Blog

Articles and stories about BeyondCorp from the ScaleFT team

BeyondCorp Weekly 14

Ivan Dwyer - April 4, 2017



VPNs have been dominating the headlines lately, but for far different reasons than the outcome of BeyondCorp I often talk about here. On the contrary, in fact. With personal information seemingly up for grabs between governments and hackers, the average Internet user is wrought with concern. Many opportunists have used that fear to push personal VPN services. I’ll defer to Brian Krebs on whether or not it’s worth the effort. Like many, I do what I think will keep me generally safe online, with the acceptance that I will never be fully anonymous.

Enterprise Identity is an entirely different story, however. Companies should absolutely monitor employee behavior on the Internet. It’s often the lack of visibility that can lead to vulnerable and malicious situations. For most companies, allowing remote work means setting up a VPN, but they can be a black box, not providing you with the visibility you really need. This is a key reason why so many are looking towards Zero Trust.

Once again, BeyondCorp proves its value in this regard through the Waymo/Otto case, where Google can clearly point to employee misbehavior within the network. The evidence in this case is only through reactive means, however. The next step is for the system to be proactive enough to recognize something off and alert someone within the company. It may have been a different story entirely if Levandowski’s manager was sent an alert along the lines of “your employee is trying to download 14,000 sensitive documents. Would you like to allow this request?” Think about that.

Here are a few things that caught my eye this past week.


Reactive to Proactive: 7 Principles Of Intelligence-Driven Defense [DarkReading]

On the topic of being proactive, Saumil Shah took the stage at Black Hat Asia this week to share seven principles security teams should adopt for more intelligent defense. Visibility being a key enabler to capturing the data needed to make the system effective.

The Business of Security: How your Organization Is Changing beneath You [DarkReading]

Also from DarkReading, John Dickson explains the changing IT landscape, and how security must catch up. Interesting to note his take on the evolving worker – with employees and contractors working from various locations, it will be critical to manage who has access to what.

After 10 Years of Writing About Cloud Security, Concerns Haven’t Changed Much [IT Business Edge]

Interestingly enough, the rapidly changing landscape we feel every day hasn’t really changed what companies are concerned with at the end of the day. In a recent study, more than half of the respondents point to security as the greatest concern in adopting the cloud.

Cloud Complexity Leads to Chaotic Security Environments [InfoSecurity Magazine]

I guess much of that concern could be due to the environments themselves. AlienVault conducted a study, and found that with the complexity of cloud environments, a lack of visibility is a top concern for close to half of the respondents.

When security embraces agile, innovation happens [TechBeacon]

I’ve never been a strict agile practitioner, but can get behind the general concepts. While I hope the term DevSecOps goes away, incorporating security-as-a-service within the range of automated end-to-end workflows is one way to combat the complexities of cloud environments.


Upcoming Events

We’re heading to Austin this week for the InfoSec Southwest Conference. ScaleFT is a sponsor of the event, so come find us if you’ll be in attendance.


That does it for this week. Check back this time next week for another set of relevant news, articles, and events. Cheers,

Ivan at ScaleFT

@fortyfivan


Ivan Dwyer

Ivan Dwyer is the VP of Product Marketing at ScaleFT, working with the community to raise awareness around BeyondCorp and Zero Trust for organizations of all kinds looking to modernize their security architecture.

ScaleFT Zero Trust Access Management
Subscribe to the Newsletter

Subscribe to the BeyondCorp newsletter to get notifications about new posts by email.