1 / 32

BeyondCorp: Google's Firewall-Free Corporate Security Perimeter

Discover how Google protects its corporate security perimeter without the use of traditional firewalls. Learn about the principles of BeyondCorp and the guidelines for implementing this innovative approach to network security.

timothymcguire
Download Presentation

BeyondCorp: Google's Firewall-Free Corporate Security Perimeter

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BeyondCorp - How Google Protects Its Corporate Security Perimeter without Firewalls Heather Adkins TECH-T11 Director of Security Google Rory Ward Site Reliability Engineering Manager Google

  2. Story time

  3. How your Enterprise is probably set up

  4. A convergence of issues

  5. Google’s realization ... WALLS DON’T DON’T WORK WALLS WORK

  6. A different approach

  7. BeyondCorp Principles ... #1 Connecting from a particular network must not determine which services you can access.

  8. BeyondCorp Principles ... #2 Access to services is granted based on what we know about you and your device.

  9. BeyondCorp Principles ... #3 All access to services must be authenticated, authorized and encrypted.

  10. Our Six Year Mission To have every Google employee work successfully from untrusted networks without use of a VPN.

  11. Implementing BeyondCorp How we did it and guidelines for how you can do it.

  12. High Level User Inventory Access Proxy Device Inventory Access Control Engine Single Sign On Trust Repository

  13. Get intimate with your Users • JobFunctionChanges User Inventory

  14. Get intimate with your Devices Device Inventory • Procurement • End of Life • Provisioning

  15. Build a Dynamic Trust Repository • DeviceInventory Trust Repository • DataSources

  16. Build and Enforce Access Policy User Inventory Device Inventory Access Control Engine • ServiceRequest Trust Repository

  17. Enable Access from anywhere Access Proxy Access Control Engine Single Sign On

  18. Migrating to BeyondCorp How we did it and guidelines for how you can do it.

  19. Migrating to BeyondCorp

  20. Deploy an Unprivileged Network

  21. Analyse our Traffic

  22. Safely Migrate Devices

  23. Outreach Telling the broader community about BeyondCorp

  24. BeyondCorp described to the Industry

  25. Lessons Learned What six years has taught us

  26. Lessons Learned • Get, and retain, executive support.

  27. Lessons Learned • Data Quality is key.

  28. Lessons Learned • Enable Painless Migration.

  29. Lessons Learned • Clear User Communications.

  30. Lessons Learned • Run Highly Reliable Systems.

  31. Applying BeyondCorp • Have zero trust in your network. • Base all access decisions on what you know about the user and their device. • Migrate carefully so as not to break existing users.

  32. Questions and Answers ...

More Related