Submitted via IRC for chromas
Google may have sent the tired castle analogy of network security's soft center protected by a tough exterior out to pasture for good.
On Tuesday at RSA Conference, Google shared the seven-year journey of its internal BeyondCorp rollout where it affirms trust based on what it knows about its users and devices connecting to its networks. And all of this is done at the expense—or lack thereof—of firewalls and traditional network security gear.
Director of security Heather Adkins said the company's security engineers had their Eureka moment seven years ago, envisioning a world without walls and daring to challenge the assumption that existing walls were working as advertised.
"We acknowledged that we had to identify [users] because of their device, and had to move all authentication to the device," Adkins said.
Google, probably quicker than most enterprises, understood how mobility was going to change productivity and employee satisfaction. It also knew that connecting to corporate resources living behind the firewall via a VPN wasn't a longterm solution, especially for those connecting on low-speed mobile networks where reliability quickly became an issue.
The solution was to flip the problem on its head and treat every network as untrusted, and grant access to services based on what was known about users and their device. All access to services, Adkins said, must then be authenticated, authorized and on encrypted connections.
"This was the mission six years ago, to work successfully from untrusted networks without the use of a VPN," Adkins said.
Source: https://threatpost.com/no-firewalls-no-problem-for-google/123748/
(Score: 2) by canopic jug on Friday February 17 2017, @06:01PM
Kerberos V was quite good until M$ deliberately killed it. I'd like to see a Kerberos VI developed without M$ interference with an effort made to simplify and clarify the code base. LibreSSL provides a good model for how a project can work. But Kerberos VI is unlikely to happen because the universities have no spine any more to go against M$ and have become more bureaucratic than academic.
Money is not free speech. Elections should not be auctions.