BeyondProd: The Origin of Cloud-Native Security at Google

Monday, January 27, 2020 - 2:00 pm2:30 pm

Maya Kaczorowski, Google

Abstract: 

Containers and microservices are increasingly being used to deploy applications, and with good reason, given their portability, simple scalability and lower management burden. In changing from an architecture based on monolithic applications to one using distributed microservices, known as a "cloud-native" architecture, there are changes not only to operations but also to security.

Where BeyondCorp states that user trust should be dependent on characteristics like the context-aware state of devices and not the ability to connect to the corp network, BeyondProd states that service trust should be dependent on characteristics like code provenance and service identity, not the location in the production network, such as IP or hostname identity.

Just like the security model evolved beyond the castle walls with BeyondCorp, BeyondProd proposes a cloud-native security architecture that assumes no trust between services, provides isolation between multi-tenant workloads, verifiable enforcement of what applications are deployed, automated vulnerability management, and strong access controls to critical data. These principles led Google to innovate several new systems in order to meet these requirements.

In this talk, we will cover what a cloud-native architecture is, and why it's different from a security point of view; design principles for security in a cloud-native world; how Google addressed these requirements and the internal tools used as part of this architecture; and how your organization might approach the same requirements. You'll come away with a better understanding of how to think about cloud-native security, and more capably decide what tools you might need to secure your infrastructure.

Maya Kaczorowski, Google

Maya is a Product Manager in Security & Privacy at Google, focused on container security. She previously worked on encryption at rest and encryption key management. Prior to Google, she was an Engagement Manager at McKinsey & Company, working in IT security for large enterprises, and before that, completed her Master's in mathematics focusing on cryptography and game theory. She is bilingual in English and French.

Outside of work, Maya is passionate about ice cream, making ice cream for friends at home, attending the Penn State Ice Cream Short Course in January 2014, and researching ice cream headaches. She also enjoys puzzling, running, and reading nonfiction.

BibTeX
@conference {244696,
author = {Maya Kaczorowski},
title = {BeyondProd: The Origin of Cloud-Native Security at Google},
year = {2020},
address = {San Francisco, CA},
publisher = {{USENIX} Association},
month = jan,
}