[sshahone]

You are correct. The solution presented is not a BeyondCorp but rather an SSO implementation that adds authentication to the internal application.

For BeyondCorp, it essentially:

* Must be Layer 7 protocol, access privilege aware (achieved by an identity-aware access proxy).

* Promotes authorization as opposed to authentication only.

* Should be able to enforce security policies (time, location, context, 2fa).

* Must be aware of the security state of the user device.

Shameless plug: Check out our zero trust service access project TRASA (https://github.com/seknox/trasa). It's free and opensource and addresses many of the requirements outlined by BeyondCorp.

[unmole]

Since you clearly seem to know what your talking about: What would be a good resource for getting started with zero trust networking?

[sshahone]

Heh. Though I am not an expert on the topic, I can recommend a few things. First, there are three directions the industry is heading with "zero trust" thing.

(1) Zero trust access (like BeyondCorp, protects application and services when a user, user credentials, user devices are compromised)

(2) Network micro-segmentation (contain impact when one network segment is compromised, dynamic network assignment)

(3) Zero trust browsing (protection for users from getting infected with malicious contents served by trusted but compromised websites)

Honestly, I am only more familiar with zero trust access, and for this, I can recommend you first read -> BeyondCorp A New Approach to Enterprise Security [0] by Google. The trend was kickstarted from that paper

0: https://research.google/pubs/pub43231/