Премахването на периметровата сигурност е безопасно за кибер крепост

In December 2014, Google published a paper titled “BeyondCorp: A New Approach to Enterprise Security.” Този документ изразява с думи това, което общността казва от години – namely, that perimeter security is obsolete.

Крайните точки не трябва да зависят от външна организация за тяхната защита – nor should enterprise applications and services. They should behave and be protected as if connected directly to the Internet – their underlying security principles should reflect that.

The paper is located here - http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/43231.pdf, and it has an accompanying video description (a must: https://www.usenix.org/conference/lisa13/enterprise-architecture-beyond-perimeter plus https://www.usenix.org/conference/lisa13/managing-macs-google-scale)

Google, being a pioneer in security, made a huge step forward toward this concept and made their enterprise applications public. But do not get confused – they made it right. Their act of removing the perimeter defenses was preceded by carefully planning and turning the infrastructure inside out – protecting the applications and users from external threats by limiting access to the applications and services only to authorized users and devices.

Интересна последица е липсата на нужда от използване на VPN при достъп до корпоративни ресурси – if the request to access a resource can be identified to belong to an active employee and is performed from a secured corporate device – the connection established will be encrypted by default, and the need for VPNs disappears.

This is one of the most important and, simultaneously, the shortest post in this blog – simply because all I would like to share with you on this topic is in the link to the Google paper.