←back to thread

I read the federal government’s Zero-Trust Memo so you don’t have to

(www.bastionzero.com)
656 points EthanHeilman | 1 comments | 27 Jan 22 15:06 UTC | HN request time: 0.207s | source
Show context
ctime ◴[27 Jan 22 18:28 UTC] No.30104196[source]
The real crux of the issue is the long-tail of applications which were never conceived with anything but network-based trust. I'm certain the DoD is absolutely packed with these, probably for nearly every workflow.

The reason this was so "easy" for Google (and some other companies, like GitLab[1]) to realize most of these goals is that they are a web-based technology company - fundamentally the tooling and scalable systems needed to get started were web so the transition were "free". Meaning, most of the internal apps were HTTP apps, built on internal systems, and the initial investment was just to make an existing proxied internal service, external and behind a context aware proxy [1].

The hard part for most other companies (and the DoD) is figuring out what to do with protocols and workflows that aren't http or otherwise proxyable.

[1] https://cloud.google.com/iap/docs/cloud-iap-context-aware-ac...

[2] https://about.gitlab.com/blog/2019/10/02/zero-trust-at-gitla...

replies(2): >>30104404 #>>30104598 #
wordsarelies ◴[27 Jan 22 18:44 UTC] No.30104404[source]
As if Gov't does their own IT infrastrucutre...

This is a windfall for Gov't contractors.

replies(1): >>30106757 #
golem14 ◴[27 Jan 22 21:11 UTC] No.30106757[source]
Hey, at least they're 'our kind' of Gov't contractors. No $640 toilet seats here ;)
replies(1): >>30108630 #
1. dopamean ◴[27 Jan 22 23:36 UTC] No.30108630[source]
"This line of code will be $500 please"