BeyondCorp with Robert Sadowski
On this episode of the podcast, our old pal Mark Mirchandani is joined by special guest host Max Saltonstall to talk trust and security with fellow Googler Rob Sadowski. BeyondCorp is Google’s answer to allowing employees to use company networks on any device while outside the building in a way that is both secure and efficient. Users are authenticated per session and per device to give access only to the specific person, on the specific device, for the specific job each time. In addition to the thorough authentication process, BeyondCorp continues to monitor device metadata during use as part of the system’s decision to continue to trust (or not trust) a user. With this information, if a user accidentally exposes the system to malware, for example, access can be revoked quickly.
Max and Rob explain the steps Google went through to create such a state-of-the-art security program and give tips on how companies can build something similar. Codifying your employees’ needs and preferences, detailing the levels of trust you’ll allow, and thinking ahead about where in the world your employees will be when they access the system are some of their tips. Rob stresses how complicated the system was to build from scratch and emphasizes that with BeyondCorp Remote Access, companies don’t have to build a whole new system.
BeyondCorp Remote Access offers automatic scaling and world-wide points of presence for a fast user experience anywhere in the world. Companies can define access rules for each user, setting trust levels and parameters for who can access what parts of the network. Rob points out that this is a great solution, not only for employees who find themselves working from home due to the current global climate, but also for freelance or contract workers who only need access to parts of the internal system.