Blog

Articles and stories about BeyondCorp from the ScaleFT team

BeyondCorp Weekly 41

Ivan Dwyer - November 7, 2017



I will forego my usual commentary this week to highlight a couple upcoming events that should be of interest to readers of this newsletter.

First, I’m honored to be a guest speaker at the upcoming Portland ISSA meeting next Wednesday, Nov 15th. I will be speaking about BeyondCorp, and how other companies can achieve a similar outcome as Google with minimal effort. The more I speak and write about the subject, the more I realize what is most valuable to people is finding the right first steps to take. If BeyondCorp is Mt. Everest, then what’s base camp? For those local to the area, I encourage you to attend for what promises to be a lively afternoon session. If you’re not local, but would like to hear me speak on the subject in your area, feel free to reach out with suggestions for nearby events. I’d love to take this show on tour!

Second, I’ll be at AWS re:Invent representing ScaleFT again this year, but we’re going to do something a bit different than the standard booth setup or happy hour gathering. I’ve been to every re:Invent since 2012, and have reached that point where I just don’t need to watch Jassy’s keynote live. I have a feeling I’m not alone… and am putting my (company’s) money where my mouth is. We’ve rented out a suite in the Venetian, and will be hosting a bloody mary and mimosa brunch during the keynote. Don’t worry, we’ll livestream it, but how much better does it sound to watch in comfort over morning drinks? A lot better! We’re going to keep it going throughout the day, hosting a number of industry panels, podcast interviews, and more. Full agenda TBA, but be sure to RSVP for the event to get on the list. We’ll text out the room information the day of. Don’t miss out!

Here are a few additional things that caught my eye this past week.


Insider secrets of a white hat hacker on security that actually works [TechRepublic]

You know BeyondCorp is a real movement when the true legends come out. In this article, Marc Rogers of DEFCON fame gives an interview with Matt Asay about how BeyondCorp reimagines security, and how security can actually help companies go faster.

It’s Time to End the Social Security Number [TheStreet]

Last week I advocated for eliminating SSH Keys because static credentials represent the failed perimeter security model. In that same spirit, with far wider implications, Eric Reed makes a similar case for getting rid of social security numbers. The argument stems from the SSN being improperly used as an authentication method, as opposed to being purely an identifier.

Minimum Viable Cloud is an Anti-Pattern [Securosis]

Every time the folks at Securosis post a new blog, it’s worth taking the time to read. Here they break down a different type of MVC than what you may know - minimum viable cloud. I wholeheartedly agree with the sentiment that this model has its limits, and a true cloud environment should follow cloud native principles. That goes for security as well.

The internet of identities is coming and will bring massive IAM changes [CSO Online]

Machine identity in the era of connected devices is a challenging topic. How can we consistently and reliably manage the identity of all the devices out there, and how can we control what they can access? In this article, Jon Olstik writes about machine identity in the context of a company’s IAM practices. The only way to deal with scale is to use the cloud, and centralize the IAM role.

Security vs. convenience? IoT requires another level of thinking about risk [ArsTechnica]

I often talk about security that enables productivity, but that doesn’t mean getting rid of all the controls. That would be counterproductive. It’s about removing roadblocks where appropriate, and putting up meaningful barriers where needed. This article uses Amazon Key as an example that goes too far – finding that balance between security and convenience is key (no pun intended).


That does it for this week. Check back this time next week for another set of relevant news, articles, and events. Cheers,

Ivan at ScaleFT

@fortyfivan


Ivan Dwyer

Ivan Dwyer is the VP of Product Marketing at ScaleFT, working with the community to raise awareness around BeyondCorp and Zero Trust for organizations of all kinds looking to modernize their security architecture.

ScaleFT Zero Trust Access Management
Subscribe to the Newsletter

Subscribe to the BeyondCorp newsletter to get notifications about new posts by email.