> Better to isolate services from each other limiting cross service jumping, than to build security around a single point of failure
I agree that it is better, but let’s not forget that building security around a single point of failure is still an improvement, that is simultaneously both high and low friction.
Bad: everything exposed to the internet
Good: everything behind a VPN
Best: Every application on its own micro-segment with access control up to the application layer to restrict all forms of access beyond the bare minimum of what is required.
Perfect is the enemy of good.
> Google has gone the opposite direction
Google scale solutions are great for google scale organisations. They don’t always scale down very well.
> Every application on its own micro-segment with access control up to the application layer to restrict all forms of access beyond the bare minimum of what is required.
I hope for the operator team that they have good tool support to help administer all the access controls. Over time and across large organisations there are going to be a lot.
The even larger challenge must be auditing all these access controls. Services change, and if a connection is not required anymore, it should be painless for its operators to get rid of the corresponding access control.
I feel like throwing everything behind a VPN and pretending it is secure is a crux.
Several famous break-ins over the last ten years have hypothetically been on the inside of that wall.
Better to isolate services from each other limiting cross service jumping, than to build security around a single point of failure.