Blog

Articles and stories about BeyondCorp

BeyondCorp Weekly 21

Ivan Dwyer - May 23, 2017

The aftermath of the WannaCry ransomware attack continued to dominate the headlines this past week, where the conversation ranged from who should be responsible to what can be done to stop future attacks. There were more than enough opinion pieces to get through, and I tend to favor the thoughtful analysis over the impulsive fear-mongering. A couple pieces I came across were of the former. Dennis Fisher of On the Wire points out that we expected something like this, but we’re really at the beginning of a trend as the attacks will only get better with each passing attempt.

Read More...

BeyondCorp Weekly 20

Ivan Dwyer - May 16, 2017

Last week was the Rocky Mountain InfoSec Conference in Denver, where I gave a talk about BeyondCorp to a fully captivated audience – always a good feeling as a speaker. I wrote up a quick blog post about the event, with the slides from my presentation. Have a look: https://www.scaleft.com/blog/a-call-for-proactive-security-at-rocky-mountain-infosec-2017/ Now it goes without saying that the big story over the past week has been the WannaCry ransomware attack. As he often does, Troy Hunt gives a solid breakdown of what happened (in case you’ve been living under a rock).

Read More...

BeyondCorp Weekly 19

Ivan Dwyer - May 9, 2017

Wheels up… I am in the air on my way to Denver for the Rocky Mountain InfoSec Conference. I’m giving a talk tomorrow from 2-3 PM titled BeyondCorp - Google Security For Everyone Else. I’ll share my presentation materials after the fact, but I first wanted to mention something that I thought of while preparing my slides - which I still have 27 hours to finish before going on stage… every minute counts!

Read More...

BeyondCorp Weekly 18

Ivan Dwyer - May 3, 2017

I’m just returning from a few days at Disney World with my future in-laws from Brazil, and it was in a word - magical! (Yes, I have to say that if I want to keep my wedding plans in tact). It’s been nearly 30 years since my grandparents took me as a bright eyed child, and while the attractions had a familiar feel, the park experience was a whole new world.

Read More...

BeyondCorp Weekly 17

Ivan Dwyer - April 25, 2017

One of the guiding principles of BeyondCorp is how access decisions are made based on dynamic user and device conditions as opposed to traditional network-based methods. Within Google, their own Trust Inferer system continuously collects employee device data, which is then processed to determine its Trust Tier. Through configurable Access Policies, each resource is assigned a minimum Trust Tier based on the sensitivity of the data. To be granted access to a resource, the device Trust Tier must meet that of the resource.

Read More...

BeyondCorp Weekly 16

Ivan Dwyer - April 18, 2017

The Shadow Brokers leaks have certainly dominated the headlines, bringing out all the security researchers to investigate the scope of vulnerabilities – most notably the SWIFT network and a number of Windows 0-days. A good list of all the exploits is up on GitHub here. What still seems to be unclear, however, is when and how Microsoft was alerted to the numerous CVEs affecting their products given that they were able to patch the exploits a month before the leaks surfaced.

Read More...

BeyondCorp Weekly 15

Ivan Dwyer - April 11, 2017

I’m just returning from Austin, where I attended the InfoSec Southwest Conference over the weekend. It was great to mingle with the local community, and to converse about corporate security architectures. While BeyondCorp was only known by a small percentage of attendees, the principles resonated well to the folks working in InfoSec teams. Generally speaking, architectural patterns such as Zero Trust sit with IT, so it will take some awareness campaigns to spread further.

Read More...

BeyondCorp Weekly 14

Ivan Dwyer - April 4, 2017

VPNs have been dominating the headlines lately, but for far different reasons than the outcome of BeyondCorp I often talk about here. On the contrary, in fact. With personal information seemingly up for grabs between governments and hackers, the average Internet user is wrought with concern. Many opportunists have used that fear to push personal VPN services. I’ll defer to Brian Krebs on whether or not it’s worth the effort.

Read More...

BeyondCorp Weekly 13

Ivan Dwyer - March 28, 2017

As promised last week, I have videos to share. First, I will shamelessly plug my own talk during the BeyondCorpSF Meetup held at Heavybit Industries earlier this month. The key theme was how Zero Trust is changing our notion of Identity & Access, and what this means from a broader market perspective. Have a watch. http://www.heavybit.com/library/blog/beyondcorp-meetup-google-security-for-everyone-else/ For a more technical deep dive, Evan Gilman and Doug Barth gave a talk about network design at last week’s SREcon.

Read More...

BeyondCorp Weekly 12

Ivan Dwyer - March 21, 2017

The video from last week’s BeyondCorpSF Meetup is still in post-production, so it’ll be in next week’s newsletter. Until then, I wanted to take a brief moment to share a thought on the community. It was only a few month ago that BeyondCorp was only barely known outside of Google as a couple of research papers. Now it’s capturing the attention of IT & Security professionals from all sorts of organizations across the globe.

Read More...

ScaleFT Zero Trust Access Management
Subscribe to the Newsletter

Subscribe to the BeyondCorp newsletter to get notifications about new posts by email.