Securing a BigQuery MCP Server With Descope & MCP Tunnels
Blog post from Descope
The narrative details the development and implementation of a secure internal BigQuery MCP server using Anthropic's MCP Tunnels and Descope's identity management, emphasizing the challenges and solutions in managing identity and access rather than the tools themselves. The setup allows Descope engineers to efficiently address customer inquiries about their MCP usage by querying data in real-time through a private server, without exposing sensitive information to the public internet. The process involves using an outbound-only tunnel to connect securely to the server, ensuring that customer data remains isolated and protected, while leveraging Descope's OAuth infrastructure to manage scoped permissions and user authentication. The article highlights the importance of maintaining security by allowing individual engineers to query data with their own access rights, thus providing real-time insights without compromising data integrity or security. This approach minimizes risk by avoiding shared service credentials and integrates seamlessly with existing identity systems like Google Workspace, ensuring that access is both granular and revocable.
| Trend | Post Mentions | Total Month Mentions | Posts | Companies | MoM |
|---|---|---|---|---|---|
| MCP | 44 | 726 | 75 | 54 | -89% |
| Platform Engineering | 4 | 89 | 24 | 17 | -94% |
| LLM | 1 | 804 | 153 | 68 | -87% |
| Real-time | 1 | 568 | 168 | 74 | -91% |
| Secrets Management | 1 | 181 | 40 | 32 | -93% |
Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.