BeyondCorp Weekly 10
Ivan Dwyer - March 7, 2017
This week is the Google Cloud Next conference, which has grown in scope substantially since last year. While the focus is certainly centered on their cloud computing services, there may be some talk of BeyondCorp as they’ve continued to promote their security posture – internally and externally. They’ve hinted at commercializing components of the BeyondCorp architecture to drive enterprises to Google Cloud and G Suite during recent events, but to what degree remains to be seen.
For those in San Francisco this week, regardless if you are attending the conference, we are hosting another BeyondCorpSF Meetup on Thursday at 6:00 PM. We’ll be at the fabulous Heavybit Industries office on 9th and Folsom, and have a great lineup of speakers – SREs from PagerDuty and Stripe, and ahem myself. The event is open to all, but space is limited, so be sure to RSVP at the link below.
https://www.meetup.com/BeyondCorpSF/events/238062984/
Here are a few things that caught my eye this past week. As you can see, there is a common theme around insider risk.
What should an insider risk policy cover? [CSO Online]
With the continuous string of insider attacks making the news, companies are getting serious about mitigation. Ryan Francis spoke with some experts to share guidelines for creating an internal policy. In order to be effective, companies should take preventative measures, but also be able to quickly identify any causes in the case of a breach event.
Insider Threat Programs Miss the Human Side of the Problem [MeriTalk]
A policy is only useful if it works with the people. Monitoring and understanding user behavior will be critical in thwarting insider attacks. Google was successful with BeyondCorp because they approached the challenge from a people, process, and technology perspective.
10 ways to reduce insider BYOD threats [TechRepublic]
This should be fairly obvious advice to any security professional, but in the context of BeyondCorp, remember that Google mandated all devices be managed and inventoried. Not every company can/will do that, so it’s important to have BYOD policies in place.
Bad IAM Could Cost Organizations $5M per Year, Forrester Report Says [Solutions Review]
Blanket statements about a failing security industry always make me cringe, but the takeaway from this article is that the approach to IAM needs to change in the modern cloud era. This is because the perimeter is no longer effective, as clearly pointed out in the BeyondCorp papers.
Report: Only 2 in 3 Cyber Attacks Can Be Stopped with Current Defenses [DarkReading]
Each of the prior articles here lead up to this point – current defenses (including, but not limited to the perimeter), are simply no longer effective in mitigating the risks facing businesses today. The good news is that awareness is up, as well as investments in modern cloud solutions – key reasons why BeyondCorp and the Zero Trust model are attracting so much attention.
Upcoming Events
BeyondCorpSF Meetup During Google Cloud Next
Thursday Mar 9th
6:00 PM - 8:30 PM
Heavybit Industries
325 9th St
San Francisco, CA 94103
That does it for this week. Check back this time next week for another set of relevant news, articles, and events. Cheers,
Ivan at ScaleFT
Ivan Dwyer
Ivan Dwyer is the VP of Product Marketing at ScaleFT, working with the community to raise awareness around BeyondCorp and Zero Trust for organizations of all kinds looking to modernize their security architecture.
