Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google's Plan To Kill the Corporate Network

Posted by Soulskill on from the your-corporate-laptop-is-being-replaced-with-an-abacus dept.

mask.of.sanity writes "Google has revealed details on its Beyond Corp project to scrap the notion of a corporate network and move to a zero-trust model. The company perhaps unsurprisingly considers the traditional notion of perimeter defense and its respective gadgetry as a dead duck, and has moved to authenticate and authorize its 42,000 staff so they can access Google HQ from anywhere (video). Google also revealed it was perhaps the biggest Apple shop in the world, with 43,000 devices deployed and staff only allowed to use Windows with a supporting business case."

4 of 308 comments (clear)

  1. Re:how would it work in the real world? by mspohr · · Score: 5, Insightful

    Both of my daughters have work issued Macs. One is in education and the other a tech company. When you look at the cost of a computer compared to the salary (and benefits) for an employee over the life of the computer, the cost of even an "expensive" computer is a small rounding error. In addition, the cost of protecting and cleaning up Windows computers is non-trivial and the cost of a data breach can be enormous.
    This is not just a VPN, it is a VPN from a known, verified secure computer.
    ? MS Access... what a joke.

    --
    I don't read your sig. Why are you reading mine?
  2. Perimeter-less networks by tippen · · Score: 5, Insightful

    From a security perspective, Google is right about the notion that your internal corporate network being "safe" is dead. Between all the laptops, tablets, smartphones and very portable USB devices, there really isn't a secure perimeter on your network. Security needs to be applied at each entry point to the network, whether that is wired (internal or external doesn't matter), wireless or virtual.

    The summary implied that the need for security devices goes away once you give up the idea of a perimeter, but that isn't the case at all. The form that security comes in may change, but you still need it. Authenticated users connecting via secure tunnels doesn't eliminate the risk of malware, so you still need IPS and anti-malware devices (Fidelis, FireEye, etc.) to keep your protect company assets from valid authenticated users.

    If you can't trust any of the devices on your network, then you need to inspect 100% of the traffic entering the network.

  3. Re:Wow by Anonymous Coward · · Score: 5, Insightful

    What they're saying is that the idea of border security is a bad model. One compromised system on the inside and you're pretty much done. IDS and DPI are good ideas but they aren't effective enough. Breaking in to any corporate network is as easy as spamming it's users with social-engineering-laden email. Get them to click on a link and you own their soft, squishy, zero-day-vulnerable desktops. Keylog and steal their credentials and you've got a jumping off point to worm in to the rest of their network. It's that easy.

    What they're saying is once you move to a trust-nothing model.. Why bother investing in a huge corp network when you can't trust it anyway? When you don't have big corp network what's, the advantages of running your own services over purchasing them from someone else? Like Google?

  4. Re:Wow by Charliemopps · · Score: 5, Insightful

    As the senior admin for such an outsourced network, I can tell you what will happen about 2 to 3 years after you migrate to an outsourced service like this.

    "We're deprecating the ODBC connection as of January 1... no worries we've got a great new API and it accepts SQL!"
    "To reduce system load and improve overall performance of your system we're limiting SQL requests to 100k rows"
    "To enhance SLQ efficiency we've written our own proprietary query language called FU-SQL it's fantastic"
    "We're aware that some of our customers are not happy with speed of FU-SQL so we've limited the number of joins you can make in a select statement to 1"
    "To reduce costs for our customers we now bill our FU-SQL module separately, if you don't use it you don't have to pay for it! If you would like the unneeded additional FU-SQL feature it will bill for $150k/year"
    "due to lack of interest FU-SQL has been discontinued, if you need mass access to your data please contact our professional service"

    At this point they start doubling the price of their service every time you sign a new contract. Then your boss will ask you why your quote for migrating the network somewhere else was "A Metric Shitton of money"

    Have fun with your outsourced network!