Defending sovereign workloads: Google Distributed Cloud's air-gapped approach to Zero Trust
TJ Banasik
Product Manager, Google Distributed Cloud
Jason Byrd
Product Manager, Google Distributed Cloud
Public sector and government organizations require cloud solutions that can drive innovation and also adhere to strict sovereignty and security requirements. For years, security experts have warned of the risks of government overreliance on singular security controls.
To help address public sector and government requirements, we offer Google Distributed Cloud (GDC), a comprehensive suite of solutions. This includes GDC air-gapped, a disconnected private cloud environment for managing classified, restricted, and top-secret data that can help organizations meet public sector regulatory and security standards.
Why regulated industry and public sector need Zero Trust for air-gapped clouds
As cyber threats become increasingly sophisticated, traditional security approaches are no longer enough to protect critical workloads. A recent U.S. Cyber Safety Review Board (CSRB) report comes to a similar conclusion: Organizations that fail to implement modern security models often suffer from significant security failures and systematic weaknesses. Zero Trust models can help organizations that handle sensitive data, particularly in sectors like national security and defense, address their security needs with a framework that assumes breaches will occur and operates on the principle of "never trust, always verify."
Even air-gapped clouds, which are not connected to the internet, are still vulnerable to attacks. For example, the Stuxnet attack in 2010 demonstrated how threat actors can compromise air-gapped environments through supply chain vulnerabilities and social engineering.
More recently, CISA has warned of attacks against critical infrastructure such as last year’s attack on eastern European air-gapped industrial control systems. Mandiant’s Advanced Persistent Threat research indicates advanced actors such as APT-30 have possessed capabilities to compromise air-gapped networks since 2005.
Air-gapped clouds also face risks from insider threats, physical compromise, and hardware-based malware injections. Organizations should therefore implement a multi-layered security approach addressing external and internal threats to strengthen air-gapped cloud defenses. It should include continuous monitoring, strict access controls, encryption, and regular security assessments.
How Google Distributed Cloud can help
GDC implements a robust Zero Trust architecture tailored for air-gapped environments. This approach can help eliminate implicit trust by regularly authenticating users, devices, and workloads. GDC's Zero Trust model can enhance data protection, counter insider threats, and fortify against supply chain attacks by focusing on several risk mitigation strategies:
-
Microsegmentation
-
Data flow monitoring
-
Encryption
-
Granular access controls
-
Strict authentication protocols
Combined, these comprehensive controls help strengthen security without sacrificing the benefits of cloud technology.
GDC's Zero Trust implementation covers six key pillars: users and identity, devices, applications and workloads, data, network and environment, and automation and orchestration. For example, GDC mandates multi-factor authentication for privileged users, enforces least privilege access, and employs continuous authentication with session time-outs. Device security is ensured through stringent hardware qualifications, rogue asset detection, and robust endpoint protection. These measures, combined with rigorous data encryption, microsegmentation, and continuous monitoring, create a multi-layered defense-in-depth architecture that reinforces GDC's Zero Trust model.
Air-gapped Zero Trust strategy
We built GDC’s Zero Trust model on the assumption that threats can originate from anywhere, including from internal networks. We authenticate and authorize every user, device, and network flow, regardless of their location. GDC’s Zero Trust architecture is informed by a comprehensive blend of guidance documents, lessons learned, and product offerings to help provide robust security for air-gapped. Disclaimer that “informed/influenced” does not imply compliance with or for respective standards:
-
Google BeyondCorp: We built on BeyondCorp's Zero Trust principles and used GDC's disconnected cloud capabilities to deliver robust security and granular access controls even in fully isolated environments.
-
Department of Defense Zero Trust Strategy: Our Zero Trust implementation was informed by the DoD's strategic vision to help achieve compatibility and interoperability in defense environments.
-
NIST SP 800-207: We followed National Institute of Standards and Technology guidelines to establish a solid foundation for our Zero Trust architecture, incorporating industry-recognized best practices.
-
National Security Memorandum 8: Adhering to this guidance can help ensure that our solutions meet the stringent security requirements of critical government systems.
-
CISA Zero Trust Maturity Model: We referenced key principles to continuously assess and enhance our Zero Trust maturity, helping to ensure that our customers receive advanced security protections.
How to start on your air-gapped journey
Discover how GDC's Zero Trust solutions can help you protect your most sensitive sovereign data and workloads. Watch our on-demand webinar today. If you would like to discuss your air-gapped cloud requirements, please complete this form, and a member of our team will be in touch.