In part 1 of our white paper series, Duo’s Principal Security Strategist Wendy Nather explained the theory behind Google’s BeyondCorp security model - a new approach to enterprise security that mitigates the risks resulting from placing too much trust in the internal network.
In part 2, Moving Beyond the Perimeter: How to Implement the BeyondCorp Security Model, Wendy describes how you can build a new enterprise security model within your organization.
This new architecture focuses on securing what’s beyond the perimeter, including external applications, mobile endpoints and users.
At a high level, BeyondCorp combines validated users and validated endpoint devices with end-to-end encryption between the devices and resources they access. Plus, the model only allows users to access what’s necessary to do their jobs, a practice known as “least privilege.”
Learn more about BeyondCorp from Duo’s co-founders, CEO Dug Song and CTO Jon Oberheide:
Steps Toward New Enterprise Security
To implement this new framework, organizations should consider:
- Enrolling users and endpoints into inventories
- Identifying endpoints as “trusted” with digital certificates
- Enforcing access policies based on validated users and endpoints
Wendy describes each step in more detail, what you will need to complete them, practical caveats, and questions to ask along the way.
The Maturity Process With BeyondCorp
Building a new security model takes time. Duo’s white paper outlines the different stages of implementation and who can reach each stage:
- Early Maturity - Building the Inventories
- Mid-Stage Maturity - Core Deployment
- Peak Maturity - All the Users, Devices and the Apps
“BeyondCorp is not a silver bullet that will take care of all risks; it’s a way of increasing the security level of what used to be viewed as a “safe” environment.”
Making New Enterprise Security Easy to Attain
To make it easier for organizations to implement this new security model, Duo has packaged many of the components into a platform called Duo Beyond.
Our simplified security model includes:
- Device inventory
- Identification of trusted devices
- Access control engine
- Access proxy
- Single sign-on
- Multi-factor authentication (MFA)
Download Moving Beyond the Perimeter White Papers
Download part 1 - Moving Beyond the Perimeter: The Theory Behind Google’s BeyondCorp Security Model to get more detail on the theory behind BeyondCorp, the different components required, and an overview of the security architecture.
Download part 2 - Moving Beyond the Perimeter: How to Implement the BeyondCorp Security Model to find out how to implement the model, including how to inventory users and endpoints, deploy digital certificates, and create effective access policies.