SlideShare a Scribd company logo

BeyondCorp - Google Security for Everyone Else

Ivan Dwyer, profile picture
Ivan Dwyer

BeyondCorp is Google's security initiative developed in response to the 2009 Operation Aurora cyberattack, which recognized traditional perimeter security methods like VPNs were insufficient. The initiative promotes a zero trust architecture that allows employees to access company resources from untrusted networks while continuously validating their identity and device security. By eliminating reliance on network segmentation, BeyondCorp enhances visibility into employee activity and improves overall corporate security posture.

Technology
Related topics:
Cloud Security Insights cloud-native
1 of 38
Downloaded 106 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
BeyondCorp: Google Security For Everyone Else Rocky Mountain InfoSec - May 10th 2017 Ivan Dwyer | @fortyfivan
The BeyondCorp story begins with Operation Aurora
Operation Aurora ➔ In 2009, a highly sophisticated APT originating from China targeted a number of large US-based Enterprises, including Google, with the goal of accessing source code repositories ➔ The typical fear-driven response by most companies affected was to beef up their network perimeter security by adding more firewalls and VPNs ➔ Google recognized that these traditional methods were no longer effective on their own, and began a new initiative to redesign their security architecture from the ground up
The network perimeter is not an effective way to determine trust
Problems with the Perimeter ➔ The modern organization is no longer confined to the walls of the office - more employees are remote, systems are running in the cloud, and business apps are SaaS-based ➔ Common network segmentation tools such as the VPN don’t provide any visibility into traffic, and don’t factor in context when authenticating and authorizing requests ➔ Privileged access is backed by static credentials that can be easily lost, stolen or misused - effectively handing over the keys to the kingdom to anyone in possession
Google got it right with BeyondCorp
Core Principles 1 Connecting from a particular network must not determine which services you can access 2 Access to services is granted based on what we know about you and your device 3 All access to services must be authenticated, authorized, and encrypted Mission: To have every Google employee work successfully from untrusted networks without the use of a VPN
The BeyondCorp Papers BeyondCorp: A New Approach to Enterprise Security Dec 2014 BeyondCorp: Design to Deployment at Google Spring 2016 BeyondCorp: The Access Proxy Winter 2016 Download at www.beyondcorp.com
Google’s Reference Architecture
The Major Components Device Inventory Service A system that continuously collects and processes the attributes and state of known devices. Trust Inferer A system that continuously analyzes device attributes and state to determine its maximum trust tier. Access Policies A programmatic representation of the resources, trust tiers, and other rules that must be satisfied. Access Control Engine A centralized policy enforcement service that makes authorization decisions in real time. Access Proxy A reverse proxy service placed in front of every resource that handles the requests. Resources The applications, services, and infrastructure that are subject to access control by the system.
A Typical User Workflow Access Proxy IdP User request to resource flows through access proxy User is authenticated against the IdP via an SSO service SSO User and device are authorized against the Access Policies A one-time credential is issued for the device to access the resource 1 2 3 4
The Decision Making Process Device Inventory Attributes State Trust Tier Access Control Engine Access Proxy Access Policy Trust Tier Trust Inferer
The Access Policy Language Global Rules Service-Specific Rules Coarse-grained rules that affect all services and resources “Devices at a low tier are not allowed to submit source code.” Specific to each service or hostname; usually involve assertions about the user. “Vendors in group G are allowed access to Web application A.”
The Outcome for Google ➔ Google eliminated any dependency on network segmentation and VPNs ➔ Employees are able to seamlessly access company resources from any location ➔ Google has better visibility into their employee activity, and can better protect their sensitive resources
Waymo vs Uber Case Example ➔ Google has accused a former employee of stealing proprietary technology documents ➔ In a deposition, they claim to have evidence as to all his activity on the company network ➔ The BeyondCorp architecture is a key reason they were able to collect such strong evidence
Zero Trust Enables BeyondCorp for Everyone Else
Why Zero Trust Matters 1 Better definition of Corporate Identity that aligns with how employees operate today 2 Access decision making is done with the right contextual information 3 Access controls are centralized with better visibility into employee activity 4 The enforced security measures encourage better corporate security posture 5 The network no longer determines trust, eliminating common attack vectors
Zero Trust introduces a new definition of Corporate Identity
Corporate Identity Redefined Is the user in good standing with the company? Does the user belong to the Engineering org? Is the user on Team A working on feature X? ... Is the device in inventory? Is the device’s disk encrypted? Is the device’s OS up to date? ... Corporate Identity = You + Your Device at a Point in Time
Decision making is done with the right contextual information
Revitalizing the AAA Framework +1 Authentication Authorization Auditing Alerting The new definition of Identity provides a better view of the requestor Access decisions are made in real time based on dynamic conditions Activity and traffic are inspected to identify patterns & anomalies Incorporate workflows to ensure requests are handled properly Follow the Corporate Identity through the lifecycle of the request
Access controls are centralized with visibility into employee activity
Centralized Access Gateway Access Gateway Safe MitM Consistent Logging Inherent Trust A reverse proxy in front of every resource handles every request A central point to log all traffic is better to analyze behavior Decouple access decision making from the resources themselves The Access Gateway should be globally distributed to avoid additional latency
Enforced security measures encourage better corporate security posture
Better Security Posture ➔ Keeping devices up-to-date with the latest software ➔ Maintaining an inventory of employee devices ➔ Monitoring all endpoints & logging all traffic ➔ Only communicating over fully encrypted channels ➔ Incorporating multi-factor auth ➔ Eliminating static credentials
Eliminating static credentials solves for the most common attack vector
Ephemeral Certificates ➔ A Certificate Authority issues single-use certificates to initiate a secure session ➔ Information about the user and connecting device can be injected into the certificate ➔ Each certificate is limited in scope and time, making it near impossible to hijack
Achieving a Zero Trust Architecture
Where to Start 1 Take an inventory of all employee devices - workstations, laptops, tablets, and phones 2 Take an inventory of all company resources to protect - apps, databases, servers, etc. 3 Take an inventory of all static credentials - shared passwords, ssh keys, etc. 4 Diagram your system architecture and inspect traffic logs to understand behavior 5 Start to collect device state metrics - is the OS up to date? Is the disk encrypted?
Determining the Right Policy Framework ➔ User attributes ➔ Device attributes ➔ Location-based rules ➔ Time-based controls ➔ Groups and Roles ➔ Team federation ➔ Resource specific rules
Trust Policy Models Trust Tiers Trust Scoring Trust Assertions User and device metrics are analyzed and placed in a tier which must match the minimum tier associated with the resource User and device metrics are compiled and granted a score which must match the minimum level associated with the resource User and device attributes and state are individually matched against an Access Policy where all assertions must be true Regardless of the model, Trust follows the principle of Least Privilege
Example User Stories Behavioral patterns should influence policy definitions Alice, a release engineer, always uses ssh from her desktop to login to the build server during a release. What if a request from Alice to the build server comes from a laptop during a non-release time? Bob, who works in staffing, logs into the HR app from his office desktop every morning at 9AM. What if a request from Bob to a finance app comes from outside the office during the evening?
Access Gateway Vendor Solutions The Access Gateway is the central component that ties the system together
Companies Who Have Implemented Zero Trust
Some Questions to Ask ➔ How will all the components integrate with each other? ➔ How to balance coarse-grained policies with fine-grained policies? ➔ What’s the best way to incorporate additional workflows for specific resources? ➔ What role does Identity Governance play? Can the IdP exist in the cloud? ➔ How to support legacy protocols and specifications consistently? Should you? ➔ How to track and monitor all the devices the employees use? ➔ How does this impact compliance? Where will it help?
Potential Market Effects ➔ A new category of Cloud Native solution providers are emerging that are disrupting the legacy security companies who focus primarily on strengthening perimeter security ➔ Defined market categories such as IAM and PAM will converge into a single Access Management category that works across privileged and nonprivileged users ➔ The Identity Provider space is about to heat up as cloud-based alternatives to Active Directory start to break through into the enterprise market ➔ The VPN market is going to be significantly impacted as more companies shift towards a Zero Trust model that places less (or no) emphasis on network protection as a security measure
Where ScaleFT Fits We help companies achieve their own Zero Trust security architecture Architecture Reviews Platform Implementations Community Development We work closely with companies to design the right Zero Trust architecture for the organization Our Access Management platform can be deployed in any cloud or on-prem environment We are leading the BeyondCorp movement, further educating the market about Zero Trust
THANKS!! Get in touch: ivan.dwyer@scaleft.com | @fortyfivan www.scaleft.com www.beyondcorp.com

More Related Content

PDF
Getting started with kubernetes
Janakiram MSV
 
PDF
Fluentdのお勧めシステム構成パターン
Kentaro Yoshida
 
PDF
【de:code 2020】 今すぐはじめたい SQL Database のかしこい使い分け術 前編
日本マイクロソフト株式会社
 
PDF
Hyperledger Fabric 概説
LFDT Tokyo Meetup
 
PDF
Amazon RDS 서비스 활용하기 - 신규 기능 중심으로 (윤석찬) :: AWS 월간 웨비나
Amazon Web Services Korea
 
PDF
一歩先行く Azure Computing シリーズ(全3回) 第2回 Azure VM どれを選ぶの? Azure VM 集中講座
Minoru Naito
 
PPTX
CloudNativePGを動かしてみた! ~PostgreSQL on Kubernetes~(第34回PostgreSQLアンカンファレンス@オンライ...
NTT DATA Technology & Innovation
 
PDF
AstriCon 2017 - Docker Swarm & Asterisk
Evan McGee
 
Getting started with kubernetes
Janakiram MSV
 
Fluentdのお勧めシステム構成パターン
Kentaro Yoshida
 
【de:code 2020】 今すぐはじめたい SQL Database のかしこい使い分け術 前編
日本マイクロソフト株式会社
 
Hyperledger Fabric 概説
LFDT Tokyo Meetup
 
Amazon RDS 서비스 활용하기 - 신규 기능 중심으로 (윤석찬) :: AWS 월간 웨비나
Amazon Web Services Korea
 
一歩先行く Azure Computing シリーズ(全3回) 第2回 Azure VM どれを選ぶの? Azure VM 集中講座
Minoru Naito
 
CloudNativePGを動かしてみた! ~PostgreSQL on Kubernetes~(第34回PostgreSQLアンカンファレンス@オンライ...
NTT DATA Technology & Innovation
 
AstriCon 2017 - Docker Swarm & Asterisk
Evan McGee
 

What's hot (20)

PDF
何故 Okta を選んだか? 導入して体感したメリットとは?
Kyohei Komatsu
 
PDF
わかる!metadata.managedFields / Kubernetes Meetup Tokyo 48
Preferred Networks
 
PPTX
Introduce Google Kubernetes
Yongbok Kim
 
PDF
各種データベースの特徴とパフォーマンス比較
株式会社オプト 仙台ラボラトリ
 
PDF
マイクロサービスと Red Hat Integration
Kenta Kosugi
 
PPTX
VMworld 2017 - Top 10 things to know about vSAN
Duncan Epping
 
PDF
Fargate起動歴1日の男が語る運用の勘どころ
Yuto Komai
 
PDF
Apache Kafka 0.11 の Exactly Once Semantics
Yoshiyasu SAEKI
 
PPTX
Cisco Identity Services Engine (ISE)
Anwesh Dixit
 
PPTX
Debugging the Web with Fiddler
Ido Flatow
 
PDF
[AKIBA.AWS] VPCをネットワーク図で理解してみる
Shuji Kikuchi
 
PPTX
Azure Media Services 大全
Daiyu Hatakeyama
 
PDF
外部キー制約に伴うロックの小話
ichirin2501
 
PDF
Azure Monitor Logで実現するモダンな管理手法
Takeshi Fukuhara
 
PDF
Mysql toranomaki
Mikiya Okuno
 
PPTX
負荷軽減!整合性もバッチリ!Veeamのストレージ連携セミナー!!
株式会社クライム
 
PPTX
Cloud Spanner をより便利にする運用支援ツールの紹介
gree_tech
 
PDF
Database Encryption and Key Management for PostgreSQL - Principles and Consid...
Masahiko Sawada
 
PDF
Azure monitoring and alert v0.2.21.0707
Ayumu Inaba
 
PDF
Scalar DL Technical Overview
Scalar, Inc.
 
何故 Okta を選んだか? 導入して体感したメリットとは?
Kyohei Komatsu
 
わかる!metadata.managedFields / Kubernetes Meetup Tokyo 48
Preferred Networks
 
Introduce Google Kubernetes
Yongbok Kim
 
各種データベースの特徴とパフォーマンス比較
株式会社オプト 仙台ラボラトリ
 
マイクロサービスと Red Hat Integration
Kenta Kosugi
 
VMworld 2017 - Top 10 things to know about vSAN
Duncan Epping
 
Fargate起動歴1日の男が語る運用の勘どころ
Yuto Komai
 
Apache Kafka 0.11 の Exactly Once Semantics
Yoshiyasu SAEKI
 
Cisco Identity Services Engine (ISE)
Anwesh Dixit
 
Debugging the Web with Fiddler
Ido Flatow
 
[AKIBA.AWS] VPCをネットワーク図で理解してみる
Shuji Kikuchi
 
Azure Media Services 大全
Daiyu Hatakeyama
 
外部キー制約に伴うロックの小話
ichirin2501
 
Azure Monitor Logで実現するモダンな管理手法
Takeshi Fukuhara
 
Mysql toranomaki
Mikiya Okuno
 
負荷軽減!整合性もバッチリ!Veeamのストレージ連携セミナー!!
株式会社クライム
 
Cloud Spanner をより便利にする運用支援ツールの紹介
gree_tech
 
Database Encryption and Key Management for PostgreSQL - Principles and Consid...
Masahiko Sawada
 
Azure monitoring and alert v0.2.21.0707
Ayumu Inaba
 
Scalar DL Technical Overview
Scalar, Inc.
 
Ad

Similar to BeyondCorp - Google Security for Everyone Else (20)

PDF
BeyondCorp and Zero Trust
Ivan Dwyer
 
PDF
BeyondCorp and Zero Trust
Ivan Dwyer
 
PDF
How Zero Trust Changes Identity & Access
Ivan Dwyer
 
PDF
BeyondCorp: Closing the Adherence Gap
Ivan Dwyer
 
PDF
BeyondCorp New York Meetup: Closing the Adherence Gap
Ivan Dwyer
 
PDF
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern
 
PDF
Authentication_Best_Practices_WP(EN)_web
SafeNet
 
PPTX
GDPR Part 3: Practical Quest
Adrian Dumitrescu
 
PPTX
Zero Trust Model
Yash
 
PDF
BeyondCorp Seattle Meetup: Closing the Adherence Gap
Ivan Dwyer
 
PPTX
CCSK.pptx
sukhpreetsingh295239
 
PDF
BeyondCorp Boston Meetup: Closing the Adherence Gap
Ivan Dwyer
 
PDF
BeyondCorp SF Meetup: Closing the Adherence Gap
Ivan Dwyer
 
PPTX
Embracing secure, scalable BYOD with Sencha and Centrify
Sumana Mehta
 
PPTX
Security Testing In The Secured World
Jennifer Mary
 
PDF
Practical Enterprise Security Architecture
Priyanka Aash
 
DOCX
Project Quality-SIPOCSelect a process of your choice and creat.docx
wkyra78
 
PDF
Cloud security monitoring
Gabe Akisanmi
 
DOCX
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
WilheminaRossi174
 
PDF
2019 10-app gate sdp 101 09a
Cristian Garcia G.
 
BeyondCorp and Zero Trust
Ivan Dwyer
 
BeyondCorp and Zero Trust
Ivan Dwyer
 
How Zero Trust Changes Identity & Access
Ivan Dwyer
 
BeyondCorp: Closing the Adherence Gap
Ivan Dwyer
 
BeyondCorp New York Meetup: Closing the Adherence Gap
Ivan Dwyer
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern
 
Authentication_Best_Practices_WP(EN)_web
SafeNet
 
GDPR Part 3: Practical Quest
Adrian Dumitrescu
 
Zero Trust Model
Yash
 
BeyondCorp Seattle Meetup: Closing the Adherence Gap
Ivan Dwyer
 
CCSK.pptx
sukhpreetsingh295239
 
BeyondCorp Boston Meetup: Closing the Adherence Gap
Ivan Dwyer
 
BeyondCorp SF Meetup: Closing the Adherence Gap
Ivan Dwyer
 
Embracing secure, scalable BYOD with Sencha and Centrify
Sumana Mehta
 
Security Testing In The Secured World
Jennifer Mary
 
Practical Enterprise Security Architecture
Priyanka Aash
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
wkyra78
 
Cloud security monitoring
Gabe Akisanmi
 
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
WilheminaRossi174
 
2019 10-app gate sdp 101 09a
Cristian Garcia G.
 
Ad

More from Ivan Dwyer (7)

PDF
BeyondCorp Austin Meetup: BeyondCorp Myths Busted
Ivan Dwyer
 
PDF
BeyondCorp Myths: Busted
Ivan Dwyer
 
PDF
Achieving a Serverless Development Experience
Ivan Dwyer
 
PDF
Navigating the Cloud Foundry Ecosystem of Ecosystems: An ISV Perspective
Ivan Dwyer
 
PDF
API Strategy Austin - App-centric vs Job-centric Microservices
Ivan Dwyer
 
PDF
Internet of Things: Patterns For Building Real World Applications
Ivan Dwyer
 
PDF
Handling Asynchronous Workloads With OpenShift and Iron.io
Ivan Dwyer
 
BeyondCorp Austin Meetup: BeyondCorp Myths Busted
Ivan Dwyer
 
BeyondCorp Myths: Busted
Ivan Dwyer
 
Achieving a Serverless Development Experience
Ivan Dwyer
 
Navigating the Cloud Foundry Ecosystem of Ecosystems: An ISV Perspective
Ivan Dwyer
 
API Strategy Austin - App-centric vs Job-centric Microservices
Ivan Dwyer
 
Internet of Things: Patterns For Building Real World Applications
Ivan Dwyer
 
Handling Asynchronous Workloads With OpenShift and Iron.io
Ivan Dwyer
 

Recently uploaded (20)

PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Teaching material agriculture food technology
LiaRayya
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 

BeyondCorp - Google Security for Everyone Else

  • 1. BeyondCorp: Google Security For Everyone Else Rocky Mountain InfoSec - May 10th 2017 Ivan Dwyer | @fortyfivan
  • 2. The BeyondCorp story begins with Operation Aurora
  • 3. Operation Aurora ➔ In 2009, a highly sophisticated APT originating from China targeted a number of large US-based Enterprises, including Google, with the goal of accessing source code repositories ➔ The typical fear-driven response by most companies affected was to beef up their network perimeter security by adding more firewalls and VPNs ➔ Google recognized that these traditional methods were no longer effective on their own, and began a new initiative to redesign their security architecture from the ground up
  • 4. The network perimeter is not an effective way to determine trust
  • 5. Problems with the Perimeter ➔ The modern organization is no longer confined to the walls of the office - more employees are remote, systems are running in the cloud, and business apps are SaaS-based ➔ Common network segmentation tools such as the VPN don’t provide any visibility into traffic, and don’t factor in context when authenticating and authorizing requests ➔ Privileged access is backed by static credentials that can be easily lost, stolen or misused - effectively handing over the keys to the kingdom to anyone in possession
  • 6. Google got it right with BeyondCorp
  • 7. Core Principles 1 Connecting from a particular network must not determine which services you can access 2 Access to services is granted based on what we know about you and your device 3 All access to services must be authenticated, authorized, and encrypted Mission: To have every Google employee work successfully from untrusted networks without the use of a VPN
  • 8. The BeyondCorp Papers BeyondCorp: A New Approach to Enterprise Security Dec 2014 BeyondCorp: Design to Deployment at Google Spring 2016 BeyondCorp: The Access Proxy Winter 2016 Download at www.beyondcorp.com
  • 10. The Major Components Device Inventory Service A system that continuously collects and processes the attributes and state of known devices. Trust Inferer A system that continuously analyzes device attributes and state to determine its maximum trust tier. Access Policies A programmatic representation of the resources, trust tiers, and other rules that must be satisfied. Access Control Engine A centralized policy enforcement service that makes authorization decisions in real time. Access Proxy A reverse proxy service placed in front of every resource that handles the requests. Resources The applications, services, and infrastructure that are subject to access control by the system.
  • 11. A Typical User Workflow Access Proxy IdP User request to resource flows through access proxy User is authenticated against the IdP via an SSO service SSO User and device are authorized against the Access Policies A one-time credential is issued for the device to access the resource 1 2 3 4
  • 12. The Decision Making Process Device Inventory Attributes State Trust Tier Access Control Engine Access Proxy Access Policy Trust Tier Trust Inferer
  • 13. The Access Policy Language Global Rules Service-Specific Rules Coarse-grained rules that affect all services and resources “Devices at a low tier are not allowed to submit source code.” Specific to each service or hostname; usually involve assertions about the user. “Vendors in group G are allowed access to Web application A.”
  • 14. The Outcome for Google ➔ Google eliminated any dependency on network segmentation and VPNs ➔ Employees are able to seamlessly access company resources from any location ➔ Google has better visibility into their employee activity, and can better protect their sensitive resources
  • 15. Waymo vs Uber Case Example ➔ Google has accused a former employee of stealing proprietary technology documents ➔ In a deposition, they claim to have evidence as to all his activity on the company network ➔ The BeyondCorp architecture is a key reason they were able to collect such strong evidence
  • 16. Zero Trust Enables BeyondCorp for Everyone Else
  • 17. Why Zero Trust Matters 1 Better definition of Corporate Identity that aligns with how employees operate today 2 Access decision making is done with the right contextual information 3 Access controls are centralized with better visibility into employee activity 4 The enforced security measures encourage better corporate security posture 5 The network no longer determines trust, eliminating common attack vectors
  • 18. Zero Trust introduces a new definition of Corporate Identity
  • 19. Corporate Identity Redefined Is the user in good standing with the company? Does the user belong to the Engineering org? Is the user on Team A working on feature X? ... Is the device in inventory? Is the device’s disk encrypted? Is the device’s OS up to date? ... Corporate Identity = You + Your Device at a Point in Time
  • 20. Decision making is done with the right contextual information
  • 21. Revitalizing the AAA Framework +1 Authentication Authorization Auditing Alerting The new definition of Identity provides a better view of the requestor Access decisions are made in real time based on dynamic conditions Activity and traffic are inspected to identify patterns & anomalies Incorporate workflows to ensure requests are handled properly Follow the Corporate Identity through the lifecycle of the request
  • 22. Access controls are centralized with visibility into employee activity
  • 23. Centralized Access Gateway Access Gateway Safe MitM Consistent Logging Inherent Trust A reverse proxy in front of every resource handles every request A central point to log all traffic is better to analyze behavior Decouple access decision making from the resources themselves The Access Gateway should be globally distributed to avoid additional latency
  • 24. Enforced security measures encourage better corporate security posture
  • 25. Better Security Posture ➔ Keeping devices up-to-date with the latest software ➔ Maintaining an inventory of employee devices ➔ Monitoring all endpoints & logging all traffic ➔ Only communicating over fully encrypted channels ➔ Incorporating multi-factor auth ➔ Eliminating static credentials
  • 26. Eliminating static credentials solves for the most common attack vector
  • 27. Ephemeral Certificates ➔ A Certificate Authority issues single-use certificates to initiate a secure session ➔ Information about the user and connecting device can be injected into the certificate ➔ Each certificate is limited in scope and time, making it near impossible to hijack
  • 28. Achieving a Zero Trust Architecture
  • 29. Where to Start 1 Take an inventory of all employee devices - workstations, laptops, tablets, and phones 2 Take an inventory of all company resources to protect - apps, databases, servers, etc. 3 Take an inventory of all static credentials - shared passwords, ssh keys, etc. 4 Diagram your system architecture and inspect traffic logs to understand behavior 5 Start to collect device state metrics - is the OS up to date? Is the disk encrypted?
  • 30. Determining the Right Policy Framework ➔ User attributes ➔ Device attributes ➔ Location-based rules ➔ Time-based controls ➔ Groups and Roles ➔ Team federation ➔ Resource specific rules
  • 31. Trust Policy Models Trust Tiers Trust Scoring Trust Assertions User and device metrics are analyzed and placed in a tier which must match the minimum tier associated with the resource User and device metrics are compiled and granted a score which must match the minimum level associated with the resource User and device attributes and state are individually matched against an Access Policy where all assertions must be true Regardless of the model, Trust follows the principle of Least Privilege
  • 32. Example User Stories Behavioral patterns should influence policy definitions Alice, a release engineer, always uses ssh from her desktop to login to the build server during a release. What if a request from Alice to the build server comes from a laptop during a non-release time? Bob, who works in staffing, logs into the HR app from his office desktop every morning at 9AM. What if a request from Bob to a finance app comes from outside the office during the evening?
  • 33. Access Gateway Vendor Solutions The Access Gateway is the central component that ties the system together
  • 34. Companies Who Have Implemented Zero Trust
  • 35. Some Questions to Ask ➔ How will all the components integrate with each other? ➔ How to balance coarse-grained policies with fine-grained policies? ➔ What’s the best way to incorporate additional workflows for specific resources? ➔ What role does Identity Governance play? Can the IdP exist in the cloud? ➔ How to support legacy protocols and specifications consistently? Should you? ➔ How to track and monitor all the devices the employees use? ➔ How does this impact compliance? Where will it help?
  • 36. Potential Market Effects ➔ A new category of Cloud Native solution providers are emerging that are disrupting the legacy security companies who focus primarily on strengthening perimeter security ➔ Defined market categories such as IAM and PAM will converge into a single Access Management category that works across privileged and nonprivileged users ➔ The Identity Provider space is about to heat up as cloud-based alternatives to Active Directory start to break through into the enterprise market ➔ The VPN market is going to be significantly impacted as more companies shift towards a Zero Trust model that places less (or no) emphasis on network protection as a security measure
  • 37. Where ScaleFT Fits We help companies achieve their own Zero Trust security architecture Architecture Reviews Platform Implementations Community Development We work closely with companies to design the right Zero Trust architecture for the organization Our Access Management platform can be deployed in any cloud or on-prem environment We are leading the BeyondCorp movement, further educating the market about Zero Trust
  • 38. THANKS!! Get in touch: ivan.dwyer@scaleft.com | @fortyfivan www.scaleft.com www.beyondcorp.com