by Leon Rosenshein

From BeyondCorp to BeyondProd

Like what they do and stand for or not, there's little question that Google has a very large presence and impact on the technology world. From defining a language (Golang), a build system (Bazel), a container management system (Kubernetes), and a database (Bigtable) to an entire service mesh to tie them together (Istio), a lot of what is used is based on what Google has done and is doing. And it's not just the technology itself, it's how those technology pieces get put together. Google's recent white paper BeyondProd is all about how to securely connect all those microservices. And not just securely connect, but know that the thing you're running is the thing you expect it to be. That it was built securely, from a secure, reviewed source repository, with approved libraries and dependencies. 

And it all starts with Identity. In the security world it's called Authentication (AuthN). Everything command/message/request has to come with an identity that is verifiable. And until you have AuthN you don't need to worry about Authorization (AuthZ). Without AuthN, AuthZ is a false sense of security.

And that's what Zero-Trust is all about. Ensure that everything you hear is from who you think sent it and that identity is allowed to do whatever it's trying to do. That's "Zero Trust", and where we're headed. Without it, you're never really sure. For a long time in Core Business there were a set of APIs that were only accessible to the rtapi service. And those APIs knew that a caller was rtapi because there was a header, `uber-caller` that was set to `rtapi`. As long as the caller was on the PROD network and had that header the services accepted it and did their thing.

As you might imagine, pretty soon every service added that header. A few different things happened. First was that there was no traceability. Then the services fell over because they were scaled for the expected traffic. Then the abstraction leaked. Then some data got to other services. Eventually it turned into a big bowl of spaghetti that we're still trying to unravel.

So let's not do that to ourselves. We might not be Zero Trust now, but we will be, so keep that in mind as you design your services/libraries/systems.