BeyondCorp and Zero Trust
5 likes2,029 views
1. Google implemented a zero trust architecture called BeyondCorp to allow employees to work from untrusted networks without using a VPN. It granted access based on identity and device attributes rather than network location. 2. BeyondCorp has several components including an identity provider, device inventory, trust inferer, access policies, access proxy, and access control engine. It eliminated VPNs, streamlined the user experience, and reduced IT support tickets. 3. Zero trust is applying BeyondCorp principles to other organizations. It redefines identity as the user and device attributes. Access decisions are made in real time based on those attributes and dynamic conditions like being on an up-to-date device. This improves security by enforcing encryption and
BeyondCorp and Zero Trust
- 1. BeyondCorp and Zero Trust Bay Area Cyber Security Meetup - Sep 7th 2017 Ivan Dwyer | VP of Product Marketing | @fortyfivan
- 2. The BeyondCorp story begins with Operation Aurora
- 3. Google Got it Right With BeyondCorp 1 Connecting from a particular network must not determine which services you can access 2 Access to services is granted based on what we know about you and your device 3 All access to services must be authenticated, authorized, and encrypted Mission: To have every Google employee work successfully from untrusted networks without the use of a VPN
- 5. The Major Components Identity Provider The corporate system of record for employees and contractors, with groups and roles Device Inventory Service A system that continuously collects and processes the attributes and state of known devices Trust Inferer A system that continuously analyzes device attributes and state to determine its trust tier Access Policies A programmatic representation of the resources, trust tiers, and other rules that must be satisfied Access Proxy A reverse proxy service placed in front of every resource that handles the requests Access Control Engine A centralized policy enforcement service that makes authorization decisions in real time
- 6. Key Outcomes for Google ➔ Eliminated the use of perimeter-based network security controls – VPNs ➔ Streamlined end user experience for all Google employees across the globe ➔ More visibility into employee activity to identify behavioral patterns ➔ A 30% reduction in IT Support tickets through a better user experience
- 7. Zero Trust is BeyondCorp For Everyone Else
- 8. Corporate Identity Redefined Is the user in good standing with the company? Does the user belong to the Engineering org? Is the user on Team A working on feature X? Is the device in inventory? Is the device’s disk encrypted? Is the device’s OS up to date? Identity = You + Your Device at a Point-in-Time
- 9. Smarter Decision Making “You can’t submit source code from an unpatched device” “You can only reach the company wiki from a managed device” “Your disk must be encrypted to access the confidential file repository” “You can view the corporate phone directory from any device” Real-time trust attestation based on dynamic conditions
- 10. Better Security Posture ➔ Keeping devices up-to-date with the latest software ➔ Maintaining an inventory of employee devices ➔ Monitoring all endpoints & logging all traffic ➔ Only communicating over fully encrypted channels ➔ Incorporating multi-factor auth ➔ Eliminating the use of static credentials When security is usable, people like it and keep up with it
- 11. How to Achieve Your Own Zero Trust Architecture
- 12. Collect Your Relevant Data 1 Take an inventory of all employee devices - workstations, laptops, tablets, and phones 2 Take an inventory of all company resources to protect - apps, databases, servers, etc. 3 Take an inventory of all static credentials - shared passwords, ssh keys, etc. 4 Diagram your system architecture and inspect traffic logs to understand behavior 5 Collect device state - is the software up to date? Is the disk encrypted?
- 13. Determine the Right Policy Framework ➔ User attributes ➔ Device state ➔ Location-based rules ➔ Time-based controls ➔ Groups and roles ➔ Team federation ➔ Resource specific rules
- 14. Write Job Stories to Understand Your Users Behavioral patterns should influence policy definitions Alice - Build Engineer When a release is ready, I want to login to the build server over ssh, so I can inspect the build logs. What if a request from Alice to the build server comes from a laptop during a non-release time? Bob - Recruiter When I arrive at the office in the morning, I want to login to the ATS, so I can review the day’s applicants What if a request from Bob to a finance app comes from outside the office during the evening?
- 15. Implement the Access Controls The ScaleFT Access Fabric
- 16. Recommendations 1 You don’t have to build the whole system yourself - leverage solutions for the hard parts 2 Be selective with the environments you support - operating systems, protocols, etc. 3 Start with simple global coarse-grained access policies before getting too fine-grained 4 Test your new system with simple apps that don’t contain sensitive data 5 Keep your network controls in place until absolutely confident the new system works
- 17. Companies Who Have Been Successful
- 18. THANKS!! Get in touch: ivan.dwyer@scaleft.com | @fortyfivan www.scaleft.com www.beyondcorp.com