Enigma 2020 has ended
Back To Schedule
Monday, January 27 • 2:00pm - 2:30pm
BeyondProd: The Origin of Cloud-Native Security at Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Containers and microservices are increasingly being used to deploy applications, and with good reason, given their portability, simple scalability and lower management burden. In changing from an architecture based on monolithic applications to one using distributed microservices, known as a "cloud-native" architecture, there are changes not only to operations but also to security.

Where BeyondCorp states that user trust should be dependent on characteristics like the context-aware state of devices and not the ability to connect to the corp network, BeyondProd states that service trust should be dependent on characteristics like code provenance and service identity, not the location in the production network, such as IP or hostname identity.

Just like the security model evolved beyond the castle walls with BeyondCorp, BeyondProd proposes a cloud-native security architecture that assumes no trust between services, provides isolation between multi-tenant workloads, verifiable enforcement of what applications are deployed, automated vulnerability management, and strong access controls to critical data. These principles led Google to innovate several new systems in order to meet these requirements.

In this talk, we will cover what a cloud-native architecture is, and why it's different from a security point of view; design principles for security in a cloud-native world; how Google addressed these requirements and the internal tools used as part of this architecture; and how your organization might approach the same requirements. You'll come away with a better understanding of how to think about cloud-native security, and more capably decide what tools you might need to secure your infrastructure.


Brandon Baker

Brandon Baker is Tech Lead for Cloud Security at Google, where he is responsible for security strategy and technical direction for the Google Cloud Platform. Brandon started the Cloud Security team at Google in 2010, building core security features to protect Google's Cloud users... Read More →

Monday January 27, 2020 2:00pm - 2:30pm PST
Grand Ballroom