An increasingly mobile workforce and the ubiquity of attacks on client platforms limit the effectiveness of the traditional corporate network perimeter-security model. Beyond Corp is a broad effort to rearchitect the delivery of Google corporate computing services, removing privileges granted solely on the basis of network address. The underlying architecture relies on a model of machine identity, authentication, and state-aware authorization to provide differential to services. Hunter King and August Huber explain how Beyond Corp implements machine identity at scale in a heterogeneous environment and discuss the background of their work, their general approach, challenges encountered, and future directions.
Hunter King is an engineer on the Security Operations team at Google. Currently, he focuses on endpoint integrity and identity. Hunter has also been a lead engineer in the Beyond Corp effort for the last five years. He is responsible for hardening client machines against external threats, programmatically detecting machine security posture, and providing internal security consulting. Prior to Google, he was a security researcher at SecureWorks. He enjoys hiking, tinkering, and making lights blink. Hunter holds a bachelor’s degree in computer science from Colgate University.
August Huber is an engineer on the Security team at Google. August has worked on a diverse set of assignments across Alphabet; currently, he focuses on endpoint integrity and identity.
©2016, O’Reilly UK Ltd • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org