Services
Main menu

Services

Services & Competences
Digital Experience
Consulting & Academy
Engineering & Delivery
Cloud Native & DevOps
CX & Digital Commerce
Automation & AI
Services

Automation & AI

Automation & AI at the glance
genAI Consulting
Industries
Main menu

Industries

Industries Overview
Telecommunications
Financial Services
Public
Manufacturing
Media & Entertainment
Hidden Champions
About us
Main menu

About us

About us at the glance
Values & Culture
Philosophy
Sustainability & CSR
Insights
Main menu

Insights

Insights Overview
Blog
Insights

Blog

Blog at the glance
2024
Blog

2024

AOE at Container Days Conference 2024 in Hamburg
AOE is a Certified Kubernetes Service Provider
Go, Development Frameworks & Flamingo #3: Introduction to Flamingo
Happy Birthday, AOE!
Go, Development Frameworks & Flamingo #2: Pros and Cons of Development Frameworks
Go, Development Frameworks & Flamingo #1
The European Accessibility Act (EAA) 2025: A New Era of Inclusive Design
AOE Technology Radar Version #8 released
Checklist "Green IT - Practical application in the company"
Colorful Stripes for Schelmengraben Elementary School
Finnoscore study 2024: Retail banking is becoming increasingly accessible and free of media disruption
Unveiling the New AOE Tech Radar Tool version 4.0
Project managers and product owners: kind of the same thing, right?
Explaining the roles in agile software development – Backend Developer
Explaining the roles in agile software development – Frontend Developer
Launch AOE Careers: Beyond a typical career page
The future of content management
2023
Blog

2023

Explaining the roles in agile software development – Scrum Master
Explaining the roles in agile software development – Product Owner
Generative KI and Large Language Models (LLMs) – A Glimpse into the Future
AOE Technology Radar #7
Most family-friendly employer 2023
AOE in the intrinsify podcast
Cloudland talk: Container Vulnerability Management in Kubernetes
11 tips for a successful cloud migration
Zero Trust - the hard way
AOE Behind the Screens: Backend Developer Fabian
Future-proof IT security concept: What companies should know
AOE Technology Radar #6: What's new?
AOE Behind the Screens: Frontend Developer Klara
Cybersecurity trends: What's important in 2023?
Entscheiderfabrik: AOE, PLANFOX & PlanOrg with „Rethinking the digital patient journey“
DKMS registration: Why we participate
Articles
Events
Insights

Events

Events at the glance
IT-Tage Frankfurt
Container Days
AOE Summit
TechTalk Wiesbaden #3
BarCamp RheinMain
ANGA COM
TechTalk Wiesbaden
Cloudland
Marketing Club Mainz Wiesbaden at AOE
SEIBERT MEDIA OpenSpace with Friends
Fuck-up Night
DevOpsCon
Sustainable Future .digital
Girls'Day
Bare.ID: CSK Summit 2023
Usability Testessen
CSR Regio.Net Networking Workshop
TechTalk Wiesbaden
Press
Open Source
Tech Radar
Careers
Main menu

Careers

Jobs at AOE GmbH

Get in touch


We use HubSpot CRM to process and manage contact and information requests. Please accept the "Functional Cookies" and reload the page to load the contact form.

Insights /
Blog /
Cybersecurity
Insights / Blog / Cybersecurity

BeyondCorp: The secure framework for enterprise IT

May 06, 2020
Bastian IkeBastian IkeTechnical Director Cybersecurity

IT security when accessing corporate applications remotely is a topic that is becoming increasingly relevant for companies in a wide range of industries and sectors. At AOE, we’ve been relying on BeyondCorp in the OM³ infrastructure since 2017 – a decision which benefits developers, testers and customers. This article illustrates the advantages the security model offers.

BeyondCorp was developed in 2009 as Google’s Zero Trust Enterprise Security Framework. The idea behind it: Access controls are transferred from the network environment to individual users or devices. Location-independent access is therefore possible without the need for a conventional VPN. On the one hand, this means more security for both sides as well as providing basis for individual certificates such as PCI DSS, on the other hand, a higher degree of freedom for the users.

Overview: The Advantages

1. Secure remote access without VPN

IT security has always played a major role at AOE, especially with regard to access to terminals, networks and applications. Today, most of our applications run online; access is sometimes via our own terminals, from remote locations or from the customer’s premises. VPN enables remote access, but also carries risks:

  • Compatibility: Due to different protocols and network layers, it is possible that VPN is not supported by private smartphones or the customer's infrastructure.
  • Flexibility: Access via VPN is never comparable to on-site access.
  • Security: If a security breach occurs via a VPN client, such as the laptop of an employee working from home, attackers can potentially gain access to the entire network, including other network participants – a risk for both the company and the employees.
  • Trust Inference: Via VPN, trust is granted based on an (IP) address. The categories “Allow access” or “Deny access” cannot be specified in more detail. However, since many tools use HTTP as the transport protocol, there are better ways to authenticate users and authorize them based on procedures such as RBAC (Role Based Access Control).

At BeyondCorp, users are treated equally regardless of device, network or origin and are classified as untrusted by default. Enterprise administrators can set detailed access controls based on attributes such as user identity, device security status and IP address, for example, for web applications or APIs. Access to services must be authenticated, authorized and encrypted.

2. Simple authentication

To simplify authentication via BeyondCorp, we use protocols such as OpenID Connect:

  • As an established protocol based on HTTP, it is compatible with any browser, even on mobile end devices.
  • In conjunction with client certificates, it is easy to distinguish between work devices and private end devices so that additional identity information can be provided for the authenticated device.
  • Authentication is transparent and allows proxies to check, authorize or block any connection – and provide upstream identity information if required.
  • A single source of truth including two-factor authentication can be established for identity management. This makes credentials alone worthless – the risk of phishing attacks is reduced.

3. Gradual Migration

The modernization of the company IT involves a risk, because: A bad VPN is better than no access at all. Therefore, companies are right to ask themselves when the time is right for a transition – and how best to approach it. The advantage of BeyondCorp is that the model allows for gradual adaptation, so endpoint migration can be done in stages. At AOE we use a zero-config approach and automatically secure each application without the need for additional configuration. If an application needs more information or specific authentication rules, we can provide them according to the specifications.

4. No additional costs for new applications

No additional costs ensue for new applications. This means that BeyondCorp makes it possible to offer security as standard equipment rather than as a paid feature.

Tech

Go, Development Frameworks & Flamingo #3: Introduction to Flamingo

Discover AOE’s Open Source Framework Flamingo. This blog provides an introduction to its benefits and features for scalable, modular web development.

Tech

Go, Development Frameworks & Flamingo #2: Pros and Cons of Development Frameworks

Discover the pros and cons of development frameworks. Learn to balance efficiency, structure, and creativity in projects, with insights for all scales.

Tech

Go, Development Frameworks & Flamingo #1: The Language Choice: JUST GO FOR IT!

Discover the benefits of Golang! In Part 1 of our blog series, learn why Golang is ideal for modern web development and how it enables scalable, efficient applications. Just go for it!