This process of defining rules and policies involves collaboration between security and identity teams, application owners, compliance and other internal groups.
Setting up the right policies means deciding exactly how and when people earn the appropriate levels of trust that your organization establishes for accessing internal services and corporate resources like SaaS applications. A framework for levels of trust can actually be pretty simple. For example:
- High: The most trusted, in line with all security policies and recommendations, and able to access the most secure services
- Medium: Limited trust when out of compliance for some policies.
- Low: Useful for devices that are in the inventory but not properly set up, or have had issues and need remediation
- None: The default state for any unknown or unrecognized device
We want to keep things as simple as possible, without diluting them to be overly simplistic. So if you need more granular policies, or have specific regulatory requirements around roles, data stores or offices, you always have the flexibility to customize policies to suit your needs.
Increase the security posture of your organization by implementing a modern security model to help ensure only authorized users from trusted devices can access specific resources. Protect your users and your applications and get started on your zero trust access journey with Google Cloud today!
To learn more and see how you can set these up yourself, check out the following: