BeyondCorp Weekly 15
Ivan Dwyer - April 11, 2017
I’m just returning from Austin, where I attended the InfoSec Southwest Conference over the weekend. It was great to mingle with the local community, and to converse about corporate security architectures. While BeyondCorp was only known by a small percentage of attendees, the principles resonated well to the folks working in InfoSec teams. Generally speaking, architectural patterns such as Zero Trust sit with IT, so it will take some awareness campaigns to spread further. Employee productivity will attract the attention of the business, but for those working in InfoSec, a key benefit is better enforcement of individual security practices such as keeping devices up to date and encrypted.
The big news from last week was Okta’s debut on the public market, which sends positive signals to the entire security industry. With a strong first day showing, we’re witness to the beginning of a new category centered around the paradigm shift away from traditional perimeter-based models towards the cloud. ScaleFT CEO, Jason Luce, calls this category - Cloud Access Management.
Here are a few things that caught my eye this past week.
Why Your Security Products Are Inherently Insecure [DiscoPosse]
Despite any vendor pitch, security products by themselves don’t magically solve problems, they enable companies to incorporate better practices where the outcome can be better security. Architectural shifts such as Zero Trust impact the people, processes, and technology of an organization, and need to be complemented with careful implementation and internal education.
Researchers Warn That SIEMs Are Weak Link in Network Security Chain [ThreatPost]
A corporate architecture must be secured from end-to-end. SIEMs are valuable tools that deliver analysis and insight for internal purposes, however the data is just as valuable to an attacker who may be able to uncover weak points in the network. Whether you use a third party service or run internal services, lock down your logging, monitoring, and alerting tools.
The New Shadow IT: Custom Data Center Applications [DarkReading]
The rise of SaaS applications has also led to a rise in internal applications being deployed to the cloud. While business critical applications are the primary focus for migration efforts, internal applications are often overlooked, and pushed to the cloud without as much care for security reviews. Companies will need to make sure they don’t allow the ‘lift and shift’ of rogue applications to the cloud.
No Worries, We Have the Biggest FireWall. Oh Look, a Pretty Horse, Bring It Inside! [ITSP Magazine]
Now that’s a catchy headline! Believers of BeyondCorp and Zero Trust know that the perimeter has broken down, but there’s still a lot of general awareness needed. This article is focused on encryption, which is only one piece of the puzzle. A true ‘perimeterless’ architecture needs the right access management controls to ensure no bad actors are privilege to sensitive data and applications.
Upcoming Events
Rocky Mountain InfoSec Conference
May 9 - 11
Denver, CO
That does it for this week. Check back this time next week for another set of relevant news, articles, and events. Cheers,
Ivan at ScaleFT
Ivan Dwyer
Ivan Dwyer is the VP of Product Marketing at ScaleFT, working with the community to raise awareness around BeyondCorp and Zero Trust for organizations of all kinds looking to modernize their security architecture.
