NorthSec 2022 | The road to BeyondCorp is paved with good intentions with Eric Chiang
The Zero Trust mandate is nigh and with it, debates of industry readiness, product pitches, and the question as old as time: what is a BeyondCorp? Is it time to re-architect our infrastructure from the ground up or start buying the latest security tools?
BeyondCorp is Google’s initial implementation of a zero trust architecture, and is still the guiding star for many organizations. In a zero trust architecture, every request to access an application is a policy decision, based on the user, device, and application. The BeyondCorp whitepapers explain what Google built, and some of the organizational challenges, but don’t lay out a step by step guide to getting there, or how you know you’re on the right track.
In this talk, Maya and Eric will fill in the gaps. They will provide insight into BeyondCorp fundamentals, including requirements for user identities, controls and measurements for devices across platforms, and how to construct access policies. Then, they’ll get into common misconceptions and what you might need to tackle as you continue your journey. You’ll come away with a roadmap for your organization to get to a mature zero trust architecture, and what the industry can do better to support zero trust principles.