Google Reveals Own Security Regime Policy Trusts No Network, Ever

Darren Pauli, reporting for The Register: Google sees little distinction between boardrooms and bars, cubicles and coffee shops; all are untrusted under its perimeter-less security model detailed in a paper published this week. The "BeyondCorp model" under development for more than five years is a zero-trust network model where the user is king and log in location means little. Staff devices including laptops and phones are logged into a device inventory service which contains trust information and snapshots of the devices at a given time. Employees are awarded varying levels of trust provided they meet minimum criteria which authors Barclay Osborn, Justin McWilliams, Betsy Beyer, and Max Saltonst all say reduces maintenance cost and improves device usability (PDF).

Re: I don't get it.

[TheGratefulNet]

real zero trust is impossible to deal wtih.

we will never know what goes on in intel's mgmt engine or other parts of intel's chips. amd, too. and nvidia. and and and...

cellphones? get real! so many layers of 'sorry, no spec sheet for you!' in there. locked up tight and only the cell companies, cell makers and nsa can get in.

chips from china? oh, please! as untrustable as it gets.

you can talk all you want about the network - and we need to - but the elephant in the room is the lowest level, the silicon and the microcode that we will NEVER get access to.

if even one link is bogus, the whole chain is bogus.

my conclusion: the whole chain will always be bogus. things are out of hand and never getting back to reasonable levels ever again.

Re:Slight correction "devices", not "employees"

[slimjim8094]

[comment removed]