BeyondCorps

This repository provides a short description of the BeyondCorp security model and resources for implementing this model at your organization.

Introduction

"BeyondCorp" is a Zero Trust¹ security framework initially created by Google. It challenges the idea of perimeter security in the form of network segmentation in order to separate "outsiders" from trusted employees.

The issue with perimeter security is that it assumes everyone inside the network is trused and everyone outside the network is not! This can be false in two aspects; you can have an intruder that has breached the perimeter and is untrusted, and you can have a trusted employee working from a coffee shop that is unable to access company resources.

The perimeter security model work effectively when all employees work exclusively in buildings owned by the enterprise, but doesn't work nearly as well when a workforce is mobile.

Unlike the traditional perimeter security model, BeyondCorp dispels the notion of network segmentation as the primary mechanism for protecting sensitive resources. Instead, all applications are deployed to the public Internet, accessible through a user and device-centric authentication and authorization workflow.

ScaleFT put together a website that has a more detailed explanation of the BeyondCorp model.

Implementation

While you could technically implement the BeyondCorp model on your own, the architecture requires you to build some non-trivial infrastructure (see image). This blog post by ScaleFT goes into some great deal on the components needed to build a BeyondCorp on your own.

 

https://github.com/noqcks/BeyondCorps

上一篇:Flutter GetX使用---简洁的魅力!,阿里技术专家深入讲解


下一篇:坦克大战简单版本