BeyondCorp Weekly 50
Ivan Dwyer - February 6, 2018
As you may know from reading this newsletter, we’ve been taking BeyondCorp on the road, hosting Meetups in cities across the country. It’s been great to see such a high level of interest and intrigue at every stop, and I’ve learned a lot about what people are looking for in a new security model. The road show continues next week in Boston and New York, but first, we have a special event in San Francisco tomorrow. I’m especially excited for this one, as we’ve assembled a top-notch panel of industry experts ready to share their thoughts on BeyondCorp. Joining me on stage at Heavybit Industries will be:
- Marc Rogers: Head of Information Security at CloudFlare
- Patrick Albert: Security Engineering at AppDynamics
- Ryan Seekely: Director of Infrastructure and Security at Quid
The panel session will be recorded, and I will share with everyone once it’s published. I expect a lively and natural conversation focused on real world outcomes, and as moderator, I will quickly get out of the way to let the experts speak. My biggest takeaway from the past few events is that this community is well past the awareness phase, moving right into the discovery phase. The general sentiment has been “great for Google, now what does this mean for me and my organization?” In that spirit, the most valuable information we can all share with each other is actual implementation tips, tricks, and gotchas. I’ll do my best to pull as much out of this panel as I can, while continuing to seek out those who are working on relevant initiatives. The more we share, the better. Have your own story to tell? Let me know and we can talk about having you speak at an upcoming Meetup, author a blog post, or chat in a podcast.
Space is filling fast for tomorrow’s event, so be sure to RSVP now to reserve your spot!
Here are a few additional things that caught my eye this past week.
Security Not Keeping Up with Cloud-First Business Strategies [InfoSecurity Magazine]
When things move as fast as they do in the cloud, security can be a laggard. Not surprising, this study by Hurwitz & Associates shows that security solutions aren’t as flexible and scalable as cloud solutions. Much of this has to do with the delivery model. While cloud solutions are primarily delivered as a service, security still follows traditional on-prem methods. Security may be the last SaaS domino to fall, but once it does, we won’t have the mismatch we do today.
7 Steps Administrators Should Take to Secure Mixed Cloud Environments [eWeek]
One reality of the enterprise move to the cloud is that it’s rarely an all or nothing situation. An obvious challenge with heterogeneous environments is with security, as the mix of cloud and on-prem makes it difficult to stay consistent and comprehensive. This article lays out a number of best practices in line with how I see companies move towards something like BeyondCorp. I couldn’t agree more with #1: Start with a new project and iterate.
The challenges with secure cloud access control and how to face them [SearchCloudSecurity]
With more cloud adoption, it’s critical to have the right access controls in place. While I do agree with the general sentiment of this article, I have different thoughts on the best approach. I don’t believe that access controls should be so closely tied with identity where it’s just an extension of identity governance. I find that in order to get to a point where you can make smarter trust decisions based on dynamic conditions (user, device, location, etc.), the access controls need to be decoupled from the identity systems themselves as independent systems.
Many businesses still using outdated security, says Troy Hunt [ComputerWeekly]
While I am hopeful that more companies embrace the cloud and modern security practices, there’s still a lot of catching up to do. This headline may be sensational, however it does speak to the importance of continued education.
Why it’s important to avoid FUD fatigue and threat rigidity when making security decisions [TechRepublic]
Education is important, but I do advocate for promoting positive outcomes as opposed to the traditional FUD approach. That’s partially me being a positive thinker, but more importantly, it’s partially because the traditional methods don’t work, plain and simple. To break out of the same, repetitive cycle, we need to rethink our security model much like Google did with BeyondCorp.
Upcoming Events
BeyondCorp in the Real World
Feb 7th
San Francisco
Heavybit Industries (map)
6:00 - 8:30 PM
BeyondCorpBOSTON
Feb 13th
Oficio (map)
5:30-7:30 PM
BeyondCorpNYC
Feb 15th
38 Parlor (map)
5:30-8 PM
BeyondCorpATX
Feb 28th
Uncle Julio’s (map)
5-8 PM
That does it for this week. Check back this time next week for another set of relevant news, articles, and events. Cheers,
Ivan at ScaleFT
Ivan Dwyer
Ivan Dwyer is the VP of Product Marketing at ScaleFT, working with the community to raise awareness around BeyondCorp and Zero Trust for organizations of all kinds looking to modernize their security architecture.
