When a highly sophisticated APT attack named Operation Aurora occurred in 2009, Google began to reimagine their security architecture through an initiative they called BeyondCorp. The primary goal was to improve their security with regard to how employees and devices access internal applications.
Unlike the traditional perimeter security model, BeyondCorp dispels the notion of network segmentation as the primary mechanism for keeping unwanted users out. Instead, all internal applications are deployed to the public Internet, only accessible through a carefully managed user and device-centric authentication model.
BeyondCorp isn't a product, project, or company – it's a set of guiding principles that spans the people, process, and technology within an organization. You don't have to be Google, or operate at Google scale, to benefit from the patterns behind BeyondCorp – you just have to be willing to move past legacy thinking.
Google threw out tradition and reimagined what a security framework should look like to be truly effective in today's world of distributed teams, systems, and applications.
By treating internal applications the same as if they were public facing, there is no longer the concept of a privileged network as the primary gatekeeper.
Every request is authenticated and authorized in real-time based on a set of dynamic conditions that account for the constant changes in user status and device state.
A reverse proxy is placed in front of every resource, where policies handle authentication and authorization in a consistent manner, fully audited for better visibility.
Google's architecture is made up of a number of coordinated components, which can be used as reference for any organization looking to move towards their own like-minded system.
A system that continuously collects, processes, and publishes changes about the state of known devices.
A system that continuously analyzes and annotates device state to determine the maximum trust tier for accessing resources.
The applications, services, and infrastructure that are subject to access control by the system.
A centralized policy enforcement service that provides authorization decisions in real time.
A programmatic representation of the resources, trust tiers, and other predicates that must be satisfied for successful auth.
SSH servers, web proxies, and 802.1x-enabled wireless networks that perform authorization actions.