We kicked off the BeyondCorp road show in SF last week with a fantastic turnout. A few regulars showed up, but it mostly new faces who were curious as to how the community is taking shape. It’s great to see the interest levels continue to rise as more people look to BeyondCorp as the right security architecture for the cloud.
To start the evening, Paul Querna, CTO and co-founder of ScaleFT, shared his off-the-record journey to BeyondCorp. As advertised, you really had to be there to get the full story, but the general theme was revisiting the poor experience that was forced upon him and team in the name of “security”. What looked good on paper didn’t work in practice, which only compounded his frustration. Parallel to the origins of BeyondCorp, Paul felt there had to be a better way than just bolstering the perimeter.
Paul’s story resonated with the audience, who all seemed to have their own complementary story. I must say that in the past year engaging with the community around BeyondCorp, there has been a lot of consistency with the pain points. There’s also a lot of agreement that BeyondCorp is the right model moving forward. What’s less obvious, however, is the path from experiencing the pain points to achieving the positive outcomes. I think a key reason for that is that the reference implementation we point to is Google. Looking at anything through the lens of Google can be daunting, but let’s not forget their own motivations for sharing their work – to make them look good. Of course they’re going to make BeyondCorp appear larger than life!
Remember that when deciding whether BeyondCorp is for you. It doesn’t necessarily have to be such a transformative shift, it’s about taking that first step. You can start small with a greenfield cloud app and go from there. We make it easy to try out with ScaleFT Web Access, which I walk through in this step-by-step tutorial.
I’m excited to continue the road show, and hear from more about your own BeyondCorp initiatives. Up next is Seattle, then on to Boston, New York, and Austin. If you’re in the area, I encourage you to come by and share your own experiences. The best way to get from pain points to solutions is to share our knowledge.
Here are a few additional things that caught my eye this past week.
88% of employees have no clue about their organization’s IT security policies [TechRepublic]
I always take vendor stats like this with a grain of salt, but this study reinforces my beliefs surrounding the Adherence Gap (from last week’s Meetup preso). Look, if only 12% of employees are aware of their company’s security policies, then those policies are fairly meaningless. It’s up to us to engineer solutions that automate the enforcement of policy within the workflows employees are used to.
The Future of Security Operations: Embracing the Machines [Securosis]
Speaking of automation, the good folks at Securosis have been publishing gems on their blog at an impressive rate. Here, Mike Rothman speaks to building trusted automation. Despite the headline, this speaks to the principles of Zero Trust because it’s about making smart decisions. Thorough and excellent advice as always.
Coercion – a problem larger than authentication [Medium]
Here’s an interesting article that stresses the distinction between identification and authentication in context of being a dissident. The industry’s continued effort to improve authentication shouldn’t be conflated with the mechanisms themselves.
BeyondCorpSEATTLE
Jan 24th
Black Bottle (map)
5:30-8 PM
BeyondCorpBOSTON
Feb 13th
Oficio (map)
5:30-7:30 PM
BeyondCorpNYC
Feb 15th
38 Parlor (map)
5:30-8 PM
BeyondCorpATX
Feb 28th
Uncle Julio’s (map)
5-8 PM
That does it for this week. Check back this time next week for another set of relevant news, articles, and events. Cheers,
Ivan at ScaleFT