[judge2020]

The issue is that, for any company without thousands of employees (heck, probably even some of these are guilty), the VPN is often the only barrier to the entire network. The BeyondCorp model makes you explicitly specify "John can access support.corp.com but not admin.corp.com", while setting up these explicit checks is the exception for VPN-based access, not the norm (and sometimes it isn't even done right - eg. relying on DNS filtering).

[trabant00]

> The issue is that, for any company without thousands of employees (heck, probably even some of these are guilty), the VPN is often the only barrier to the entire network.

Sorry, but what? I've worked in multiple small companies where the we where less than 5 system administrators and inside the vpn we had encrypted traffic and ldap auth on everything. It's a few days job for a single person to set everything up this way with open source tools that are extremely well known and documented.

[totony]

Yeah same, I have even seem 1-sysadmin small businesses have multilayer security

[lousken]

yea, we have the same setup

[celticninja]

In short:

VPN can be a security tool, as long as it is not your only security tool.

[lowwave]

Think of VPN, just a wifi router. Don't rely on it! Design your internal tools to be secure. Not trust any network or client submitted data.

For these big companies (FAANG, Twitter too), please spend all those money on your security instead of market please.