API World 2018 has ended
Back To Schedule
Wednesday, September 12 • 2:00pm - 2:50pm
PRO TALK: Securing API using Google’s BeyondCorp Model

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Due to the advent of mobile and cloud technologies, customers and remote workforce are accessing applications across the perimeter of the enterprise. This is stretching the conventional perimeter security with additional attack vectors. Once firewall is breached, the attacker may acquire unlimited access. To deal with the new paradigm, Google implemented a new enterprise security model called BeyondCorp. The central tenets of BeyondCorp are: 1) Entitlements of a service are granted based on the identity of the user and device. 2) Internet and intranet are equally untrusted networks. 3) Access to services must be encrypted. API gateways currently use OAuth2 to validate clients’ entitlement. Using BeyondCorp model, API security is extended to the tuple of user, device and roles. This talk covers how to implement high performance BeyondCorp model in API gateway. It will also discusses required backend components such as; authentication including single sign on (SSO), device inventory, RBAC/ ABAC service, audit and alert services. RBAC and ABAC matrix can be complicated when a large number of APIs, users and devices are considered. This talk provides guidance on how to make it easy for administrators to create this matrix. Finally, it discusses a plan for gradual migration to BeyondCorp

avatar for Anil Sharma

Anil Sharma

President & CEO, Trillo Inc.
Anil is CEO and founder of Trillo. Trillo is a full stack, low-code, visual and secure platform for building applications. Trillo is based on model-driven and serverless principles. Prior to Trillo, Anil was co-founder of two more platform and middleware companies. He is passionate... Read More →

Wednesday September 12, 2018 2:00pm - 2:50pm PDT
Workshop Room 2