SlideShare una empresa de Scribd logo

BeyondCorp - Google Security for Everyone Else

Ivan Dwyer
Ivan Dwyer

Presentation given at the Rocky Mountain InfoSec Conference - May 10, 2017. Gives an overview of Google's BeyondCorp project, why Zero Trust is the right framework to follow, and how to get started at your own company. Learn more about BeyondCorp at: www.beyondcorp.com Learn more about ScaleFT at: www.scaleft.com

Tecnología
1 de 38
Descargar para leer sin conexión
BeyondCorp: Google Security For Everyone Else Rocky Mountain InfoSec - May 10th 2017 Ivan Dwyer | @fortyfivan
The BeyondCorp story begins with Operation Aurora
Operation Aurora ➔ In 2009, a highly sophisticated APT originating from China targeted a number of large US-based Enterprises, including Google, with the goal of accessing source code repositories ➔ The typical fear-driven response by most companies affected was to beef up their network perimeter security by adding more firewalls and VPNs ➔ Google recognized that these traditional methods were no longer effective on their own, and began a new initiative to redesign their security architecture from the ground up
The network perimeter is not an effective way to determine trust
Problems with the Perimeter ➔ The modern organization is no longer confined to the walls of the office - more employees are remote, systems are running in the cloud, and business apps are SaaS-based ➔ Common network segmentation tools such as the VPN don’t provide any visibility into traffic, and don’t factor in context when authenticating and authorizing requests ➔ Privileged access is backed by static credentials that can be easily lost, stolen or misused - effectively handing over the keys to the kingdom to anyone in possession
Google got it right with BeyondCorp
Core Principles 1 Connecting from a particular network must not determine which services you can access 2 Access to services is granted based on what we know about you and your device 3 All access to services must be authenticated, authorized, and encrypted Mission: To have every Google employee work successfully from untrusted networks without the use of a VPN
The BeyondCorp Papers BeyondCorp: A New Approach to Enterprise Security Dec 2014 BeyondCorp: Design to Deployment at Google Spring 2016 BeyondCorp: The Access Proxy Winter 2016 Download at www.beyondcorp.com
Google’s Reference Architecture
The Major Components Device Inventory Service A system that continuously collects and processes the attributes and state of known devices. Trust Inferer A system that continuously analyzes device attributes and state to determine its maximum trust tier. Access Policies A programmatic representation of the resources, trust tiers, and other rules that must be satisfied. Access Control Engine A centralized policy enforcement service that makes authorization decisions in real time. Access Proxy A reverse proxy service placed in front of every resource that handles the requests. Resources The applications, services, and infrastructure that are subject to access control by the system.
A Typical User Workflow Access Proxy IdP User request to resource flows through access proxy User is authenticated against the IdP via an SSO service SSO User and device are authorized against the Access Policies A one-time credential is issued for the device to access the resource 1 2 3 4
The Decision Making Process Device Inventory Attributes State Trust Tier Access Control Engine Access Proxy Access Policy Trust Tier Trust Inferer
The Access Policy Language Global Rules Service-Specific Rules Coarse-grained rules that affect all services and resources “Devices at a low tier are not allowed to submit source code.” Specific to each service or hostname; usually involve assertions about the user. “Vendors in group G are allowed access to Web application A.”
The Outcome for Google ➔ Google eliminated any dependency on network segmentation and VPNs ➔ Employees are able to seamlessly access company resources from any location ➔ Google has better visibility into their employee activity, and can better protect their sensitive resources
Waymo vs Uber Case Example ➔ Google has accused a former employee of stealing proprietary technology documents ➔ In a deposition, they claim to have evidence as to all his activity on the company network ➔ The BeyondCorp architecture is a key reason they were able to collect such strong evidence
Zero Trust Enables BeyondCorp for Everyone Else
Why Zero Trust Matters 1 Better definition of Corporate Identity that aligns with how employees operate today 2 Access decision making is done with the right contextual information 3 Access controls are centralized with better visibility into employee activity 4 The enforced security measures encourage better corporate security posture 5 The network no longer determines trust, eliminating common attack vectors
Zero Trust introduces a new definition of Corporate Identity
Corporate Identity Redefined Is the user in good standing with the company? Does the user belong to the Engineering org? Is the user on Team A working on feature X? ... Is the device in inventory? Is the device’s disk encrypted? Is the device’s OS up to date? ... Corporate Identity = You + Your Device at a Point in Time
Decision making is done with the right contextual information
Revitalizing the AAA Framework +1 Authentication Authorization Auditing Alerting The new definition of Identity provides a better view of the requestor Access decisions are made in real time based on dynamic conditions Activity and traffic are inspected to identify patterns & anomalies Incorporate workflows to ensure requests are handled properly Follow the Corporate Identity through the lifecycle of the request
Access controls are centralized with visibility into employee activity
Centralized Access Gateway Access Gateway Safe MitM Consistent Logging Inherent Trust A reverse proxy in front of every resource handles every request A central point to log all traffic is better to analyze behavior Decouple access decision making from the resources themselves The Access Gateway should be globally distributed to avoid additional latency
Enforced security measures encourage better corporate security posture
Better Security Posture ➔ Keeping devices up-to-date with the latest software ➔ Maintaining an inventory of employee devices ➔ Monitoring all endpoints & logging all traffic ➔ Only communicating over fully encrypted channels ➔ Incorporating multi-factor auth ➔ Eliminating static credentials
Eliminating static credentials solves for the most common attack vector
Ephemeral Certificates ➔ A Certificate Authority issues single-use certificates to initiate a secure session ➔ Information about the user and connecting device can be injected into the certificate ➔ Each certificate is limited in scope and time, making it near impossible to hijack
Achieving a Zero Trust Architecture
Where to Start 1 Take an inventory of all employee devices - workstations, laptops, tablets, and phones 2 Take an inventory of all company resources to protect - apps, databases, servers, etc. 3 Take an inventory of all static credentials - shared passwords, ssh keys, etc. 4 Diagram your system architecture and inspect traffic logs to understand behavior 5 Start to collect device state metrics - is the OS up to date? Is the disk encrypted?
Determining the Right Policy Framework ➔ User attributes ➔ Device attributes ➔ Location-based rules ➔ Time-based controls ➔ Groups and Roles ➔ Team federation ➔ Resource specific rules
Trust Policy Models Trust Tiers Trust Scoring Trust Assertions User and device metrics are analyzed and placed in a tier which must match the minimum tier associated with the resource User and device metrics are compiled and granted a score which must match the minimum level associated with the resource User and device attributes and state are individually matched against an Access Policy where all assertions must be true Regardless of the model, Trust follows the principle of Least Privilege
Example User Stories Behavioral patterns should influence policy definitions Alice, a release engineer, always uses ssh from her desktop to login to the build server during a release. What if a request from Alice to the build server comes from a laptop during a non-release time? Bob, who works in staffing, logs into the HR app from his office desktop every morning at 9AM. What if a request from Bob to a finance app comes from outside the office during the evening?
Access Gateway Vendor Solutions The Access Gateway is the central component that ties the system together
Companies Who Have Implemented Zero Trust
Some Questions to Ask ➔ How will all the components integrate with each other? ➔ How to balance coarse-grained policies with fine-grained policies? ➔ What’s the best way to incorporate additional workflows for specific resources? ➔ What role does Identity Governance play? Can the IdP exist in the cloud? ➔ How to support legacy protocols and specifications consistently? Should you? ➔ How to track and monitor all the devices the employees use? ➔ How does this impact compliance? Where will it help?
Potential Market Effects ➔ A new category of Cloud Native solution providers are emerging that are disrupting the legacy security companies who focus primarily on strengthening perimeter security ➔ Defined market categories such as IAM and PAM will converge into a single Access Management category that works across privileged and nonprivileged users ➔ The Identity Provider space is about to heat up as cloud-based alternatives to Active Directory start to break through into the enterprise market ➔ The VPN market is going to be significantly impacted as more companies shift towards a Zero Trust model that places less (or no) emphasis on network protection as a security measure
Where ScaleFT Fits We help companies achieve their own Zero Trust security architecture Architecture Reviews Platform Implementations Community Development We work closely with companies to design the right Zero Trust architecture for the organization Our Access Management platform can be deployed in any cloud or on-prem environment We are leading the BeyondCorp movement, further educating the market about Zero Trust
THANKS!! Get in touch: ivan.dwyer@scaleft.com | @fortyfivan www.scaleft.com www.beyondcorp.com

Recomendados

Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
SentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel AvivSentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel AvivNOAH Advisors
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Samrat Das
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 

Recomendados

Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
SentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel AvivSentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel AvivNOAH Advisors
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Samrat Das
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model PresentationGowdhaman Jothilingam
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Cloud security
Cloud securityCloud security
Cloud securityPurva Dublay
 
Introduction to Cloud Security
Introduction to Cloud SecurityIntroduction to Cloud Security
Introduction to Cloud SecurityLegal Services National Technology Assistance Project (LSNTAP)
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explainedrtp2009
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture AddWeb Solution Pvt. Ltd.
 
Forcepoint Corporate Presentation_Short.pptx
Forcepoint Corporate Presentation_Short.pptxForcepoint Corporate Presentation_Short.pptx
Forcepoint Corporate Presentation_Short.pptxcaesar92
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber worldAkash Sarode
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewDavid J Rosenthal
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecuritySounil Yu
 
BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero TrustIvan Dwyer
 
BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero TrustIvan Dwyer
 

Más contenido relacionado

La actualidad más candente

Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explainedrtp2009
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Forcepoint Corporate Presentation_Short.pptx
Forcepoint Corporate Presentation_Short.pptxForcepoint Corporate Presentation_Short.pptx
Forcepoint Corporate Presentation_Short.pptxcaesar92
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber worldAkash Sarode
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecuritySounil Yu
 

La actualidad más candente (20)

Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Cloud security
Cloud securityCloud security
Cloud security
 
Introduction to Cloud Security
Introduction to Cloud SecurityIntroduction to Cloud Security
Introduction to Cloud Security
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
Forcepoint Corporate Presentation_Short.pptx
Forcepoint Corporate Presentation_Short.pptxForcepoint Corporate Presentation_Short.pptx
Forcepoint Corporate Presentation_Short.pptx
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber world
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of Security
 

Similar a BeyondCorp - Google Security for Everyone Else

BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero TrustIvan Dwyer
 
BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero TrustIvan Dwyer
 
How Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & AccessHow Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & AccessIvan Dwyer
 
BeyondCorp: Closing the Adherence Gap
BeyondCorp: Closing the Adherence GapBeyondCorp: Closing the Adherence Gap
BeyondCorp: Closing the Adherence GapIvan Dwyer
 
BeyondCorp New York Meetup: Closing the Adherence Gap
BeyondCorp New York Meetup: Closing the Adherence GapBeyondCorp New York Meetup: Closing the Adherence Gap
BeyondCorp New York Meetup: Closing the Adherence GapIvan Dwyer
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 
GDPR Part 3: Practical Quest
GDPR Part 3: Practical QuestGDPR Part 3: Practical Quest
GDPR Part 3: Practical QuestAdrian Dumitrescu
 
BeyondCorp Seattle Meetup: Closing the Adherence Gap
BeyondCorp Seattle Meetup: Closing the Adherence GapBeyondCorp Seattle Meetup: Closing the Adherence Gap
BeyondCorp Seattle Meetup: Closing the Adherence GapIvan Dwyer
 
BeyondCorp Boston Meetup: Closing the Adherence Gap
BeyondCorp Boston Meetup: Closing the Adherence GapBeyondCorp Boston Meetup: Closing the Adherence Gap
BeyondCorp Boston Meetup: Closing the Adherence GapIvan Dwyer
 
BeyondCorp SF Meetup: Closing the Adherence Gap
BeyondCorp SF Meetup: Closing the Adherence GapBeyondCorp SF Meetup: Closing the Adherence Gap
BeyondCorp SF Meetup: Closing the Adherence GapIvan Dwyer
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
Security Testing In The Secured World
Security Testing In The Secured WorldSecurity Testing In The Secured World
Security Testing In The Secured WorldJennifer Mary
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Priyanka Aash
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
Cloud security monitoring
Cloud security monitoringCloud security monitoring
Cloud security monitoringGabe Akisanmi
 
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-WilheminaRossi174
 
SAP Application Access with Instasafe Zero Trust
SAP Application Access with Instasafe Zero TrustSAP Application Access with Instasafe Zero Trust
SAP Application Access with Instasafe Zero TrustInstaSafe Technologies
 

Similar a BeyondCorp - Google Security for Everyone Else (20)

BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero Trust
 
BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero Trust
 
How Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & AccessHow Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & Access
 
BeyondCorp: Closing the Adherence Gap
BeyondCorp: Closing the Adherence GapBeyondCorp: Closing the Adherence Gap
BeyondCorp: Closing the Adherence Gap
 
BeyondCorp New York Meetup: Closing the Adherence Gap
BeyondCorp New York Meetup: Closing the Adherence GapBeyondCorp New York Meetup: Closing the Adherence Gap
BeyondCorp New York Meetup: Closing the Adherence Gap
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_web
 
GDPR Part 3: Practical Quest
GDPR Part 3: Practical QuestGDPR Part 3: Practical Quest
GDPR Part 3: Practical Quest
 
BeyondCorp Seattle Meetup: Closing the Adherence Gap
BeyondCorp Seattle Meetup: Closing the Adherence GapBeyondCorp Seattle Meetup: Closing the Adherence Gap
BeyondCorp Seattle Meetup: Closing the Adherence Gap
 
CCSK.pptx
CCSK.pptxCCSK.pptx
CCSK.pptx
 
BeyondCorp Boston Meetup: Closing the Adherence Gap
BeyondCorp Boston Meetup: Closing the Adherence GapBeyondCorp Boston Meetup: Closing the Adherence Gap
BeyondCorp Boston Meetup: Closing the Adherence Gap
 
BeyondCorp SF Meetup: Closing the Adherence Gap
BeyondCorp SF Meetup: Closing the Adherence GapBeyondCorp SF Meetup: Closing the Adherence Gap
BeyondCorp SF Meetup: Closing the Adherence Gap
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
Security Testing In The Secured World
Security Testing In The Secured WorldSecurity Testing In The Secured World
Security Testing In The Secured World
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
Cloud security monitoring
Cloud security monitoringCloud security monitoring
Cloud security monitoring
 
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
 
2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a
 
SAP Application Access with Instasafe Zero Trust
SAP Application Access with Instasafe Zero TrustSAP Application Access with Instasafe Zero Trust
SAP Application Access with Instasafe Zero Trust
 

Más de Ivan Dwyer

BeyondCorp Austin Meetup: BeyondCorp Myths Busted
BeyondCorp Austin Meetup: BeyondCorp Myths BustedBeyondCorp Austin Meetup: BeyondCorp Myths Busted
BeyondCorp Austin Meetup: BeyondCorp Myths BustedIvan Dwyer
 
BeyondCorp Myths: Busted
BeyondCorp Myths: BustedBeyondCorp Myths: Busted
BeyondCorp Myths: BustedIvan Dwyer
 
Achieving a Serverless Development Experience
Achieving a Serverless Development ExperienceAchieving a Serverless Development Experience
Achieving a Serverless Development ExperienceIvan Dwyer
 
Navigating the Cloud Foundry Ecosystem of Ecosystems: An ISV Perspective
Navigating the Cloud Foundry Ecosystem of Ecosystems: An ISV PerspectiveNavigating the Cloud Foundry Ecosystem of Ecosystems: An ISV Perspective
Navigating the Cloud Foundry Ecosystem of Ecosystems: An ISV PerspectiveIvan Dwyer
 
API Strategy Austin - App-centric vs Job-centric Microservices
API Strategy Austin - App-centric vs Job-centric MicroservicesAPI Strategy Austin - App-centric vs Job-centric Microservices
API Strategy Austin - App-centric vs Job-centric MicroservicesIvan Dwyer
 
Internet of Things: Patterns For Building Real World Applications
Internet of Things: Patterns For Building Real World ApplicationsInternet of Things: Patterns For Building Real World Applications
Internet of Things: Patterns For Building Real World ApplicationsIvan Dwyer
 
Handling Asynchronous Workloads With OpenShift and Iron.io
Handling Asynchronous Workloads With OpenShift and Iron.ioHandling Asynchronous Workloads With OpenShift and Iron.io
Handling Asynchronous Workloads With OpenShift and Iron.ioIvan Dwyer
 

Más de Ivan Dwyer (7)

BeyondCorp Austin Meetup: BeyondCorp Myths Busted
BeyondCorp Austin Meetup: BeyondCorp Myths BustedBeyondCorp Austin Meetup: BeyondCorp Myths Busted
BeyondCorp Austin Meetup: BeyondCorp Myths Busted
 
BeyondCorp Myths: Busted
BeyondCorp Myths: BustedBeyondCorp Myths: Busted
BeyondCorp Myths: Busted
 
Achieving a Serverless Development Experience
Achieving a Serverless Development ExperienceAchieving a Serverless Development Experience
Achieving a Serverless Development Experience
 
Navigating the Cloud Foundry Ecosystem of Ecosystems: An ISV Perspective
Navigating the Cloud Foundry Ecosystem of Ecosystems: An ISV PerspectiveNavigating the Cloud Foundry Ecosystem of Ecosystems: An ISV Perspective
Navigating the Cloud Foundry Ecosystem of Ecosystems: An ISV Perspective
 
API Strategy Austin - App-centric vs Job-centric Microservices
API Strategy Austin - App-centric vs Job-centric MicroservicesAPI Strategy Austin - App-centric vs Job-centric Microservices
API Strategy Austin - App-centric vs Job-centric Microservices
 
Internet of Things: Patterns For Building Real World Applications
Internet of Things: Patterns For Building Real World ApplicationsInternet of Things: Patterns For Building Real World Applications
Internet of Things: Patterns For Building Real World Applications
 
Handling Asynchronous Workloads With OpenShift and Iron.io
Handling Asynchronous Workloads With OpenShift and Iron.ioHandling Asynchronous Workloads With OpenShift and Iron.io
Handling Asynchronous Workloads With OpenShift and Iron.io
 

Último

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Último (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

BeyondCorp - Google Security for Everyone Else

  • 1. BeyondCorp: Google Security For Everyone Else Rocky Mountain InfoSec - May 10th 2017 Ivan Dwyer | @fortyfivan
  • 2. The BeyondCorp story begins with Operation Aurora
  • 3. Operation Aurora ➔ In 2009, a highly sophisticated APT originating from China targeted a number of large US-based Enterprises, including Google, with the goal of accessing source code repositories ➔ The typical fear-driven response by most companies affected was to beef up their network perimeter security by adding more firewalls and VPNs ➔ Google recognized that these traditional methods were no longer effective on their own, and began a new initiative to redesign their security architecture from the ground up
  • 4. The network perimeter is not an effective way to determine trust
  • 5. Problems with the Perimeter ➔ The modern organization is no longer confined to the walls of the office - more employees are remote, systems are running in the cloud, and business apps are SaaS-based ➔ Common network segmentation tools such as the VPN don’t provide any visibility into traffic, and don’t factor in context when authenticating and authorizing requests ➔ Privileged access is backed by static credentials that can be easily lost, stolen or misused - effectively handing over the keys to the kingdom to anyone in possession
  • 6. Google got it right with BeyondCorp
  • 7. Core Principles 1 Connecting from a particular network must not determine which services you can access 2 Access to services is granted based on what we know about you and your device 3 All access to services must be authenticated, authorized, and encrypted Mission: To have every Google employee work successfully from untrusted networks without the use of a VPN
  • 8. The BeyondCorp Papers BeyondCorp: A New Approach to Enterprise Security Dec 2014 BeyondCorp: Design to Deployment at Google Spring 2016 BeyondCorp: The Access Proxy Winter 2016 Download at www.beyondcorp.com
  • 10. The Major Components Device Inventory Service A system that continuously collects and processes the attributes and state of known devices. Trust Inferer A system that continuously analyzes device attributes and state to determine its maximum trust tier. Access Policies A programmatic representation of the resources, trust tiers, and other rules that must be satisfied. Access Control Engine A centralized policy enforcement service that makes authorization decisions in real time. Access Proxy A reverse proxy service placed in front of every resource that handles the requests. Resources The applications, services, and infrastructure that are subject to access control by the system.
  • 11. A Typical User Workflow Access Proxy IdP User request to resource flows through access proxy User is authenticated against the IdP via an SSO service SSO User and device are authorized against the Access Policies A one-time credential is issued for the device to access the resource 1 2 3 4
  • 12. The Decision Making Process Device Inventory Attributes State Trust Tier Access Control Engine Access Proxy Access Policy Trust Tier Trust Inferer
  • 13. The Access Policy Language Global Rules Service-Specific Rules Coarse-grained rules that affect all services and resources “Devices at a low tier are not allowed to submit source code.” Specific to each service or hostname; usually involve assertions about the user. “Vendors in group G are allowed access to Web application A.”
  • 14. The Outcome for Google ➔ Google eliminated any dependency on network segmentation and VPNs ➔ Employees are able to seamlessly access company resources from any location ➔ Google has better visibility into their employee activity, and can better protect their sensitive resources
  • 15. Waymo vs Uber Case Example ➔ Google has accused a former employee of stealing proprietary technology documents ➔ In a deposition, they claim to have evidence as to all his activity on the company network ➔ The BeyondCorp architecture is a key reason they were able to collect such strong evidence
  • 16. Zero Trust Enables BeyondCorp for Everyone Else
  • 17. Why Zero Trust Matters 1 Better definition of Corporate Identity that aligns with how employees operate today 2 Access decision making is done with the right contextual information 3 Access controls are centralized with better visibility into employee activity 4 The enforced security measures encourage better corporate security posture 5 The network no longer determines trust, eliminating common attack vectors
  • 18. Zero Trust introduces a new definition of Corporate Identity
  • 19. Corporate Identity Redefined Is the user in good standing with the company? Does the user belong to the Engineering org? Is the user on Team A working on feature X? ... Is the device in inventory? Is the device’s disk encrypted? Is the device’s OS up to date? ... Corporate Identity = You + Your Device at a Point in Time
  • 20. Decision making is done with the right contextual information
  • 21. Revitalizing the AAA Framework +1 Authentication Authorization Auditing Alerting The new definition of Identity provides a better view of the requestor Access decisions are made in real time based on dynamic conditions Activity and traffic are inspected to identify patterns & anomalies Incorporate workflows to ensure requests are handled properly Follow the Corporate Identity through the lifecycle of the request
  • 22. Access controls are centralized with visibility into employee activity
  • 23. Centralized Access Gateway Access Gateway Safe MitM Consistent Logging Inherent Trust A reverse proxy in front of every resource handles every request A central point to log all traffic is better to analyze behavior Decouple access decision making from the resources themselves The Access Gateway should be globally distributed to avoid additional latency
  • 24. Enforced security measures encourage better corporate security posture
  • 25. Better Security Posture ➔ Keeping devices up-to-date with the latest software ➔ Maintaining an inventory of employee devices ➔ Monitoring all endpoints & logging all traffic ➔ Only communicating over fully encrypted channels ➔ Incorporating multi-factor auth ➔ Eliminating static credentials
  • 26. Eliminating static credentials solves for the most common attack vector
  • 27. Ephemeral Certificates ➔ A Certificate Authority issues single-use certificates to initiate a secure session ➔ Information about the user and connecting device can be injected into the certificate ➔ Each certificate is limited in scope and time, making it near impossible to hijack
  • 28. Achieving a Zero Trust Architecture
  • 29. Where to Start 1 Take an inventory of all employee devices - workstations, laptops, tablets, and phones 2 Take an inventory of all company resources to protect - apps, databases, servers, etc. 3 Take an inventory of all static credentials - shared passwords, ssh keys, etc. 4 Diagram your system architecture and inspect traffic logs to understand behavior 5 Start to collect device state metrics - is the OS up to date? Is the disk encrypted?
  • 30. Determining the Right Policy Framework ➔ User attributes ➔ Device attributes ➔ Location-based rules ➔ Time-based controls ➔ Groups and Roles ➔ Team federation ➔ Resource specific rules
  • 31. Trust Policy Models Trust Tiers Trust Scoring Trust Assertions User and device metrics are analyzed and placed in a tier which must match the minimum tier associated with the resource User and device metrics are compiled and granted a score which must match the minimum level associated with the resource User and device attributes and state are individually matched against an Access Policy where all assertions must be true Regardless of the model, Trust follows the principle of Least Privilege
  • 32. Example User Stories Behavioral patterns should influence policy definitions Alice, a release engineer, always uses ssh from her desktop to login to the build server during a release. What if a request from Alice to the build server comes from a laptop during a non-release time? Bob, who works in staffing, logs into the HR app from his office desktop every morning at 9AM. What if a request from Bob to a finance app comes from outside the office during the evening?
  • 33. Access Gateway Vendor Solutions The Access Gateway is the central component that ties the system together
  • 34. Companies Who Have Implemented Zero Trust
  • 35. Some Questions to Ask ➔ How will all the components integrate with each other? ➔ How to balance coarse-grained policies with fine-grained policies? ➔ What’s the best way to incorporate additional workflows for specific resources? ➔ What role does Identity Governance play? Can the IdP exist in the cloud? ➔ How to support legacy protocols and specifications consistently? Should you? ➔ How to track and monitor all the devices the employees use? ➔ How does this impact compliance? Where will it help?
  • 36. Potential Market Effects ➔ A new category of Cloud Native solution providers are emerging that are disrupting the legacy security companies who focus primarily on strengthening perimeter security ➔ Defined market categories such as IAM and PAM will converge into a single Access Management category that works across privileged and nonprivileged users ➔ The Identity Provider space is about to heat up as cloud-based alternatives to Active Directory start to break through into the enterprise market ➔ The VPN market is going to be significantly impacted as more companies shift towards a Zero Trust model that places less (or no) emphasis on network protection as a security measure
  • 37. Where ScaleFT Fits We help companies achieve their own Zero Trust security architecture Architecture Reviews Platform Implementations Community Development We work closely with companies to design the right Zero Trust architecture for the organization Our Access Management platform can be deployed in any cloud or on-prem environment We are leading the BeyondCorp movement, further educating the market about Zero Trust
  • 38. THANKS!! Get in touch: ivan.dwyer@scaleft.com | @fortyfivan www.scaleft.com www.beyondcorp.com