2 (Yubikey, Titan), SSO (Okta, Azure AD) |
| 3. Smart privilege | Limit access to the strict necessary | RBAC, ABAC, access audits |
| 4. Access without VPN | Contextual access to internal resources | Identity-Aware Proxy, ZSCALALER ZPA, Cloudflare Access |
| 5. Securing services | Identity verification of microservices | MTLS, mesh service (Istio, Linkerd), certificates |
| 6. Code integrity | Guarantee the chain of software trust | CI/CD secure, salsa, sbom, binary authorization |
| 7. Detection and response | Quickly identify compromises | Siem, Soar, EDR, Behavioral Analysis |
📆 Recommended deployment : incremental, by functional priorities and identified risks.
🔊 Mantra to remember :: “Never trust, always check. »»
