BeyondCorp: Beyond “fortress” security presented at BSidesSanFrancisco 2017

by Neal Mueller,

Summary : Almost every company today uses some variation of the firewall, or “fortress,” model to enforce perimeter security. This model assumes that everything on the outside is dangerous, and everything in the inside is safe. It worked relatively well when most employees worked in facilities owned by the company, and primarily did their work on desktop and laptop computers.
Now, however, this model is outdated and ineffective. With mobile and cloud technologies transforming how companies work, the way they are secured has to change, too. Companies have to assume that their internal network is as vulnerable to danger as the public Internet, and build enterprise applications based on this assumption.
Google’s BeyondCorp presents a new model for this new paradigm. It dispenses with the privileged corporate network, instead granting access based on device and user credentials, regardless of physical location. The result is employees that can work from any network without needing a traditional VPN connection into the privileged network.
This presentation and discussion will focus on how BeyondCorp accomplishes this new model, and how it can best be applied by businesses.