hngopher.com

       [HN Gopher] Restrict Access to your internal websites on AWS wit...
       ___________________________________________________________________
        
       Restrict Access to your internal websites on AWS with BeyondCorp
        
       Author : giacaglia
       Score  : 30 points
       Date   : 2020-10-26 21:30 UTC (1 hours ago)
        
 (HTM) web link (transcend.io)
 (TXT) w3m dump (transcend.io)
        
       | code4tee wrote:
       | A lot of companies that care deeply about security are moving to
       | this "trust no one" approach which has the added benefit for end
       | users of allowing access to "secure internal sites" over the
       | plain old internet. If done right this can all be a big boost for
       | security and improved end user experience. That said, the old
       | "you need to be on the VPN" approach is going to stick around for
       | some time.
        
         | sokoloff wrote:
         | We're about 1/2 way down this road and it's hard to overstate
         | how true this is with respect to the benefits for end-user
         | experience.
         | 
         | We did it for the security, but if I'd have known the
         | convenience benefits, I think we'd have started earlier.
        
         | ndomer wrote:
         | For sure, VPNs will always be used. I think it'll take a
         | BeyondCorp SaaS company to really take off (or have it become a
         | more "Managed"auth method from the big cloud providers).
         | 
         | At Transcend we are able to do it because we had an early focus
         | on protecting our internal apps, but obviously it's a lot
         | harder to migrate hundreds of services than to start out with a
         | newer approach.
         | 
         | I loved not having to use a VPN back when I worked at Google
         | though, and am glad to see that the open source world is
         | starting to offer some tools to play around with.
        
         | mc32 wrote:
         | I mean, yes, if you have billions to dedicate to building a
         | leading class security team-not all organizations have that
         | money and not all organizations need to take that approach.
         | Some do and some need to.
        
       | ndomer wrote:
       | Hello everyone! At Transcend, we've used BeyondCorp for all of
       | our internal sites, as well as for our communication between
       | services.
       | 
       | Please let us know if you have any questions about getting
       | started :)
        
       ___________________________________________________________________
       (page generated 2020-10-26 23:00 UTC)