In the wake of another high profile insider breach out of Tesla, it’s tempting to proclaim that it could have been avoided with Zero Trust. On the surface, it has all the characteristics of the very thing a BeyondCorp-style system is designed to prevent, but I’m going to refrain from rushing to that conclusion for two reasons: First, from what I can gather from the official reports, it’s unclear whether this person technically had the right to do what they did from a privileges perspective at the time.
Gauging the maturity and health of the BeyondCorp and Zero Trust movement is something I admittedly obsess over, which is why I was so pleased to read an in-depth article from Microsoft’s Offensive Security Research titled, “Building Zero Trust networks with Microsoft 365”. Microsoft has offered a number of components that form the basis a Zero Trust system for some time now, but it’s the realization that the architecture as a whole is right for the modern organization that makes this noteworthy, more so than the use of the term itself.
The big news of the week so far is clearly the acquisition of GitHub by Microsoft, which was unsurprisingly met with the widest range of reactions. Personally, I think it is a great outcome for the company and industry, as well as a reminder of what it takes to sustain a software business. Moving right along, you may recall from the past few newsletters that we’ve put out an open call for community participation amongst infrastructure and security practitioners working on Zero Trust within their own organizations.
I attended Okta’s annual user conference, Oktane, in Las Vegas last week – with ScaleFT as a partner and sponsor. If the quality of the keynote speaker is any indicator, then you’ll be hard pressed to top Barack Obama. It was a personal bucket list item just to be in the same room. The collective response to, “how are they going to top that next year?” was unanimous – “Michelle!”
As you may have noticed from reading this newsletter, we’ve been focusing much of our BeyondCorp community efforts towards showcasing the practitioners who have worked on, are working on, or are planning to work on implementing a Zero Trust security architecture in some form or fashion at their organization. We’ve seen a wide range of perspectives in this regard, which we will continue to highlight as we did at the BeyondCorp Community Lounge during RSA.
Now I’m sure you’ve all had your fill of interviews courtesy of our BeyondCorp Community Lounge during RSA, however I’d like to point your attention to another one definitely worth a listen. This time, it’s with Chase Cunningham, Principal Analyst at Forrester. Chase has been leading the charge around Zero Trust, and has a lot of great things to say. https://go.forrester.com/what-it-means/ep62-zen-zero-trust/ To cut to the chase (no pun intended), here’s a few quick highlights from my perspective:
As promised last week, we’ve published all of the Q&A sessions from our BeyondCorp Community Lounge during RSA 2018. I’m pleased that each session turned out incredibly informative, with unique and meaningful perspective towards our common goal of promoting BeyondCorp and Zero Trust across the industry. There’s a lot to get through, so grab a blanket and some popcorn, and binge away! https://www.scaleft.com/blog/lessons-learned-at-the-beyondcorp-community-lounge-during-rsa-2018/ Our YouTube and SoundCloud channels are brand new with this content, so help us get to Despacito levels by subscribing below :)
For those who made it out to San Francisco for the RSA Conference, I hope you’ve fully recovered from the action packed week. I assume everyone else is nice and rested, calm and collected. Now, I may not have decades of RSA under my belt like so many industry professionals, however I’ve been to enough over the years to notice a different vibe this year, more in the spirit of community.
RSA is coming up in a few weeks here in San Francisco, so I hope everyone is filling their calendars with happy hours, dinners, and parties galore. In the spirit of community, we decided to do something a bit different; more casual and personal than the typical big conference madness. If that sounds enticing, then come join us at the ScaleFT offices on Wednesday, April 18th for the inaugural BeyondCorp Community Lounge.
We closed out the first round of our BeyondCorp road show last week with a great event in Austin, Texas. Joining me to present was Wendy Nather from Duo Security, who has been a strong advocate in the community for BeyondCorp. Many thanks to her for giving a stellar presentation, and another thanks to Lee Slaughter from F5 Networks, and Jason Garbis from Cyxtera for presenting in Seattle and Boston respectively.