undefined | Better HN

0 pointsdarkwater22d ago0 comments

Serious question: why are they doing this if they've been marketing BeyondCorp for years now? Why is corporate network special then?

0 comments

benlivengood22d ago

Beyondcorp protects communication between trusted devices. The work to maintain a trusted hardware device of a particular model is high; CVEs occur constantly and sometimes you have to rely on the vendor to provide microcode (even if you get the source to review, they may be the only ones who can sign it, for example) or drivers.

The network connection isn't the main problem, it's every access to a protected system that would no longer trust the device.

darkwaterOP22d ago

I'm still not able to see what's the difference here. In a "no trusted special networks" world as the one painted by BeyondCorp, if the Intel Mac is not supported anymore, well, you will just not be able to login in any corporate portal because the smart BeyondCorp SSO will reject you, no matter if you are at home or in Mountain View HQ, no?

I mean, I can understand defense in depth and not wanting anyway a possible unsafe device connected to the corp network which still might expose some unwanted data (i.e. I imagine a trusted device on the corporate LAN might relax some local firewall rules to make it easier to develop? I'm just guessing, no real idea)

j / k navigate · click thread line to collapse

0 comments

benlivengood22d ago

The network connection isn't the main problem, it's every access to a protected system that would no longer trust the device.

darkwaterOP22d ago

j / k navigate · click thread line to collapse