My interpretation of beyond corp is about creating a very small inner parameter where only the prod machines have access - and those “airgapped” super-admin laptops that the article talks about.
99% of dev and admin work then takes place outside that perimeter, outside the VPN, by authenticating machines and encrypting traffic with TLS.
Since you will always expect compromised machines and bad actors in this area outside the inner perimeter, a four-eyes principle for any critical actions, such as code changes and configuration changes, is necessary.
99% of dev and admin work then takes place outside that perimeter, outside the VPN, by authenticating machines and encrypting traffic with TLS. Since you will always expect compromised machines and bad actors in this area outside the inner perimeter, a four-eyes principle for any critical actions, such as code changes and configuration changes, is necessary.