Google on BeyondCorp: Empowering employees with security for the cloud era

Similar documents
Mobility best practice. Tiered Access at Google

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

Google Identity Services for work

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Securing Office 365 with MobileIron

Secure wired and wireless networks with smart access control

Verizon Software Defined Perimeter (SDP).

ClientNet. Portal Admin Guide

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

WHITEPAPER. How to secure your Post-perimeter world

Alcatel-Lucent OmniVista Cirrus Simple, secure cloud-based network management as a service

Mobile Security Overview Rob Greer, VP Endpoint Management and Mobility Product Management Dave Cole, Sr. Director Consumer Mobile Product Management

PKI is Alive and Well: The Symantec Managed PKI Service

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

The Cisco HCM-F Administrative Interface

Phil Schwan Technical

Datasheet. Only Workspaces delivers the features users want and the control that IT needs.

SAS and F5 integration at F5 Networks. Updates for Version 11.6

905M 67% of the people who use a smartphone for work and 70% of people who use a tablet for work are choosing the devices themselves

Securing Containers Using a PNSC and a Cisco VSG

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

Introducing. Secure Access. for the Next Generation. Bram De Blander Sales Engineer

Securing Containers Using a PNSC and a Cisco VSG

Bill Wear. VirtualVault Product Manager. Internet Banking Case Study

Security. Bob Shantz Director of Infrastructure & Cloud Services Computer Guidance Corporation. All Rights Reserved.

SAP Security in a Hybrid World. Kiran Kola

M2M / IoT Security. Eurotech`s Everyware IoT Security Elements Overview. Robert Andres

Secure & Unified Identity

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

Welcome to the SafeNet Day! Prague 1st of October Insert Your Name Insert Your Title Insert Date

Alcatel-Lucent OmniVista Cirrus Simple, secure cloud-based network management as a service

Workspace ONE Chrome OS Platform Guide. VMware Workspace ONE UEM 1811

RHM Presentation. Maas 360 Mobile device management

Securing Your Most Sensitive Data

Windows ierīces Enterprise infrastruktūrā. Aris Dzērvāns Microsoft

SHA-1 to SHA-2. Migration Guide

Thomas Lippert Principal Product Manager. Sophos Mobile. Spring 2017

BIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0

W H IT E P A P E R. Salesforce Security for the IT Executive

Welcome to the. Migrating SQL Server Databases to Azure

VMware AirWatch Chrome OS Platform Guide Managing Chrome OS Devices with AirWatch

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

VMware AirWatch Chrome OS Platform Guide Managing Chrome OS Devices with AirWatch

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

Paperspace. Security Primer & Architecture Overview. Business Whitepaper. 20 Jay St. Suite 312 Brooklyn, NY 11201

Introduction to Device Trust Architecture

Data Center 3.0: Transforming the Data Center via the Network

Teradata and Protegrity High-Value Protection for High-Value Data

Comodo IT and Security Manager Software Version 5.4

SYMANTEC DATA CENTER SECURITY

Cisco Desktop Collaboration Experience DX650 Security Overview

The Device Has Left the Building

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

Windows Server Network Access Protection. Richard Chiu

Introduction. The Safe-T Solution

Fencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1

ARCHITECTURAL OVERVIEW REVISED 6 NOVEMBER 2018

Office 365: Modern Workplace

CIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products

VMware AirWatch: Directory and Certificate Authority

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Secure Access & SWIFT Customer Security Controls Framework

The next step in IT security after Snowden

AKAMAI CLOUD SECURITY SOLUTIONS

LinQ2FA. Helping You. Network. Direct Communication. Stay Fraud Free!

Certificate Enrollment for the Atlas Platform

Cloud Security Whitepaper

SECURE, CENTRALIZED, SIMPLE

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

Security, compliance and GDPR and Google Cloud

Q2 TLS 1.0 Disablement Frequently Asked Questions 12/4/17

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Comodo Dome Shield - Admin Guide

Security for the Cloud Era

MaaS360 Secure Productivity Suite

Why Security Fails in Federated Systems

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

How I Learned to Stop Worrying and Love the Internet of Things

How Microsoft s Enterprise Mobility Suite Provides helps with those challenges

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

CONFIGURING BASIC MACOS MANAGEMENT: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Yubico with Centrify for Mac - Deployment Guide

Managing BYOD Networks

The CISO s Guide to Deploying True Password-less Security. by Bojan Simic and Ed Amoroso

Peter Henry Andersen Cisco SE Ib Hansen Cisco SE Tech Update 04 Maj Cisco and/or its affiliates. All rights reserved.

Security by Default: Enabling Transformation Through Cyber Resilience

App Gateway Deployment Guide

Technical Brief Distributed Trusted Computing

Android Enterprise Device Management with ZENworks 2017 Update 2

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Security Automation Connecting Your Silos

PROTECT WORKLOADS IN THE HYBRID CLOUD

Why do customers buy G/On?

CIS Controls Measures and Metrics for Version 7

Quick Heal Mobile Device Management. Available on

Oracle Enterprise Manager Ops Center 12c Administration Ed 3

Securing the SMB Cloud Generation

The Future of Mobile Device Management

CAN MICROSOFT HELP MEET THE GDPR

Transcription:

SESSION ID: EXP-F02 Google on BeyondCorp: Empowering employees with security for the cloud era Jennifer Lin Director, Product Management, Security & Privacy Google Cloud

What is BeyondCorp? Enterprise security model based on 7+ years of building zero trust networks at Google Shifts access controls from the network perimeter to individual devices and users Allows employees to work more securely from any location without the need for a VPN Increasingly embraced by enterprises and mobile ecosystem 2

Enterprise IT has changed On-Prem resources Well-defined perimeter Network-based access controls Cloud-based resources Dynamic perimeter Intelligent access controls 3

User experience has changed Dynamic applications On any device 4

Access policy goals I want my application to be: Accessed only by financial employees From well-managed client devices In home country Using strong user authentication And proper transport encryption How do you do it? 5

User- and service-centric access controls Access Control How Cloud Identity Services Provision & Authenticate Users and Devices Where When Smart Access Proxies Context-aware policies VPC Service Zones 6

Chain of Trust Machine identity Binary authorization Data protection Identity + access management Machine Code Data Right code, running on the right machine, authorized by the right identity, accessing the right data at the right time 7

Trusted platform + granular policies Services and Apps User Device Automated Granular Policy Enforcement Platform with HW Root of Trust 8

Core principles of BeyondCorp 1 Access to services is granted based on what we know about you and your device 2 All access to services must be authenticated, authorized and encrypted 3 Enterprises define tiers to enforce access to applications 9

BeyondCorp software framework User inventory Access proxy Access control engine Device inventory Security policy Single sign on Trust repository 10

Securing the user: security keys Second factor designed specifically to defeat phishing Like smart card re-designed for web - One key for multiple sites & accounts - Simple UX: Insert & press button Google login uses open FIDO standard - Inter-domain privacy by design - FIDO support in Chrome today, other browsers coming soon... 11

Establishing device trust Asset tracking Certificates Device inventory Procurement End of life Provisioning 12

Securing the device Chrome & Android enterprise Devices Max protection and reduced risk with hardware security Firmware Verified Boot www.android.com/enterprise/recommended OS Secure from boot up to shutdown with privilege separation, sandboxing, encryption and auto updates Apps Server-side malware detection Browser Safe browsing and Sandboxing tabs 13

Productizing BeyondCorp Identity-aware proxy on Google Cloud Platform Add access controls to those applications on GCP based on an end-user s identity. Shift access controls from the network perimeter to identities and attributes. ERP Centralized, manageable layer where authorizations checks can be applied. Users IAP CRM IDENTITY 14

Whisper s BeyondCorp architecture Applications run in containers (GKE) Before VPN Tunnel Firewall Dashboarding Tools VPN Jenkins (Build tools) Used firewalls to protect access to internal employee applications VPNs were setup for end-user access Difficult to expose tools to the right employees After IAP Dashboarding Tools Jenkins (Build tools) Enabled IAP in front of applications in GKE Added user groups who can access the application 15

BeyondCorp papers An overview: A New Approach to Enterprise Security How Google did it: Design to Deployment at Google Google s front-end infrastructure: The Access Proxy Migrating to BeyondCorp: Maintaining Productivity While Improving Security The Human Element: The User Experience https://cloud.google.com/beyondcorp/ 16

Q&A

Thank you

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback