![beyondcorp for the rest ofus beyondcorp for the rest ofus](https://techcrunch.com/wp-content/uploads/2021/01/GettyImages-1230444599.jpg)
There's nothing really fancy or hard to understand here. But what does it look like in real life? Well, let's see what happens when I go to Transcend's internal codelabs site, where we have set up BeyondCorp authentication with our company's GSuite credentials: My goodness, BeyondCorp is filled with buzz words. This gave birth to BeyondCorp, a set of principles that Google has expanded on in a few whitepapers. What if all data flowing around their cloud (public or private) was encrypted? And what if they could move the permissions boundary from being at a network level (where anyone with a VPN can gain access) to a server level (where every single request could have it's own authentication requirements). They had a brilliant idea, one that they had already been working on for some time, but that could now solve their problem. Suddenly that plaintext data didn't seem like such a good idea, and Google became very angry. The NSA, under the MUSCULAR program, started physically capturing all data flowing between Google's data centers on their private fiber optic cables. Unfortunately, this assumption is no longer a valid one to make. The Google Cloud is in its own private network, so it should make sense that the data between servers could be in plaintext, right? At first glance, this picture doesn't show any serious flaw. The picture shows an NSA employees depiction of Google's architecture (heavily simplified). Then in 2013, during the Edward Snowden leaks to the Washington Post, this image from an NSA slide became public: Once you see how easy this is to implement, and how pleasant the user experience is, you'll never want to go back to using a VPN.
#Beyondcorp for the rest ofus code
The code here is easily tweakable to handle auth on your client's preview sites, to handle only allowing certain users access to certain sections of your sites, and many other complicated auth flows.
#Beyondcorp for the rest ofus how to
This codelab will show how to enable secure authentication on all your AWS frontends and backends without touching your application code. For decades, the industry standard was to set up a VPC that gave access to on-premise or cloud private networks that hosted the internal sites.īut now, there's a better way, VPN not required. Internal websites: Every company has them.