BeyondCorp Weekly 39
Ivan Dwyer - October 24, 2017
If you’re like me, you look back on your college years fondly. I had the time of my life, stumbled on a burgeoning tech industry, and formed my circle of friends for life. The news of this past week took a different view, as leaked audio of Facebook’s security chief, Alex Stamos, compared their corporate network to that of a college campus. The media jumped on this fast, and people flipped. What wasn’t necessarily considered was the context of the statement, nor the parallels to the changing role of those in charge of corporate security.
Aside from underage drinking, what do college campuses represent and foster? Productivity, creativity, and diversity to name a few. Just as the digital transformation era of the past decade has turned IT departments from a cost center to a business enabler, forward thinking companies are similarly tapping their security teams to find ways to let their employees move faster in a safe manner. Corporate security practices, which have always been a blocking function, are now becoming a business enabler. Of course, this must be done carefully, and comes with a whole range of challenges, but if you can secure your company while keeping your employees happy, then you’re doing a fantastic job.
If that sounds familiar to you as a reader of this newsletter, that’s because it was the mandate from the top at Google for BeyondCorp. Alex knows this, and sums it up just right…
Here are a few additional things that caught my eye this past week.
81% of CISOs Say User Security Hampers Innovation [InfoSecurity Magazine]
The headline might imply a counterpoint to the security transformation mentioned above, but what this really shows is that CISOs are aware that security needs to enable productivity, they’re just not quite sure how to get there yet. Changing the mindset from blocking to enabling is the first step.
Turns out, security drives cloud adoption — not the other way around [Google Cloud Platform Blog]
Google’s own security posture is a major selling point for their cloud platform, as they’ve brought many of the principles and practices of BeyondCorp into the product. A commissioned report conducted by MIT SMR Custom Studio points to convincing evidence that security is becoming a major driver of cloud adoption, primarily due to increased confidence in the providers’ abilities.
You need more than one AWS account: AWS bastions and assume-role [Coinbase]
While confidence in cloud providers is growing, it’s still important to fully understand the shared responsibility, and hedge your bet wherever you can. Here, Coinbase talks about operating multiple AWS accounts. They refer to these additional accounts as AWS Bastion accounts, a curious naming choice on the surface, but actually functions in a similar manner as a bastion host.
Study: 61 Percent of Organizations Have Minimal Control of SSH Privileged Access [DarkReading]
A study done by Dimension Research uncovered some eye-raising statistics about the poor management of SSH. Not particularly surprising, however, as the best practices for key management aren’t very straightforward. We have a different belief about SSH keys at ScaleFT, which I will expand on next week (once I finish the blog post I’m writing).
Another KRACK in the network perimeter [HelpNetSecurity]
I briefly touched on why KRACK makes the case for BeyondCorp last week, and here’s an article from ScaleFT’s CTO, Paul Querna, expanding on the topic. A natural byproduct of shifting your attention from the network to the resources you are protecting is speed and improved user experience. If the challenge is security as a business enabler, that sure sounds like the right way forward!
That does it for this week. Check back this time next week for another set of relevant news, articles, and events. Cheers,
Ivan at ScaleFT
Ivan Dwyer
Ivan Dwyer is the VP of Product Marketing at ScaleFT, working with the community to raise awareness around BeyondCorp and Zero Trust for organizations of all kinds looking to modernize their security architecture.
