For those who have been following my blog series on How to Go Zero Trust, I’m pleased to announce that I’ve published the fifth and final piece - Migrating Resources Behind an Access Fabric. As you know from prior newsletters, we recently introduced the term Access Fabric at ScaleFT to represent the globally distributed processing engine that backs our Zero Trust platform. With access controls in place that are capable of performing real-time authentication, authorization, and encryption, the logical next step is to start migrating resources over to this new environment.
If you happened to see me or any other ScaleFT folks at Black Hat, you may have noticed our clever “No VPN” t-shirts. Partially an homage to the outcome of Google’s BeyondCorp, and partially meant to spark a reaction in a slightly controversial manner - which it did. I had some funny encounters, but the most common reaction to our t-shirts was, “hey, I thought VPNs were good?!”” This is where I would enter clarification mode and reply, “we’re talking about corporate VPNs.
Last week I descended on the city of Las Vegas like so many of my peers for the Black Hat conference. It was my first time attending, and I’d love to tell you I experienced all it had to offer and more, but I was strictly relegated to our 6’ x 6’ booth in the upstairs Innovation City. I only managed to catch the main expo hall roughly 15 minutes before closing time on a last minute swag run.
I’ve kept this newsletter relatively vendor neutral so as not to interfere with the broader message, but last week was a big one for us at ScaleFT, so I wanted to take a quick moment to point out what we’ve been working on as it relates to BeyondCorp. It’s been our goal to help companies achieve a BeyondCorp-inspired architecture of their own, and the release of our Access Fabric is an important step in that direction.
For those who have been following my blog series of how to go Zero Trust, I published part 3, which gets into creating the right access policy framework for your company. If you missed the prior posts, here is part 1 that covers the primary benefits, and part 2 that talks about the data you should be collecting ahead of time. Now if you’ve read any of the BeyondCorp research papers from Google, you’ll know that one of the biggest challenges they faced was formulating the right access policy framework that covered their range of employees, company resources and communication protocols.
As the 4th of July holiday hit this time last week, I opted out of sending a newsletter. I’m back in action today with another set of relevant articles to share. As mentioned from the prior issue, I’m in the midst of writing a blog series covering the steps a company should take on the path to their own Zero Trust architecture similar to Google’s BeyondCorp. The first post highlighted a few of the key benefits one takes away from going through this type of security transformation - How to Go Zero Trust: Part 1 - Why the Architecture Matters.
Shortly after sending out last week’s newsletter, Google published a blog post announcing the fourth research paper in the BeyondCorp series titled Migrating to BeyondCorp: Maintaining Productivity While Improving Security. As the title suggests, this paper covers the details of their rollout process - which is fascinating to say the least. At their level of scale, they went to great lengths to ensure there were no gaps in security, nor would the project hinder productivity.
It’s an exciting week for this newsletter because, after much anticipation, the O’Reilly book - Zero Trust Networks: Building Secure Systems in Untrusted Networks is now available. Written by two former engineers at PagerDuty, the book dives deep into practical advice for companies looking to adopt their own Zero Trust security architecture. As proponents of the model, we are excited to see the book hit the streets. ScaleFT is also pleased to be the exclusive provider of a free excerpt of the book.
Last week’s newsletter took a look at the 2017 Internet Trends report from Mary Meeker, and this week I’d like to share some thoughts on the 2017 State of DevOps report from the good folks at Puppet. Always insightful, the report dives into equal amounts of the technical automation and organizational behaviors needed to deliver software more effectively. Now in their sixth annual edition, this one leaned more towards the organizational requirements, indicating that the movement is becoming further engrained into a company’s culture.
Last week, Mary Meeker from Kleiner Perkins shared her always anticipated Internet Trends report for 2017. While mostly centered on consumer trends, she does dedicate a section to enterprise cloud adoption, with a focus on security. She makes a few key points along with her statistical findings. More enterprises are migrating workloads to the cloud, which should come as no surprise to anyone. With more apps means more things to secure, but she found that the primary concerns of the business are moving away from data security into compliance.