(no title)
cdoxsey | 4 years ago
> Users should log into applications, rather than networks, and enterprise applications should eventually be able to be used over the public internet.
Second with regards to this statement:
> Opening up your internal network to the internet and rely on every app to do security correctly is a ridiculously bad strategy.
That's precisely what zero trust networking is. Ala Google's BeyondCorp:
> Virtually every company today uses firewalls to enforce perimeter security. However, this security model is problematic because, when that perimeter is breached, an attacker has relatively easy access to a company’s privileged intranet. As companies adopt mobile and cloud technologies, the perimeter is becoming increasingly difficult to enforce. Google is taking a different approach to network security. We are removing the requirement for a privileged intranet and moving our corporate applications to the Internet.
(https://storage.googleapis.com/pub-tools-public-publication-...)
Maybe they're wrong about all this, but it's not anti-advice. It's a legitimate security model being pursued by many different companies.
tptacek|4 years ago
The problem with VPNs is that enterprises have used them for decades as a crutch, extending their perimeter model out so that instead of a small SPOF, they have a gigantic, ever-changing SPOF. "ZTN-think" pushes this basic idea way past usefulness, to the point where all network controls are somehow suspicious. Which is crazy; BeyondCorp fundamentally relies on network access controls as well as application access controls, like every other modern network design. They're just different controls.
righttoolforjob|4 years ago
Google doesn't do what you suggest and I'll throw in another large security-aware company as well, known for their privacy-conscious phones. They protect the perimeter as well as the inside. As does any military organization. Stop spreading misinformation.
onefuncman|4 years ago