[Info-vax] Cloud Security - 68M accounts hacked on Dropbox

johnwallace4 at yahoo.co.uk johnwallace4 at yahoo.co.uk
Sat Sep 3 10:18:08 EDT 2016 

On Saturday, 3 September 2016 14:40:05 UTC+1, Kerry Main  wrote:
> > -----Original Message-----
> > From: Info-vax [mailto:info-vax-bounces at rbnsn.com] On
> > Behalf Of johnwallace4--- via Info-vax
> > Sent: 03-Sep-16 5:39 AM
> > To: info-vax at rbnsn.com
> > Cc: johnwallace4 at yahoo.co.uk
> > Subject: Re: [Info-vax] Cloud Security - 68M accounts
> > hacked on Dropbox
> > 
> 
> [snip]
> 
> > 
> > And this is the company that some people are pointing to
> > as an
> > example of the way things should be done.
> > 
> > Even the recently linked whitepaper [1] on how Google no
> > longer
> > distinguish between internal and external access to
> their
> > data,
> > apps, etc ended with a throwaway paragraph equivalent
> > to "this
> > works for our DIY stuff but we haven't tried it with any
> real
> > world use cases."
> > 
> > [1] Sorry, URL forgotten already.
> > 
> 
> I remember reading about this as well. While I agree with
> the strategy of no difference between internal/external
> users (everyone does multi-factor authentication - even in
> office), I think there are better ways to implement this.
> 
> This may not be the exact link, but -
> http://static.googleusercontent.com/media/research.google.
> com/en//pubs/archive/43231.pdf
> 
> 
> Regards,
> 
> Kerry Main
> Kerry dot main at starkgaming dot com

That's the article and these are the paragraphs I referred to.

"We anticipate a long tail of workflows that will take some time 
to move to BeyondCorp. For example, fat-client applications that 
use proprietary protocols to talk to servers will be a challenge. 

We are investigating ways to BeyondCorp such applications, 
perhaps by pairing them with an authentication service. "

OK.

"As we move forward with the migration to BeyondCorp, we 
intend to publish subsequent articles explaining why and how 
Google has moved to BeyondCorp, with the goal of encouraging 
other enterprises in implementing similar strategies."

Anybody seen any subsequent articles, or is this another of
Google's ever-increasing history of launch in a blaze of 
publicity and quietly withdraw later?
E.g. Yet another Register article where the comments are at least
as informative as the article:
http://forums.theregister.co.uk/forum/1/2016/04/06/googles_beyondcorp_security_policy/

I'm sure Google have some great people and great ideas. For 
their business and their workload. But as far as most 
businesses are concerned they're in a parallel universe.

More information about the Info-vax mailing list