>BeyondCorp lets users connect to corporate resources behind a proxy, without a VPN.
BeyondCorp is about trusting nothing and allowing what is allowed. It's an inversion of being Inside or Outside the network, in that everyone is outside. When they say "without a VPN" what they mean is that you arent connecting to inside the trust and then gaining access to everything.
This product from cloudflare, by integrating with an identity manager, is offering that same kind of deny by default, and allow the allowlist type paradigm. Whether or not it is VPN tech is a bit irrelevant, and misses the point of BeyondCorp. Googles implementation was a proxy by choice, but it's not the only way to accomplish the same idea. I get that you get that, but drawing the beyondcorp/not-beyondcorp line at vpn/proxy is missing the forest for the trees.
BeyondCorp is about trusting nothing and allowing what is allowed. It's an inversion of being Inside or Outside the network, in that everyone is outside. When they say "without a VPN" what they mean is that you arent connecting to inside the trust and then gaining access to everything.
This product from cloudflare, by integrating with an identity manager, is offering that same kind of deny by default, and allow the allowlist type paradigm. Whether or not it is VPN tech is a bit irrelevant, and misses the point of BeyondCorp. Googles implementation was a proxy by choice, but it's not the only way to accomplish the same idea. I get that you get that, but drawing the beyondcorp/not-beyondcorp line at vpn/proxy is missing the forest for the trees.