Don't worry, the industry moves so fast that entire generations have come and retired in the 11 months since they last leaked private data all over the Internet
For small companies, this can be a valuable tradeoff. For example, we just secured a background processing service using Cloudflare Access; very practical and without too much security tradeoffs.
> Encrypted: As Cloudflare makes all connections secure with HTTPS there is no need for a VPN.
If Cloudbleed has taught us something, it's that cloudfare idea of "fully encrypted" doesn't fully include what's happening inside their own (virtual) walls.
Some may still consider the way they do it ok for websites. I don't, encryption between my customer and me, not between them and cloudflare, opening their data to another actor they have to trust without even knowing it, especially since most of my customers and myself are in Europe not the USA, so I don't want any US authorities to be able to intercept my stuff through them.
But for your company internal stuff ? I get that most companies don't really get pressured to take good care of users data because leak usually hurt the consumers themselves the most, not them, and they don't get blamed for it much. But surely it's not hard to see how opening your own internals is asking for troubles ...
You give all access to cloudflare, you give all access to bugs in cloudflare's software (like cloudbleed), you give all access to any authorities with influence over cloudflare, you give all access to hacker who can get inside cloudflare (even if they only get one small opening into where you data comes through), ... And this time it's not your customers' stuff, it's yours (not saying it doesn't matter when it's theirs, but it's easier to dismiss by Mr Bean Counting Project Manager).
If I am wrong in assuming this and the connection is made user to final endpoint without decryption at cloudflare level I couldn't see it when looking at that page.
> If Cloudbleed has taught us something, it's that cloudfare idea of "fully encrypted" doesn't fully include what's happening inside their own (virtual) walls.
I think that's a little unfair. Cloudbleed specifically referred to an application that parsed HTML. There's a pretty big logical dependency between "able to optimize our HTML" and "can see our HTML". I feel like the field of homomorphic encryption and HTML parsing is... non-existent.
I both agree and don't see what it changes in my message. Yes, it's obvious that they need to see it to be able to do several features they offer. Doesn't mean it's a good idea to let them see it.
Trading security for convenience has never really been a good deal, and this new product is about doing it with your company's internal.
Almost certainly not because there's usually _something_ inside the corporation and so you then get the need for unified authentication management (e.g. Okta) and some way to access the internal app.
I have also been using oauth2_proxy to allow users to authenticate via SSO and then access a application. It was easy to deploy and has been painless to manage.
I've never worked at Google but I thought BeyondCorp wasn't just about SSO auth. It included a reputation system, 2FA, and geofencing, among other things. This just looks like a fancy authentication facade with logging.
How does this compare to ScaleFT's zero trust web access product? Does Cloudflare do anything special beyond client certs to make authorization decisions after authentication? Seems like an easy pivot and nice accessory on top of argo and warp but there's little to no mention of logic used to detect on-device threats.
I'm with ScaleFT, thanks for the shoutout. We've been huge believers in BeyondCorp since the first paper was released, and have incorporated the concepts into our Web Access product - https://www.scaleft.com/product/web-access
Similarly, apps are placed behind a reverse proxy, which performs authN via your company's IDP, then authZ against the policies associated with the resource. These can be basic RBAC or more device oriented decisions such as whether the client disk is encrypted.
We also believe a SaaS model is the way to make BeyondCorp a reality for companies who aren't Google, but there's more to it than a proxy service. We've found the more challenging aspects of a complete system to be the policy engine and device bindings, and have spent the past couple years working to offer with our product.
Glad to see CloudFlare talking about BeyondCorp, the more who are providing solutions in this space, the easier it will be for companies who are not Google to get there.
This only works for HTTP, and all systems are not HTTP nor should they be HTTP.
We've gone far, far backward in networked system capability and efficiency by trying to shoehorn all possible uses of a network into a massively overloaded document retrieval protocol.
21 comments
[ 3.2 ms ] story [ 61.3 ms ] thread(Don't even get me started on FlexSSL!)
I'd say this goes way beyond the theoretical means of (illegal) access CA might have.
If Cloudbleed has taught us something, it's that cloudfare idea of "fully encrypted" doesn't fully include what's happening inside their own (virtual) walls.
Some may still consider the way they do it ok for websites. I don't, encryption between my customer and me, not between them and cloudflare, opening their data to another actor they have to trust without even knowing it, especially since most of my customers and myself are in Europe not the USA, so I don't want any US authorities to be able to intercept my stuff through them.
But for your company internal stuff ? I get that most companies don't really get pressured to take good care of users data because leak usually hurt the consumers themselves the most, not them, and they don't get blamed for it much. But surely it's not hard to see how opening your own internals is asking for troubles ...
You give all access to cloudflare, you give all access to bugs in cloudflare's software (like cloudbleed), you give all access to any authorities with influence over cloudflare, you give all access to hacker who can get inside cloudflare (even if they only get one small opening into where you data comes through), ... And this time it's not your customers' stuff, it's yours (not saying it doesn't matter when it's theirs, but it's easier to dismiss by Mr Bean Counting Project Manager).
If I am wrong in assuming this and the connection is made user to final endpoint without decryption at cloudflare level I couldn't see it when looking at that page.
I think that's a little unfair. Cloudbleed specifically referred to an application that parsed HTML. There's a pretty big logical dependency between "able to optimize our HTML" and "can see our HTML". I feel like the field of homomorphic encryption and HTML parsing is... non-existent.
Trading security for convenience has never really been a good deal, and this new product is about doing it with your company's internal.
That might obviate a service like this, or else enterprises will want a service like the to broker auth and monitor access to their SaaS as well.
There are CASB (cloud access security broker) products now that do the monitoring and reporting aspect, though AFAIK don't participate in auth.
Similarly, apps are placed behind a reverse proxy, which performs authN via your company's IDP, then authZ against the policies associated with the resource. These can be basic RBAC or more device oriented decisions such as whether the client disk is encrypted.
We also believe a SaaS model is the way to make BeyondCorp a reality for companies who aren't Google, but there's more to it than a proxy service. We've found the more challenging aspects of a complete system to be the policy engine and device bindings, and have spent the past couple years working to offer with our product.
Glad to see CloudFlare talking about BeyondCorp, the more who are providing solutions in this space, the easier it will be for companies who are not Google to get there.
We've gone far, far backward in networked system capability and efficiency by trying to shoehorn all possible uses of a network into a massively overloaded document retrieval protocol.