Training: 8–9 November 2016
Tutorials & Conference: 9–11 November 2016
Amsterdam, NL

Beyond Corp: Lessons learned from five years of endpoint attestation

Hunter King (Google), August Huber (Google)
13:15–13:55 Thursday, 10 November, 2016
Security in context (security datasci)
Location: G104/105 Level: Intermediate
Average rating: ****.
(4.33, 3 ratings)

Prerequisite knowledge

  • A basic understanding of authentication and firewall concepts

What you'll learn

  • Learn tips and tricks for implementing a large-scale endpoint attestation solution

Description

An increasingly mobile workforce and the ubiquity of attacks on client platforms limit the effectiveness of the traditional corporate network perimeter-security model. Beyond Corp is a broad effort to rearchitect the delivery of Google corporate computing services, removing privileges granted solely on the basis of network address. The underlying architecture relies on a model of machine identity, authentication, and state-aware authorization to provide differential to services. Hunter King and August Huber explain how Beyond Corp implements machine identity at scale in a heterogeneous environment and discuss the background of their work, their general approach, challenges encountered, and future directions.

Photo of Hunter King

Hunter King

Google

Hunter King is an engineer on the Security Operations team at Google. Currently, he focuses on endpoint integrity and identity. Hunter has also been a lead engineer in the Beyond Corp effort for the last five years. He is responsible for hardening client machines against external threats, programmatically detecting machine security posture, and providing internal security consulting. Prior to Google, he was a security researcher at SecureWorks. He enjoys hiking, tinkering, and making lights blink. Hunter holds a bachelor’s degree in computer science from Colgate University.

Photo of August  Huber

August Huber

Google

August Huber is an engineer on the Security team at Google. August has worked on a diverse set of assignments across Alphabet; currently, he focuses on endpoint integrity and identity.