This is the third in Wendy Nather’s blog series on BeyondCorp - all about setting up the access proxy policies. In this blog, she lists the different types of access policies to consider:

• Warning - strongly recommending or requiring action at some point in the future.
• Blocking - the heaviest of the policies, preventing access entirely.
• Logging - taking note of a condition or event.
• Mitigating - loosening or reversing the effects of another policy based on certain risk scenarios.
• Responding - taking short-term actions to react to a particular situation.

Each section is described in more detail in the blog, supported by screenshots of Duo’s policies. Give it a read and let us know what you think.