(no title)
twexler | 3 years ago
This doesn't make it particularly usable as SSO...
>Good network design costs a lot of money to set up, particularly to limit the scope of an attack (e.g. because the VPN software had a vulnerability), but it's orders of magnitude better in the long run than to outsource core IT to some incompetent fools with subcontractors.
This is exactly my point. Most businesses not not have the resources to maintain this level of infrastructure.
Additionally, I'm personally of the opinion that walled gardens with VPN entry points are a particularly good choice for modern businesses these days. Even the White House OMB is pushing the beyondcorp model in their recent recommendations for ZT.
mschuster91|3 years ago
Why? Your core IT should not be visible from outside a VPN anyway, and if you're in a VPN you can use your Keycloak or whatever SAML system as you wish.
> Most businesses not not have the resources to maintain this level of infrastructure.
And right here is the problem: too many businesses see IT simply as a cost center instead of as what it is: a vital part of the business. You can't even run a grocery store without computers any more, and even a grocery store is a juicy target for criminals given that credit card data is processed there (not to mention employment records that can be used for identity impersonation).
People simply go and attach whatever bullshit devices from HVAC controllers to crappy 10$ IoT surveillance cameras fresh off of Alibaba on their core network and in some cases even "convenience wifi for customers", and then they wonder why either hackers or the feds come knocking. Jesus.