BeyondCorp Weekly 3
Ivan Dwyer - January 17, 2017
It’s been a big week of security news at Google, first announcing a new project, Key Transparency, and then releasing a detailed white paper about their infrastructure security. I was in attendance during last year’s Google Cloud Next conference when Niels walked through the various layers of infrastructure security, so it’s nice to have it formalized in a document.
It’s clear that Google is serious about their security practices, and keen on promoting while selling application and cloud services to the enterprise in such a a highly competitive market. It’s no accident that Transparency is a key term for them (no pun intended), as they’re working extra hard to earn trust in the enterprise. Much of the content in the security whitepaper echoes what is in the BeyondCorp papers, and now we’re seeing how it’s tied to the business. Nice.
As our collective interest here is with the prospects of BeyondCorp outside of Google, I wrote a post last week on the topic, BeyondCorp is Security for the Cloud Native Organization. Feel free to share your feedback. , onto this week’s articles.
Network Security in the Cloud Age: Everything Changes [Securosis Blog]
Piggybacking on the theme of Cloud Native, Mike Rothman wrote a series of posts covering network security in the cloud, and how to deal with the changes. I recommend diving into the second and third posts as well.
Understanding the Benefits of Security Abstraction [Security Week]
Abstracting away the complexities of underlying systems is a key tenet of the cloud, but is it a good idea to do the same with security given how important it is? Avi Chesla explains how to put the pieces together to do so properly.
Avoiding Cybersecurity Solution Fatigue [isBuzzNews]
Another case to make for security abstraction is the sheer volume of solutions in front of us. Robert Huber shares five practical considerations before adding a new tool to the toolbox.
There is no WhatsApp ‘backdoor’ [Open Whisper Systems]
The top story of the week by far in terms of fierce comments was the Guardian report on WhatsApp’s encryption. Without adding any fuel to the fire, what the argument really boils down to is the security tradeoffs one is willing to make for usability.
Krebs’s Immutable Truths About Data Breaches [Krebs on Security]
Rounding it out is Brian Krebs’ gentle reminder we are never fully secure on the Internet. That doesn’t mean we give up securing our applications and data, of course, just that we need to stay fresh and factor in the potential threats you may face.
Upcoming Events
BeyondCorpSF Happy Hour
Tuesday, Jan 31
7PM - 10PM
District Oakland
827 Washington St
Oakland, CA 94607
That does it for this week. Check back this time next week for another set of relevant news, articles, and events. Cheers,
Ivan at ScaleFT
Ivan Dwyer
Ivan Dwyer is the VP of Product Marketing at ScaleFT, working with the community to raise awareness around BeyondCorp and Zero Trust for organizations of all kinds looking to modernize their security architecture.
