|
|
|
|
|
|
by tptacek
1567 days ago
|
|
|
Even the BeyondCorp paper doesn't fully buy into this idea. If you're on a coffee shop's wi-fi network, you'll talk directly to Google's Access Proxy. But if you're in the building, you're 802.1x authenticating to their network before getting access. The problem with VPNs is that enterprises have used them for decades as a crutch, extending their perimeter model out so that instead of a small SPOF, they have a gigantic, ever-changing SPOF. "ZTN-think" pushes this basic idea way past usefulness, to the point where all network controls are somehow suspicious. Which is crazy; BeyondCorp fundamentally relies on network access controls as well as application access controls, like every other modern network design. They're just different controls. |
|
|