Great read Bruce. This has me considering Service Mesh further from a non-container perspective. While Service Meshes have come to light as a result of Kubernetes the concept predates the mass adoption of containers. I love the idea that the VM is no longer the focal point of application development. The challenge is the VM is still the focal point for application security for legacy workloads. Solutions such as Hashicorp Consul and Gloo are great indications of where we need to go to abstract services from the underlying VM infrastructure. However, I sense there’s a lot of cultural and process change that has to happen before a transition can occur.
Hey Bruce, Systems Approach is a fantastic substack. Thanks to you and Larry for creating and sharing the content. Zero trust is huge, in particular, as we embark on this hybrid remote/office journey. Your refined definition of zero trust as "..narrow and specific trust after authentication.." is spot on. When I looked into this a few years back, I came across the Google BeyondCorp solution (https://cloud.google.com/beyondcorp). It appears to align with several points raised in your article, namely no VPN, centralized control and distributed deployment of proxy/rules/PEP entities and user/device authentication instead of network attachment. Google has the footprint and have enlisted the security vendor heavyweights in the BeyondCorp Alliance (https://cloud.google.com/blog/products/identity-security/google-cloud-announces-new-partners-in-its-beyondcorp-alliance). Curious on your thoughts regarding BeyondCorp as both a technical and commercial solution. Fascinating area!
Great read Bruce. This has me considering Service Mesh further from a non-container perspective. While Service Meshes have come to light as a result of Kubernetes the concept predates the mass adoption of containers. I love the idea that the VM is no longer the focal point of application development. The challenge is the VM is still the focal point for application security for legacy workloads. Solutions such as Hashicorp Consul and Gloo are great indications of where we need to go to abstract services from the underlying VM infrastructure. However, I sense there’s a lot of cultural and process change that has to happen before a transition can occur.
Great read.
Hey Bruce, Systems Approach is a fantastic substack. Thanks to you and Larry for creating and sharing the content. Zero trust is huge, in particular, as we embark on this hybrid remote/office journey. Your refined definition of zero trust as "..narrow and specific trust after authentication.." is spot on. When I looked into this a few years back, I came across the Google BeyondCorp solution (https://cloud.google.com/beyondcorp). It appears to align with several points raised in your article, namely no VPN, centralized control and distributed deployment of proxy/rules/PEP entities and user/device authentication instead of network attachment. Google has the footprint and have enlisted the security vendor heavyweights in the BeyondCorp Alliance (https://cloud.google.com/blog/products/identity-security/google-cloud-announces-new-partners-in-its-beyondcorp-alliance). Curious on your thoughts regarding BeyondCorp as both a technical and commercial solution. Fascinating area!
Yes, I actually referred to Beyond Corp in an earlier article on this topic. I'm a fan. See https://systemsapproach.substack.com/p/security-is-an-architectural-issue?s=w. Also, thanks for the kind feedback!