Google Cloud on Monday rolled out BeyondCorp Remote Access, a new cloud-based product that allows employees to securely access their company's internal web apps from any device or any location. Amid the scramble to get employees working remotely through the COVID-19 pandemic, the new product aims to quickly provide secure access to browser-based apps.
"Over the last few weeks, we've had numerous conversations with customers about how we can help them adapt to new ways of working, while keeping their data protected," Google Cloud's Sunil Potti and Sampath Srinivas wrote in a blog post.
Existing remote-access VPNs can be difficult to deploy for large numbers of workers at once, the blog post argues. Additionally, the nature of perimeter-based security may be problematic when granting remote access to an extended workforce that can include contractors and temporary workers.
To address those problems, the new tool uses the BeyondCorp framework, a zero-trust approach to security that Google adopted for its own, increasingly mobile workforce back in 2011. In contrast to traditional, perimeter-based security systems, BeyondCorp relies on verification of context, like your identity and the device you're using, to grant access to apps. It routes all traffic through a proxy to determine the identity of a user and what internal data they're allowed to access in the given context.
For instance, with BeyondCorp Remote Access, an admin could set a specific policy for contract HR recruiters working from home on their own laptops -- only granting them access to a web-based document management system if they are using the latest version of the OS as well as phishing-resistant authentication.
While BeyondCorp Remote Access is now offered as a way to safely access internal apps, Google said that over time it will offer the same security capabilities for nearly all applications and resources a user may need to access.
Over the years, Google has rolled out other products based on BeyondCorp, such as Identity Aware Proxy (IAP), which helps Google Cloud customers control access to cloud and on-prem applications and VMs running on Google Cloud Platform (GCP). In 2018, it introduced Cloud Identity, which gives customers one console and platform to manage users, devices, apps and access.
The new product is a subset of Google's other capabilities designed specifically for quickly enabling secure access to internal browser-based apps, whether they're hosted on GCP, on premise or other clouds.