Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

But they do want to think of it as an architecture. They want some "Architecture Group" to publish a "ZeroTrust Standard" which every team will be required to mindlessly implement so they don't have to actually understand the underlying concepts. It's like those wonderful "security karate" mandatory training courses where they require you watch a video and fill out a multiple choice "test", and after that every application you build will be totally secure by default.

I think the whole DevSecWhateverOps thing fails to account for the severe antipathy large organizations have for outside-the-box solutions. A solution that requires people leave their silos, learn new concepts, or adopt new practices is just too much for them.



The vast majority of apps at Google that are available "beyond corp" are just normal web apps behind a smart reverse proxy that takes care of everything for them.


I'm not a Googler, but this massively understates the architecture they've built. The beyondcorp "smart reverse proxy" solves authentication, but the true innovation is entirely about contextual authorization. Beyondcorp just binds that context to a human's actions for systems to consume.

You can also see this publicly in GCP's Workload Identity and ALTS primitives, which enable very sophisticated policies.


I was there when it was built Almost all the smarts are in the proxy. If you have a typical web based app integration is easy, not some impossible mandate.


Sure, I said nothing to the contrary. It's a minor simplification to call it a reverse proxy. The proxy is built upon a very deep investment in infrastructure, take all of the cert signing stuff, for example.

Most BeyondCorp concepts seem simple, and they are, but they depend on a lot of existing machinery, almost all of which is non-existent in pre-existing corp networks. The average tech company is currently struggling to catch up.


My point was that it is simple from the POV of the app developer. See the comment I replied to.


Do you notice all the different components on this page? https://beyondcorp.com/ There are a lot more components and concepts than just an OAuth proxy. A web developer may think it's all very simple from their perspective, but it goes much deeper.


I know on great detail the implementation and what went into it.

My point was it is simple for an app developer to integrate with.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: