

BeyondCorp: A New Approach to Enterprise Security [pdf] - abetaha
http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/43231.pdf

======
mschuster91
What exactly considers a trustworthy device? This term is used frequently -
but not adequately defined.

Is it a corporate-issued device but fully manageable by the enduser (i.e.
rooted)? Is it a locked-down device where admin privileges are held only by
IT? How are devices like engineering laptops with requirements like "always
has fresh kernel" or "this engineer needs root privileges for software xyz"
handled? And how is integrity enforced, given that plugging in the HDD into a
computer and manipulating /etc/sudoers essentially roots a device?

