Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Any plans for articles covering the "device identity" and "device inventory database" components of BeyondCorp?

Slapping an proxy server to handle SSO/SAML in front of your web sites is the easy part.

I'm curious to hear how you're handling the devices -- especially if you're employees are remote.



This is a great question! I hoped this would get brought up, as it is very important. I decided against covering in this blog as I felt it was already fairly long, but the tldr is that I see two incremental ways with this setup to add authorization:

1. Cognito has something called "Adaptive Authentication" that will compute risk scores for each login based on IP, device info, etc. You can customize in the AWS console how risk-tolerant you want to be.

2. You can go the fully-managed approach, which is what we are implementing at Transcend now. The idea is that you'd use an MDM like Fleetsmith to install a TLS cert onto each managed device, and then validate that cert on each request in the auth portal. There are lots of cool ways (we use the Vanta agent) to verify that a users' device is "good" to authenticate with.

I'd like to write more about option 2, but I try to keep this blog posts as technology agnostic as I can, and my experience is fairly limited right now to Vanta + Fleetsmith




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: