BeyondCorp Weekly 23
Ivan Dwyer - June 13, 2017
Last week’s newsletter took a look at the 2017 Internet Trends report from Mary Meeker, and this week I’d like to share some thoughts on the 2017 State of DevOps report from the good folks at Puppet. Always insightful, the report dives into equal amounts of the technical automation and organizational behaviors needed to deliver software more effectively. Now in their sixth annual edition, this one leaned more towards the organizational requirements, indicating that the movement is becoming further engrained into a company’s culture.
BeyondCorp Weekly 22
Ivan Dwyer - June 6, 2017
Last week, Mary Meeker from Kleiner Perkins shared her always anticipated Internet Trends report for 2017. While mostly centered on consumer trends, she does dedicate a section to enterprise cloud adoption, with a focus on security. She makes a few key points along with her statistical findings. More enterprises are migrating workloads to the cloud, which should come as no surprise to anyone. With more apps means more things to secure, but she found that the primary concerns of the business are moving away from data security into compliance.
BeyondCorp Weekly 21
Ivan Dwyer - May 23, 2017
The aftermath of the WannaCry ransomware attack continued to dominate the headlines this past week, where the conversation ranged from who should be responsible to what can be done to stop future attacks. There were more than enough opinion pieces to get through, and I tend to favor the thoughtful analysis over the impulsive fear-mongering. A couple pieces I came across were of the former. Dennis Fisher of On the Wire points out that we expected something like this, but we’re really at the beginning of a trend as the attacks will only get better with each passing attempt.
BeyondCorp Weekly 20
Ivan Dwyer - May 16, 2017
Last week was the Rocky Mountain InfoSec Conference in Denver, where I gave a talk about BeyondCorp to a fully captivated audience – always a good feeling as a speaker. I wrote up a quick blog post about the event, with the slides from my presentation. Have a look: https://www.scaleft.com/blog/a-call-for-proactive-security-at-rocky-mountain-infosec-2017/ Now it goes without saying that the big story over the past week has been the WannaCry ransomware attack. As he often does, Troy Hunt gives a solid breakdown of what happened (in case you’ve been living under a rock).
BeyondCorp Weekly 19
Ivan Dwyer - May 9, 2017
Wheels up… I am in the air on my way to Denver for the Rocky Mountain InfoSec Conference. I’m giving a talk tomorrow from 2-3 PM titled BeyondCorp - Google Security For Everyone Else. I’ll share my presentation materials after the fact, but I first wanted to mention something that I thought of while preparing my slides - which I still have 27 hours to finish before going on stage… every minute counts!
BeyondCorp Weekly 18
Ivan Dwyer - May 3, 2017
I’m just returning from a few days at Disney World with my future in-laws from Brazil, and it was in a word - magical! (Yes, I have to say that if I want to keep my wedding plans in tact). It’s been nearly 30 years since my grandparents took me as a bright eyed child, and while the attractions had a familiar feel, the park experience was a whole new world.
BeyondCorp Weekly 17
Ivan Dwyer - April 25, 2017
One of the guiding principles of BeyondCorp is how access decisions are made based on dynamic user and device conditions as opposed to traditional network-based methods. Within Google, their own Trust Inferer system continuously collects employee device data, which is then processed to determine its Trust Tier. Through configurable Access Policies, each resource is assigned a minimum Trust Tier based on the sensitivity of the data. To be granted access to a resource, the device Trust Tier must meet that of the resource.
BeyondCorp Weekly 16
Ivan Dwyer - April 18, 2017
The Shadow Brokers leaks have certainly dominated the headlines, bringing out all the security researchers to investigate the scope of vulnerabilities – most notably the SWIFT network and a number of Windows 0-days. A good list of all the exploits is up on GitHub here. What still seems to be unclear, however, is when and how Microsoft was alerted to the numerous CVEs affecting their products given that they were able to patch the exploits a month before the leaks surfaced.
BeyondCorp Weekly 15
Ivan Dwyer - April 11, 2017
I’m just returning from Austin, where I attended the InfoSec Southwest Conference over the weekend. It was great to mingle with the local community, and to converse about corporate security architectures. While BeyondCorp was only known by a small percentage of attendees, the principles resonated well to the folks working in InfoSec teams. Generally speaking, architectural patterns such as Zero Trust sit with IT, so it will take some awareness campaigns to spread further.
BeyondCorp Weekly 14
Ivan Dwyer - April 4, 2017
VPNs have been dominating the headlines lately, but for far different reasons than the outcome of BeyondCorp I often talk about here. On the contrary, in fact. With personal information seemingly up for grabs between governments and hackers, the average Internet user is wrought with concern. Many opportunists have used that fear to push personal VPN services. I’ll defer to Brian Krebs on whether or not it’s worth the effort.
