I had the honor of presenting about BeyondCorp and Zero Trust at the Portland ISSA meeting last week. It’s a topic that has come up amongst the members, and they wanted to hear more about what I’ve learned from speaking with those working on their own implementations. You can view the slides from my talk on Slideshare.
Overall, the talk was well received, and the feedback consistent with what I’ve heard from so many – clearly a better architecture than traditional perimeter-based security architectures, but is it feasible? I’ve always tried to answer that question with equal parts hope, encouragement, and honesty. Hope that we all see why BeyondCorp is the right model for the modern cloud; encouragement that you can get there yourself by learning from Google’s own experiences; honesty that there are some gaps to close with what’s out there today. Anecdotally, I can confidently say that I’ve seen and heard more positive data points from companies of all sizes making waves in their own BeyondCorp-like initiatives by taking things in stride. Our goal at ScaleFT is to make BeyondCorp as consumable as possible, by offering the core access management components as a service. If you haven’t already, take a tour of our platform.
I hinted at it in last week’s newsletter, and the announcement was made shortly after – we’re extending the BeyondCorp community in a number of ways to further the movement. First of all, we have new Meetup groups in NYC, Boston, and Seattle to complement SF and Austin. Second up is the BeyondCorp Everywhere program, where we support leaders in various regions across the globe to be local BeyondCorp Ambassadors. This is a great opportunity to get in early as a leader in a fast growing community. Regardless of your desired level of involvement, I highly encourage those with an inclination to participate to join the Meetups, apply to be an Ambassador, or just get in touch to learn more.
Here are a few additional things that caught my eye this past week.
BeyondCorp Outside of Google [ScaleFT Blog]
ScaleFT Co-Founder Robert Chiniquy breaks down all the major components of BeyondCorp to get to the heart of the question – how to practically get there if you’re not Google. It’s about understanding what you’re trying to accomplish, and learning from Google’s experiences. The first rule of BeyondCorp – you can do it, but not exactly like Google.
Why BYOD Authentication Struggles to be Secure [InfoSecurity Magazine]
The reality of BYOD across most organizations poses a number of challenges with regards to security. There’s the security posture of the device itself to consider, but in a BeyondCorp world, it’s more about ensuring the device is both authenticated and authorized. This means device state must be accessible at all times, requiring an inventory and/or monitoring solution of some kind.
osquery Across the Enterprise [Medium]
In terms of device state being accessible, I am hopeful for the future of osquery, an open source project out of Facebook. This extremely detailed and technical piece from Palantir discusses its use with Incident Response. Being able to “ask a question”, and get a reasonable response is critical to a timely response. We’re watching this project closely, and recommend others too as well.
NIST container security guidelines [CoreOS Blog]
The good folks over at CoreOS break down the recent NIST guidelines around container security. As it relates to BeyondCorp, software that can effectively stay up-to-date with the latest patches helps companies adhere to the security policies put in place. Anyone building cloud native applications should pay attention to the guide released by NIST, and the work CoreOS is doing in open source.
Mr. Robot and SSH [LinkedIn]
I still haven’t made it past Season 1, but here’s a good take on a recent episode of Mr Robot. The folks over at SSH Communications know a thing or two about SSH, and here they cover the dangers of a key remaining active despite being deactivated in Active Directory. A threat vector I reference often. Now it’s time for me to catch up on the series!
Gartner IAM Summit
Nov 28-30, 2017
Las Vegas, NV
Find ScaleFT at booth #106 to talk all things BeyondCorp and Zero Trust. We have some exciting new product features to demo!
re:Charge @ re:Invent
Nov 29th, 2017
Las Vegas, NV
We’re back at re:Invent this year, but decided to do something a bit different. We’re throwing a bloody mary & mimosa brunch to help people survive the crazy week. Be sure to RSVP!
That does it for this week. Check back this time next week for another set of relevant news, articles, and events. Cheers,
Ivan at ScaleFT