All Articles

Google's BeyondCorp - Components & Architecture (A Quick Summary)

Posted by pritha on June 23, 2017 at 10:26am

Components of Google BeyondCorp

Device & Hosts

  • Device : Collection of physical & virtual components that act as computer. Eg. PC, Server, VMs
  • Host : Snapshot of a device state at a given point of time. Eg. Device might be a mobile phone, while a host would be specifics of operating system and software running on the device.

Device Inventory Service

  • Contains information on devices, hosts and their trust decisions
  • Continuously updated pipeline that imports data from a broad range of sources

    • System management source : Active directory, Puppet, Simian

    • On-device agents, CMS, Corporate Asset Management

    • Out-of-band-data source: vulnerability scanners, certificate authorities, network infrastructure elements (eg. ARP tables)

    • Full or incremental data set

    • Google's scale : Initial phases ingested billions of deltas from 15+ data sources at 3 million data per day totalling to 80 Terabytes

    • Retaining historical data allowed Google to understand end-to-end life cycle of a device, track & analyze trends, perform security audits & forensic analysis

Tiered Access

  • Trust levels are organised into tiers and assigned to each device by the trust inferer

  • Each resource is associated with minimum trust tier required for access

  • To get access, each device's trust tier assignment must be >= resource's trust tier

  • Trust inferer also supports network segmentation effort by dynamically assigning VLAN based on device state

    • Eg. A device without adequate OS patch level becomes untrustworthy and hence assigned to a quarantine network

>> Check full details of Google's BeyondCorp Architecture & Components in the presentation here by Arnab Chattopadhayay, Senior Director. It was earlier presented at SACON - International Security Architecture Conference.

Google's BeyondCorp Architecture (Image)

8669815664?profile=original

Architecture shown above includes:

  • Devices
    • cell installer
    • configuration mgmt agent
    • patch & inventory agent
  • Certificate authority
  • Configuration Mgmt Services
  • Patch Mgmt Services
  • Asset Mgmt
  • Directory Services
  • Network Infrastructure
  • Vulnerability Scanners
  • Inventory Service

Did you enjoy reading this? Great security minds from the world come together to present and conduct workshops at SACON - International Security Architecture Conference. Check out this year's session plan here

8669802070?profile=original

Interested to deliver a talk? Fill in Call For Speakers here

Views: 331
Tags: Components, ComponentsGoogleBeyondCorp, GoogleBeyondCorp, GoogleBeyondCorpArchitecture, SecurityArchitecture
Votes: 0
E-mail me when people leave their comments –
Follow
Posted by pritha

Community Head, CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

Read More

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

Jun 1, 2025 at 3:00am to Dec 31, 2025 at 3:00am
Virtual
  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

6 City Round Table On "New Guidelines & CISO Priorities for 2025" (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

Dec 1, 2025 at 3:00am to Dec 31, 2025 at 3:00am
India
  • Description:

    We are pleased to invite you to an exclusive roundtable series hosted by CISO Platform in partnership with FireCompass. The roundtable will focus on "New Guidelines & CISO Priorities for 2025"

    Date: December 1st - December 31st 2025

    Venue: Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata

    >> Register Here

  • Created by: Biswajit Banerjee

Fireside Chat With Sandro Bucchianeri (Group Chief Security Officer at National Australia Bank Ltd.)

Jan 10, 2026 from 4:30pm to 5:00pm
Online
  • Description:

    We’re excited to bring you an insightful fireside chat with Sandro Bucchianeri (Group Chief Security Officer at National Australia Bank Ltd.) and Erik Laird (Vice President - North America, FireCompass). 

    About Sandro:

    Sandro Bucchianeri is an award-winning global cybersecurity leader with over 25…

  • Created by: Biswajit Banerjee
  • Tags: ciso, sandro bucchianeri, nab