That is a bit hypocritical of Google though since they do have scanned mails of their users for example. In that way they certainly did implement zero trust, but maybe here it has another meaning.
And I don't think such an architecture fits every company. Most (non-software) tech companies suffer under simple social engineering, scam mails and giving third parties their credentials. A threat is also economic espionage in all its forms.
Google certainly has other security concerns as well. Internal whistleblowers and maybe activist circles that run counter to the vision of management. For these problems their architecture might make sense, but it doesn't mean every company has the same threat vectors.
Of course security problems can be solved, but the infrastructure needed isn't trivial and many software stacks for engineering just don't allow for third party auth anyway.
Many developers (software or not) also shudder about their "managed endpoints". Works for Google obviously, but they are a special case here.
Much more effective here is sensible network segmentation. You don't need fancy auth services for that, just classic IT with a little sense for real threats. "Everything facing the internet" certainly is a very specific strategy that cannot be generalized.
And I don't think such an architecture fits every company. Most (non-software) tech companies suffer under simple social engineering, scam mails and giving third parties their credentials. A threat is also economic espionage in all its forms.
Google certainly has other security concerns as well. Internal whistleblowers and maybe activist circles that run counter to the vision of management. For these problems their architecture might make sense, but it doesn't mean every company has the same threat vectors.
Of course security problems can be solved, but the infrastructure needed isn't trivial and many software stacks for engineering just don't allow for third party auth anyway.
Many developers (software or not) also shudder about their "managed endpoints". Works for Google obviously, but they are a special case here.
Much more effective here is sensible network segmentation. You don't need fancy auth services for that, just classic IT with a little sense for real threats. "Everything facing the internet" certainly is a very specific strategy that cannot be generalized.