Kit Wai Chan - Fotolia
Google unveils BeyondCorp Remote Access as VPN alternative
Google unveiled a new iteration of its zero-trust network offering with BeyondCorp Remote Access, which is designed to help remote workers securely connect to critical web apps.
Google is extending its BeyondCorp service for zero-trust networks to aid remote works amid the COVID-19 pandemic.
The company introduced BeyondCorp Remote Access, which Google said will allow employees and extended workforce members to securely connect to internal web applications without using a VPN. In a blog post published Monday, Sunil Potti, vice president and general manager of Google Cloud, said BeyondCorp Remote Access will alleviate the burden on corporate VPNs, which have been overloaded in recent weeks as an increasingly large number of enterprise employees have been told to work from home.
Google's VPN alternative, Potti's blog post said, is designed to provide employees secure access to corporate web apps "from virtually any device, anywhere" by allowing enterprises to craft policies that grant conditional access to employees based on specific criteria. As an example, Potti described a scenario where HR recruiters working from home could only access an organization's document management system -- though nothing else -- if their personal laptops' OS is up to date and has antiphishing authentication like physical security keys.
Google first began developing its zero-trust network model for internal usage in 2011 with the goal of shifting security controls from the network perimeter to individual devices and their users. Instead of using firewalls and VPNs to protect web apps, the model allows Google employees, contractors and other authorized users to work from untrusted networks such as their homes, a hotel or an airplane.
The zero-trust network approach treats every device and user as untrusted unless they meet certain requirements about the device identity and configuration and the user's permissions and roles. Instead of a creating a private network connection between a device and the corporate environment, connections are run through components, including an SSO system to authenticate the user; an internet-facing proxy that applies encryption; an asset inventory database to confirm the identity of the device; and an access control engine that reviews the relevant information and enforces enterprise security policies before approving the connect.
In 2017, Google rolled out BeyondCorp, a commercial version of its own zero-trust network model, to other enterprises. BeyondCorp Remote Access is a variation of that model that focuses specifically on internal web apps that require VPNs for employees to access. Potti said Google plans to expand the cloud service for "virtually any application or resource a user needs to access."
In addition to offering secure and reliable access, Potti said, BeyondCorp Remote Access can be deployed in enterprises more quickly and easily than client-side VPNs. Numerous reports have indicated VPN usage has skyrocketed in recent weeks during the coronavirus pandemic.
"With BeyondCorp Remote Access, we can help you do this in days rather than the months that it might take to roll out a traditional VPN solution, whether your applications are hosted in the cloud or deployed in your data center," he said. "Using BeyondCorp Remote Access, you can offload some of the strain on your existing VPN deployment, saving critical capacity for the users who already have access and need it most."
Potti added that Google is partnering with Deloitte Cyber Services to design and deploy the new offering. Deloitte did not respond to requests for comment at press time.