Albert Einstein said he got some of his best ideas while shaving. Thanks for that, Al. Since I don’t shave (or take long walks) I get some of mine at a bar called The Flytrap, which is next door to my old office in San Francisco. That’s where I got an insight that changed the course of my professional life — and that now is influencing the $120 billion that will be spent to replace the obsolete digital security models that 98% of corporations rely upon today.
You see, on April 14th, 2014, Google published “A New Approach to Enterprise Security.” After work that day, my team and I went to The Flytrap and read the declaration over and over again. What we were reading, we realized, was a survivor’s guide to corporate security in the new world. And if enterprise IT didn’t start paying attention to the high-level components of the vision that Google called “BeyondCorp,” they’d get left behind. Or worse.
As we plunged deeper into Google’s document, something felt familiar. Google’s radical approach to IT security theory (a response to the Aurora hack) reminded me of 2006, and the eye-opening improvements that companies were achieving by moving workloads off premise (another rad idea) and onto a centralized network. Like the cloud, I realized, BeyondCorp would dictate enterprise infrastructure investments for decades.
Anyone who didn’t embrace the cloud movement back in 2006 has a chance at full redemption now. That’s because the BeyondCorp movement, already accelerating dramatically, is going to wipe inadequate perimeter-based security models (think VPNs, tokens, unrestricted access) off the map. For kicks, we did a little bar-napkin math back in 2014, based on industry projections that security-related IT spending is set to reach $120 billion by 2021. What percentage of this spending will be funneled towards the BeyondCorp approach? A lot? Most? All of it? We agreed that “a lot” was the floor. And we agreed that we had to get involved. But how?
At the time, I was working at Rackspace. And I was happy. We were the home of Fanatical Support. Sure, it sounds hokey. Like something you’d scoff at if you saw it on a T-shirt. But Fanatical Support is a real thing. Customers love Rackspace. And many explained, in heartfelt detail, how we fueled their own missions by delivering incredible user outcomes in a space better known for outages at the worst time and blood-boiling indifference. This mattered to me.
But after reading about the BeyondCorp approach to security, I began thinking of new ways I might be able to serve IT users. I found myself staring at the VPN token hanging around my neck like some kind of digital albatross. I watched the 6 digits change every 60 seconds or so, and felt annoyed, if not insulted. I thought about the issues created for companies who had no other choice but to use them. I had no doubt, at that very moment, thousands of people were logging into their company network remotely to update an urgent proposal, join an all hands meeting, or submit an eye-popping expense report. Maybe not aware, that once inside, the VPN itself is pretty lawless. Tokens work. But they’re also an all access pass, that, in the wrong hands, could do insurmountable damage. In summary: Users don’t love them. And IT leaders should fear them. How’s that for an incredible user outcome?
Looking back at my career, I can hang all the high points on great customer feedback. This helped me think about BeyondCorp differently. Yes, it’s evidence of Google’s genius. Yes, it’s going to obliterate perimeter-based security models. Yes, the economics driven by the shift (among the Fortune 1000 alone) are staggering. But, it’s also an open invitation to anyone who is motivated to deliver the best possible outcomes for users in an area of IT where the best possible outcome has to be the only outcome available.
That’s why, three years ago, I and several members of my team at Rackspace accepted Google’s invitation to join the BeyondCorp movement. We formed a company called ScaleFT. We set out to create the best possible outcomes for companies that want to secure their environments the way Google does, but that don’t know where to begin. We help companies deploy their own BeyondCorp-inspired security architectures. We meet those companies exactly where they are, then help get them where they need to be.
On April 18, we’re hosting the BeyondCorp Community Lounge during RSA 2018 at 111 Minna.
We welcome you to drop in and listen to some of the speakers, grab a drink or just take a breather from the RSA conference activity. It’s hard to know when great ideas will walk into our lives. But we promise you’ll walk out of here with a few.