Eric Chiang

Security Engineer

Retour à la liste des conférenciers et sessions

Eric Chiang Security Engineer, Google

Eric is an Engineer on Google’s Enterprise Infrastructure Protection team, where he builds systems to scale internal security processes. He’s previously worked on Linux fleet security at Google, upstream Kubernetes, and Cloud authentication systems.


Discussion: Detection & Response Block

This is a Q&A session. Moderators will take audience questions both remotely and on-site via sli.do.


Hosted panel discussion and Q&A.

Hosted panel discussion and Q&A.

Talk: The road to BeyondCorp is paved with good intentions

Talks will be streamed on YouTube and Twitch for free.


BeyondCorp is Google’s initial implementation of a zero trust architecture, which grants application access based on the user, device, and application. Despite all the excitement about zero trust architecture, there’s little concrete guidance (and a lot of vendor noise) on how to successfully implement one. In this talk, Maya and Eric will provide insight into BeyondCorp fundamentals, common misconceptions, and a roadmap for your organization to get to a zero trust architecture.

The Zero Trust mandate is nigh and with it, debates of industry readiness, product pitches, and the question as old as time: what is a BeyondCorp? Is it time to re-architect our infrastructure from the ground up or start buying the latest security tools?

BeyondCorp is Google’s initial implementation of a zero trust architecture, and is still the guiding star for many organizations. In a zero trust architecture, every request to access an application is a policy decision, based on the user, device, and application. The BeyondCorp whitepapers explain what Google built, and some of the organizational challenges, but don’t lay out a step by step guide to getting there, or how you know you’re on the right track.

In this talk, Maya and Eric will fill in the gaps. They will provide insight into BeyondCorp fundamentals, including requirements for user identities, controls and measurements for devices across platforms, and how to construct access policies. Then, they’ll get into common misconceptions and what you might need to tackle as you continue your journey. You’ll come away with a roadmap for your organization to get to a mature zero trust architecture, and what the industry can do better to support zero trust principles.