Symantec Partners with Google Cloud to Improve Zero Trust Cloud Access

The way we do business has undergone an incredible transformation thanks to the cloud. Few other technologies have had as big an impact on productivity, allowing people to easily access enterprise applications from anywhere and at any time, while facilitating better collaboration, scalability and decision-making. More and more organizations are reaping these benefits by migrating their core infrastructure and apps to a cloud platform.

But with the benefits inevitably come challenges, not least of which is managing access to enterprise resources which are located outside of an organization’s internal network perimeter. Traditional network security solutions were designed to protect data and devices located within the corporate perimeter. However, as employees are increasingly demanding the flexibility to work from anywhere and on a variety of devices, including mobile devices, and as valuable corporate data is no longer located in just one place, the idea of a network security perimeter is losing steam. One of the main drawbacks of this paradigm is that if hackers manage to breach the perimeter, they have free reign within an organization’s restricted network.

A Fading Perimeter Calls for a New Approach

To keep up with challenges arising from an increasingly mobile workforce and dynamic and dispersed cloud environments, security professionals must rethink traditional enterprise security. Symantec, alongside Google Cloud, is taking a significant step forward in this direction, working to provide a new, Zero Trust approach to managing access to corporate resources and apps. Symantec is proud to partner with Google Cloud and join the BeyondCorp Alliance working together to keep customer data more secure and help security teams make better access decisions by leveraging user identity attributes and device security posture.

Device-Level Security Signals for Smarter Access Management

Here’s how our integrated endpoint security solution with Google Cloud works. Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Mobile (SEP Mobile) report on the security posture of an organization’s traditional and mobile endpoints, including both managed and unmanaged devices. We provide signals on indications of compromise, operating system configuration risks, app risks, anomalous network behavior, and more. These device-level signals are passed to Google Cloud’s context-aware access engine and combined with information on user identity and context of the request to determine if a user should be granted access to corporate resources and services.

Essentially, Symantec’s signals act as the device security layer for Google Cloud’s context-aware access solution.  Until now, Google Cloud looked at user identity data and contextual information, such as location, IP addresses, and essential device security status, to authenticate users. With the integration of Symantec’s market-leading technology, customers can now gain enhanced visibility over a device’s risk posture, augmenting what they know about the device and the context in which access is being requested.

Customers can leverage Symantec’s endpoint signals to create more granular and customized access policies for G Suite, web apps, and Google Cloud infrastructure. Granular controls make it easier for admins to grant context-aware access to resources, or to take more drastic measures if needed. For example, access can be blocked if Symantec reports that a device is exposed to risk, or app data can be completely wiped from the device if it is found to be compromised.

In addition, Symantec reports on the health of its agent on the device – an important signal which can also be used to define access policy. If the agent is not properly installed or activated, access to resources can be blocked. This input also provides admins the vital ability to enforce the proper installation and activation of Symantec agents on endpoints across the organization, particularly on unmanaged devices.

Strengthening Zero Trust with Symantec Integrated Cyber Defense

Google Cloud’s context-aware access, in partnership with Symantec, allows employees to more securely access corporate resources from any device, and any location, without needing a traditional VPN. The solution is part of Google’s BeyondCorp security model, founded in 2011 to strengthen Zero Trust networks at Google and improve access management. The idea behind this model is that users should not be restricted from accessing certain resources and services based on the network on which they are connected. Instead, access to resources should be conditional on user identity, device risk, and other contextual attributes. In a Zero Trust security model, access should be authenticated and encrypted regardless of whether it is within the network security perimeter.

Symantec is a recognized force in Zero Trust solutions, recently being named a Leader in "The Forrester Wave™: Zero Trust eXtended (ZTX) Ecosystem Providers, Q4 2018," a report published by Forrester Research, Inc.  On the heels of this Zero Trust leadership recognition for the Symantec Integrated Cyber Defense Platform, Symantec announced the acquisition of Luminate, a Software Defined Perimeter (SDP) and Zero Trust innovator whose Secure Access Cloud service delivers private secure application access to all users, regardless of device, location or infrastructure. The Secure Access Cloud’s existing integration with Google Cloud allows enterprises to use Google’s Cloud Identity as their Identity Provider when authenticating and authorizing users attempting to access resources, apps, and workloads through the service.

Now, as one of the first companies to join Google Cloud’s BeyondCorpAlliance – a new initiative through which Google Cloud and select partners are working together to deliver better security solutions – Symantec is again strengthening its commitment to Zero Trust security architectures. By leveraging robust data to more accurately determine the identity of users, and the risk posture of devices attempting to access corporate services, Google Cloud and Symantec are leading the way in improving enterprise security without compromising on employee productivity.

To better improve employee access to corporate resources, several mutual Google Cloud and Symantec customers, among them global banking group BBVA, have already expressed interest in the integration. "BBVA provides financial and non-financial products and services around the world to 75 million customers supported by our 125,000 person workforce,” said a representative at BBVA. “To help keep our data protected, we are excited to see the Google Cloud and Symantec solutions we use today working together to enforce more granular access control while allowing our employees to work from any device, anywhere."