The article mentions MUSCULAR, but neglected the follow-up: shortly after the leaks, Google began encrypting all of its internal traffic over its own fiber links.[0]
First, it's worth pointing out that "encrypt everything in flight always" is not prohibitively expensive on modern hardware; also that your own internal network should not be viewed as an impenetrable bastion where you can let down your guard, just because you keep a close eye on the external routers.
“Security of organisations should be done in layers” and each layer makes breaking into your (whole) organisation harder, but comes with friction for your staff.
No, I think the new consensus is that all systems are vulnerable (obviously true if all systems have users with access, whom may be compromised) - so not layers: compartments (and need to know;need to access).
I believe this is part of eg google/alphabet's new model: no hard wall, soft "inside" (egg model). Just stand alone secure sub-systems with ACL (access control lists) mediating access on a user-by-user, sub-system by sub-system level. No real trust in "location" as proof of authorization (I assume truly, off-grid clean rooms are excepted) - because "everything" needs access to networked resources.
First, it's worth pointing out that "encrypt everything in flight always" is not prohibitively expensive on modern hardware; also that your own internal network should not be viewed as an impenetrable bastion where you can let down your guard, just because you keep a close eye on the external routers.
[0] https://www.washingtonpost.com/business/technology/google-en...