Hacker News new | past | comments | ask | show | jobs | submit login

Exactly my point, Zero Trust is good strategy and mindset. BeyondCorp though is short sighted and seems more like a solution from a company that wants to sell its cloud sooutions, by trying to make VPN evil by suggesting you should not have a network perimeter at all:

"Connecting from a particular network must not determine which services you can access."

I argue, that a simple source IP check is still one of the most significant and effective defense in depth measures that can be put in place. Not doing it seems like lack of due diligence to me. Its the first level of defense to which more security needs to be added on to.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact