Google Reveals Own Security Regime Policy Trusts No Network, Ever (theregister.co.uk)

← Back to Stories (view on slashdot.org)

Google Reveals Own Security Regime Policy Trusts No Network, Ever (theregister.co.uk)

Posted by msmash on Wednesday April 6, 2016 @06:30AM from the trust-issues dept.

Darren Pauli, reporting for The Register: Google sees little distinction between boardrooms and bars, cubicles and coffee shops; all are untrusted under its perimeter-less security model detailed in a paper published this week. The "BeyondCorp model" under development for more than five years is a zero-trust network model where the user is king and log in location means little. Staff devices including laptops and phones are logged into a device inventory service which contains trust information and snapshots of the devices at a given time. Employees are awarded varying levels of trust provided they meet minimum criteria which authors Barclay Osborn, Justin McWilliams, Betsy Beyer, and Max Saltonst all say reduces maintenance cost and improves device usability (PDF).

41 comments

Min score:

Reason:

Sort:

This is best policy by Bob_Who · 2016-04-06 06:37 · Score: 1

Trust No Network Ever.
1. Re:This is best policy by arbiter1 · 2016-04-06 06:44 · Score: 1
  
  Yea i agree with all the breaches over last few years, credit cards companies, stores, HOSPITAL's. Any network can be taken over by viruses, Trojans, randomware, etc. Better to go by D.T.A. at this point. (Don't Trust Anything)
2. Re:This is best policy by Gr8Apes · 2016-04-06 07:26 · Score: 1
  
  Technically, you should never trust your own network, including internal production networks. 3 tier ring a bell? It's not news and hasn't been for 2 decades. I guess Google finally got the memo?
  
  --
  The cesspool just got a check and balance.
3. Re:This is best policy by Anonymous Coward · 2016-04-06 07:27 · Score: 0
  
  Yes.
  If you are a pro, and hope to stay one, "Trust No Network Ever" is Rule 0.
4. Re:This is best policy by Anonymous Coward · 2016-04-06 07:30 · Score: 0
  
  I think you missed a big part of the summary:
  
  Employees are awarded varying levels of trust
  
  A proper trust scale would tend to put the upper management at 0 trust, employees who obey the standards at 1 trust, IT at 2 trust, and that grumpy old guy in the corner who hates everyone who touches "his" network as the only rank 3 trust (effectively: super-admin, at whose whims the mere administrators find themselves banned).
  Add fractions as needed.
  (In practice, I'm sure this follows the standard of "1 rank of trust per tier of management below you," like all the prior methods of IT oversight end up)
5. Re:This is best policy by Anonymous Coward · 2016-04-06 08:20 · Score: 0
  
  Trust No Network Ever.
  I thought it was trust Google Never.
6. Re:This is best policy by omnichad · 2016-04-06 08:41 · Score: 2
  
  Google Never has been discontinued.
7. Re: This is best policy by net28573 · 2016-04-06 13:23 · Score: 1
  
  It's a shame. It had really good integration with Google wave too.
  
  --
  RIP TRICERATOPS, YOU NEVER EXISTED
8. Re:This is best policy by Anonymous Coward · 2016-04-06 17:17 · Score: 0
  
  it was only a Beta
9. Re:This is best policy by AHuxley · 2016-04-06 18:13 · Score: 1
  
  Except for the NSL that got the gov server and splitters in so deep in the network that it looked at everything in plain text.
  That new internal gov network was trusted.
  All the staff who saw the strange new hardware and flood of outgoing connections and said nothing, reported nothing.
  Its kind of hard to clean up after years of having a mil or gov teams just connect deep into any network.
  
  --
  Domestic spying is now "Benign Information Gathering"
10. Re:This is best policy by Aighearach · 2016-04-06 19:19 · Score: 1
  
  Even that is too narrow.
  Never trust.
Good idea. by LWATCDR · 2016-04-06 06:39 · Score: 3, Interesting

Way back in the day a company I worked for had done a good job securing our network...
Until a developer went to a conference and plugged his network in the hotel network then brought it back inside our firewall.
We did catch the problem very quickly and only a few machines where infected but we locked things down even more after that.

--
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
1. Re:Good idea. by Anonymous Coward · 2016-04-06 07:24 · Score: 0
  
  Way back in the day a company I worked for had done a good job securing our network...
  Until a developer went to a conference and plugged his network in the hotel network then brought it back inside our firewall.
  The second sentence definitely contradicts the first.
2. Re:Good idea. by LWATCDR · 2016-04-06 08:16 · Score: 1
  
  You live and learn. We started to format and re image all notebooks used on trips after that.
  
  --
  See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
3. Re:Good idea. by KozmoStevnNaut · 2016-04-06 21:59 · Score: 1
  
  Never trust any network. Conversely, your network should never implicitly trust any client device.
  
  --
  Eat the rich.
4. Re:Good idea. by Anonymous Coward · 2016-04-07 07:10 · Score: 0
  
  At some levels even that isnt sufficient anymore. Bios and hardrive firmware come to mind.
;login by Anonymous Coward · 2016-04-06 06:52 · Score: 0

This month's issue of ;Login (Usenix publication) had a very nice write up about this.
I don't get it. by Anonymous Coward · 2016-04-06 06:57 · Score: 0

Must be great to live in a world where this abstract crap passes as a policy framework.... it seems they've basically described a full SCCM setup with some network level SSO that can be implemented using a variety of technologies (802.1x to more proprietary stuff offered by network vendors) so what's new here?
1. Re: I don't get it. by JoshuaGriffis · 2016-04-06 07:21 · Score: 3, Informative
  
  Zero trust runs deeper than that. The main point is that you do not trust a corporate provided device any more than a user's BYOD device. Essentially, you pull workstations out of the core network your servers are on, and only allow access to that core with jump boxes or virtual desktops to limit access and data exfiltration. Forester had a nice write up on Zero Trust Networks back in 2013.
2. Re: I don't get it. by Anonymous Coward · 2016-04-06 07:43 · Score: 0
  
  OP here; We use a combination of Windows RDS and vSphere (although you could use many other things out there) to achieve this and whilst it reduces attack surface it only stops basic attacks. Thin clients can still be compromised which can still compromise the entire user/principal and data can still be exfiltrated, albeit with a few extra steps. If that's all this is eluding too then it's still pretty old hat, I'm just not seeing what's truly new about this unless the overview document published just isn't a very good document to describe it.
3. Re:I don't get it. by JamesKeane7745 · 2016-04-06 09:55 · Score: 1
  
  You must be a MS MVP...
4. Re: I don't get it. by TheGratefulNet · 2016-04-06 12:07 · Score: 3, Insightful
  
  real zero trust is impossible to deal wtih.
  we will never know what goes on in intel's mgmt engine or other parts of intel's chips. amd, too. and nvidia. and and and...
  cellphones? get real! so many layers of 'sorry, no spec sheet for you!' in there. locked up tight and only the cell companies, cell makers and nsa can get in.
  chips from china? oh, please! as untrustable as it gets.
  you can talk all you want about the network - and we need to - but the elephant in the room is the lowest level, the silicon and the microcode that we will NEVER get access to.
  if even one link is bogus, the whole chain is bogus.
  my conclusion: the whole chain will always be bogus. things are out of hand and never getting back to reasonable levels ever again.
  
  --
  
  --
  "It is now safe to switch off your computer."
5. Re: I don't get it. by rioki · 2016-04-06 18:48 · Score: 1
  
  Yes, but zero trust is an old hat. The basic idea is that you pretend all devices are on the public internet. This makes is a non issue when they actually are and a rogue device in the network will create little harm. This reduces the effort to secure the corporate network, since it is basically regarded as public and unsafe.
6. Re:I don't get it. by Anonymous Coward · 2016-04-06 21:36 · Score: 0
  
  Nope, not a single Microsoft cert but of course I must be a Microsoft evangelist because I mentioned a Microsoft product but unfortunately my honorary cert was lost in the mail...
Of course not by HexaByte · 2016-04-06 07:11 · Score: 1

If you trust them, they suddenly shut down and brick your devices. And this is just one of their own networks - Nest.

--
HexaByte - he's a square and a half!
1. Re:Of course not by KozmoStevnNaut · 2016-04-06 21:57 · Score: 1
  
  Oh boo hoo. You bought a device that relies on other people's servers to even function, and you're surprised that you don't really have a say in how long that server will be kept running?
  Welcome to the Internet of Things, where you have to rely on the goodwill of other people to keep their services running. Newsflash: "Lifetime service" in an EULA does not mean what you think it means.
  
  --
  Eat the rich.
2. Re:Of course not by DeVilla · 2016-04-08 10:12 · Score: 1
  
  These days I'm afraid to buy almost any electronic device. They don't advertise their devices are cloud dependent and have a "privacy policy" with boundary issues. The sales people in brick and mortar stores don't know either. You can't know until it's too late.
Pavlov's Employee by Anonymous Coward · 2016-04-06 07:41 · Score: 0

Good employee, have another byte
didnt aruba networks do this by Anonymous Coward · 2016-04-06 07:48 · Score: 0

clear pass?
As with every other Google story by Anonymous Coward · 2016-04-06 08:10 · Score: 0

This doesn't change the fact that GOOGLE THEMSELVES ARE SPYING ON YOU. And they are profiting mightily from it.
1. Re: As with every other Google story by Anonymous Coward · 2016-04-06 10:01 · Score: 0
  
  Who cares? Its convenient. That's all that matters.
  Look! Whatsapp got p2p encryption! And it has nice emojis! And colors! And fancy sounds!
2. Re:As with every other Google story by Coren22 · 2016-04-08 02:55 · Score: 2
  
  Is it really spying if you explicitly authorize it?
  
  --
  APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
So It Evens Out by Anonymous Coward · 2016-04-06 08:54 · Score: 0

I trust no Google product on my network, ever.
Slight correction "devices", not "employees" by shawn2772 · 2016-04-06 09:24 · Score: 3, Informative

The summary says "Employees are awarded varying levels of trust provided they meet minimum criteria". That should say "employee devices...". Employees, of course, do have differing levels of access to various resources, based on the needs of their jobs, with very fine-grained access control. But the criteria-based trust the article is talking about varies based on device, not user. For example, because my phone isn't "fully trusted" (because I don't want to accept the authentication and other requirements that would impose), it can't access the bug report database or the code repositories, but it does have access to the employee directory, my company e-mail and calendar, etc. My laptop is fully trusted because of how it's configured and I can use it to look at anything I'm authorized to see.
The key point, though, is that all of this is completely network-independent. It doesn't matter if I'm connected directly to an internal LAN or sitting in a coffee shop, my access, based on my device and my authenticated identity, is the same. Google does still have VPN infrastructure for some legacy services that haven't been fully migrated to the perimeter-less architecture, but that's being phased out as those services are upgraded or replaced. I only use my VPN client a few times per year, and eventually I need it at all.
1. Re:Slight correction "devices", not "employees" by slimjim8094 · 2016-04-06 14:28 · Score: 3, Insightful
  
  [comment removed]
  
  --
  I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
Basically the Uni Model by Anonymous Coward · 2016-04-06 10:49 · Score: 0

This is basically how University networks work.
Doesn't matter. by Anonymous Coward · 2016-04-06 12:23 · Score: 0

PRISM has everything going in and out of Google anyways.
Most networks are like cockroaches... by Tony+Isaac · 2016-04-06 16:21 · Score: 1

crunchy on the outside, but soft and chewy on the inside!
Stupid fucking neckbeards by Anonymous Coward · 2016-04-06 16:40 · Score: 0

Hurr durr I'm the most paranoid
But by Anonymous Coward · 2016-04-07 04:54 · Score: 0

Are they just locking u out or locking themselves in? A rhetorical question as it must be both. Google is a cult. They do great things but a lot of it us just for themselves. You fund them through adwords. For the pleasure of watching their insider cult end of year videos that are also all about them and their buddies and witnessing their moonshot projects and private google plex busses. Its a big frat party.
1. Re:But by Coren22 · 2016-04-08 02:48 · Score: 1
  
  Google is a cult.
  
  Considering Apple is just as much a cult, and in fact is less open to working with other company's stuff, I can only look to Microsoft in comparison, and everything they are doing for interoperability in the mobile phone area. It is kind of scary when we are talking about Microsoft being more open than the successors to Linux and BSD.
  
  --
  APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?