Jump to Content
Security & Identity

Keep your teams working safely with BeyondCorp Remote Access

April 20, 2020
Sunil Potti

VP/GM, Google Cloud Security

Sampath Srinivas

Director, Product Management, Google Cloud

The COVID-19 pandemic is affecting organizations in different ways, whether it’s hospitals or governments directly impacted by the coronavirus or businesses that need to rapidly evolve to support new work-from-home scenarios. Over the last few weeks, we’ve had numerous conversations with customers about how we can help them adapt to new ways of working, while keeping their data protected. 

As the number of remote workers increases drastically in a short period of time, one thing we’ve heard repeatedly is that organizations need an easier way to provide access to key internal applications. Workers can’t get to customer service systems, call center applications, software bug trackers, project management dashboards, employee portals, and many other web apps that they can normally get to through a browser when they’re on the corporate network in an office.

To help customers solve this problem and get their workers the access they need, today, we’re introducing BeyondCorp Remote Access. This cloud solution—based on the zero-trust approach we’ve used internally for almost a decade—lets your employees and extended workforce access internal web apps from virtually any device, anywhere, without a traditional remote-access VPN. Over time, we plan to offer the same capability, control, and additional protections for virtually any application or resource a user needs to access.

BeyondCorp Remote Access’s high-level architecture.

Let’s take a deeper look at today’s pressing remote access challenge and our solution.

The VPN issue

The root problem lies with the remote-access VPNs organizations normally use. Traditional VPN infrastructure can be difficult for IT teams to deploy and manage for so many new users in a short period of time, and they’re struggling under the load. 

From the user perspective, VPNs can be complex, especially for those who haven’t used one before. These problems are exacerbated when organizations try to roll out VPN access to their extended workforce of contractors, temporary employees, and partners. VPNs can also increase risk since they extend the organization's network perimeter, and many organizations assume that every user inside the perimeter is trusted.

Our approach to remote access

We believe there’s a better way. Recently, as we’ve asked most of our employees and extended workforce to work from home due to COVID-19, their ability to access apps and get work done has not been significantly affected. We didn’t just roll this new capability out. In 2011, we started our journey to implement a zero-trust access approach we called BeyondCorp. Our mission was to enable Google employees and our extended workforce to work successfully from untrusted networks on a variety of devices without using a client-side VPN.

BeyondCorp’s high-level architecture.

But BeyondCorp offers much more than a simpler, more modern VPN replacement. It helps ensure that only the right users access the right information in the right context. For example, you can enforce a policy that says: “My contract HR recruiters working from home on their own laptops can access our web-based document management system (and nothing else), but only if they are using the latest version of the OS, and are using phishing-resistant authentication like security keys.” Or: “My timecard application should be safely available to all hourly employees on any device, anywhere.”

Defining access policies in BeyondCorp Remote Access.

BeyondCorp delivers the familiar user experience that helps make our employees and extended workforce productive inside the office, along with the heightened security and control we require outside.

Get started with a proven solution

While we’ve been big supporters of this zero-trust access approach for many years, we know it’s not something that most organizations will deploy overnight. However, you can get started today solving the pressing problem of remote access to internal web apps for a specific set of users. 

With BeyondCorp Remote Access, we can help you do this in days rather than the months that it might take to roll out a traditional VPN solution, whether your applications are hosted in the cloud or deployed in your datacenter. We are collaborating with Deloitte’s industry-leading cyber practice to deliver end-to-end architecture, design, and deployment services to support your zero-trust journey. 

The components of the solution are based on Google’s own decade of experience implementing the BeyondCorp model and have been “battle-tested” in production by thousands of Google Cloud customers, including New York City Cyber Command:

"We are responsible for leading the cyber defense of America’s largest city," said Colin Ahern, Deputy CISO at New York City Cyber Command. "It is vital that our Agency personnel are able to access critical applications no matter the situation or location. Google's BeyondCorp has allowed us to build a zero-trust environment where our team can quickly and securely access essential resources from untrusted networks."

We’re committed to helping you meet the immediate need for rapid rollout of remote access today, while enabling you to build a more secure foundation for a modern, zero-trust access model tomorrow. If this is something that might be useful for your organization, get in touch, we’re eager to help.

Posted in