[HN Gopher] Restrict Access to your internal websites on AWS wit... ___________________________________________________________________ Restrict Access to your internal websites on AWS with BeyondCorp Author : giacaglia Score : 30 points Date : 2020-10-26 21:30 UTC (1 hours ago) (HTM) web link (transcend.io) (TXT) w3m dump (transcend.io) | code4tee wrote: | A lot of companies that care deeply about security are moving to | this "trust no one" approach which has the added benefit for end | users of allowing access to "secure internal sites" over the | plain old internet. If done right this can all be a big boost for | security and improved end user experience. That said, the old | "you need to be on the VPN" approach is going to stick around for | some time. | sokoloff wrote: | We're about 1/2 way down this road and it's hard to overstate | how true this is with respect to the benefits for end-user | experience. | | We did it for the security, but if I'd have known the | convenience benefits, I think we'd have started earlier. | ndomer wrote: | For sure, VPNs will always be used. I think it'll take a | BeyondCorp SaaS company to really take off (or have it become a | more "Managed"auth method from the big cloud providers). | | At Transcend we are able to do it because we had an early focus | on protecting our internal apps, but obviously it's a lot | harder to migrate hundreds of services than to start out with a | newer approach. | | I loved not having to use a VPN back when I worked at Google | though, and am glad to see that the open source world is | starting to offer some tools to play around with. | mc32 wrote: | I mean, yes, if you have billions to dedicate to building a | leading class security team-not all organizations have that | money and not all organizations need to take that approach. | Some do and some need to. | ndomer wrote: | Hello everyone! At Transcend, we've used BeyondCorp for all of | our internal sites, as well as for our communication between | services. | | Please let us know if you have any questions about getting | started :) ___________________________________________________________________ (page generated 2020-10-26 23:00 UTC)