BeyondCorp was, IIRC, originally the name for the internal platform that implemented Zero Trust security model, and after publication of paper on it popularised Zero Trust in the public.
Both the open source projects you link derive their history partially from the BeyondCorp paper.
Am I crazy or is there nothing here? I see an abstract, a link to some unrelated search, “research areas” (another unrelated link) then a footer with a link to their team. Where do I actually read about beyondcorp?
my friend you're accessing this information (my comment and this link) on a device that is connected to the internet and you're upset that some resource doesn't spoon feed you (even though it does).
> What am I supposed to do with that?
here's a hint: the domain that this link is on is the name of a company that revolutionized information retrieval on the internet about 20 years ago. so much so that that same word (the name of the company) has become synonymous with information retrieval itself. so I suggest that what you're supposed to do with journal reference is put all these obvious factoids to good use and try to retrieve some information :)
> here's a hint: the domain that this link is on is the name of a company that revolutionized information retrieval on the internet about 20 years ago
You know what actually revolutionized information retrieval, more than 30 years ago? The World Wide Web, which shipped with these things called “hyperlinks” from the very beginning. You know, that thing that lets you click on them and open a document.
> so I suggest that what you're supposed to do with journal reference is put all these obvious factoids to good use and try to retrieve some information :)
Saying “here’s the page for this thing, but we’re just going to give you some search terms for it so that you can enter them into a proprietary search engine and hopefully maybe dig up the real thing” is only a revolution in how huge of a step backwards it is from what we had 30 years ago.
> my friend you're accessing this information (my comment and this link) on a device that is connected to the internet and you're upset that some resource doesn't spoon feed you (even though it does).
Y’know, you’re right, I’m such an idiot. Why does HN even have links? Surely we don’t need to be spoon fed, we’re all smart enough to Alphabet something so why not just have every discussion contain a search term only? No, it shouldn’t be clickable, we should all independently copy/paste the headline and see what we all come up with when searching for it. Links are such a huge step backwards from this revolutionary search idea.
Oh and why stop there? The search results themselves can just be more search terms to use! We won’t even need the web any more, we’ll just do search terms all the way down. So revolutionary.
You’re certainly swooping in to defend them as if you work for them so I’d just as soon assume you do.
If the QR codes just sent me to a page saying “lol just search the web for the menu, you shouldn’t need to be spoon fed” then I’d leave the diner, yes.
What link? The one directly below the title links to the authors about page. The next link down is a “google scholar” link which just links to a search for beyondcorp. The first link in said search is to a “dialnet.uniroja.es” site. Is this what I’m supposed to know to tap on?
Why not link straight to the pdf? The URL we’re commenting on certainly seems like it’s supposed to be the canonical URL for the publication on BeyondCorp, but it seems like all it does is show an abstract and a link for you to search for the actual publication. This seems kinda backwards.
Like imagine I’m a startup selling widgets and I make a widgets.biz website, but all that website says is “I dunno just search for us lol, go away” and links to a google search for widgets. It would seem kinda silly, no?
Most of the “Zero Trust” vendor solutions on the market are a joke compared to Google’s internal implementation (BeyondCorp). If you read through the journal papers Google published you’ll see just how much work it is to do zero trust properly.
Yeah Tailscale is pretty awesome. Recently heard someone claiming it doesn’t qualify as true ZT, but for a mere mortal like me it would go a pretty long way.
When I was a network guy I used to argue more in favor of letting everything we could over the internet. it was cheaper than the various private circuits, and more reliable than VPNs.
Then when I started programming I realized we can’t trust programmers to do anything safely. And I wanted to airgap everything, but ofcourse that’s ridiculous.
So while we should assume all endpoints are open to the internet, I don’t think we should actually let them be. That would be madness.
does anyone expect every printer and network managed light fixture to stay up to date and vulnerability free? Even if it does, do we trust the vendors to not start spying on their customers?
I suspect this was mostly about selling the enterprise on saas/the cloud/google office. And it worked.
No, this is more about removing the idea that there is any safe network.
Don't assume internal network (or leased circuits or whatever) are secure.
Make smallest possible security perimeters - on servers you design/deploy, that would be often the server or even specific applications. With devices you can't secure better (like printers etc.) make small islands that can talk only with appropriate gateway device. etc. etc.
Yep and this is what is impressive, I still haven't been in another company where either it was a security shit show (anything goes) or a profoundly stupid IT department removes root access for devs and put firewalls and do deep packet inspection, adds some whitelisting based on DNS rules so you cannot download anything... All that while showing all the certification letter soups and be very proud of their job.
Agree. Google did this back in 2015. It actually took me a long time to realize that the buzz around Zero Trust (which is still going strong today) is basically how Google did things when I was there. Not needing a VPN to access Google stuffs was great.
A lot of people wrongly believe this means no firewall. If you don't use firewalls (yes, even for web traffic and SaaS, limit who can access your stuff), you are doing something wrong.
Open Source applications include:
- https://landing.openziti.io/
- https://www.ory.sh/oathkeeper/
Any other important projects I am missing?