With the number of employees working at home exploding during coronavirus lockdowns, Google is rolling out a new security service designed to allow remote access of internal systems without using a virtual private network.
BeyondCorp Remote Access is a cloud-based security product based on a system that Google originally built for internal use almost a decade ago. In a blog post, the company says it uses a “zero-trust approach,” which would typically require some kind of additional authentication before granting access to an external source.
The product’s release comes at a time when remote working has placed new security pressures on organizations that are scrambling to adapt their networks. BeyondCorp Remote Access is also another example of advanced technology companies like Google taking their own internal IT projects and turning them into resources for general use, such as Kubernetes or Vitess.
“This is like a rifle shot,” said Google Cloud Security CMO Rick Caccia. “We keep seeing some version or flavor of the same problem over and over, and we wanted to bring something that solves that problem quickly and easily for people.”
In this case, Google says that VPNs pose a challenge as companies attempt to deploy and configure a huge number in a short period of time. When companies want to allow limited access to partners or contractors, it can be tricky to set up a secure but limited set of access rules. At the same time, when the number of remote connections suddenly soars, the VPN architecture may not be equipped to handle the load.
In addition, users not accustomed to VPNs can sometimes find them to be surprisingly challenging to use.
Caccia said BeyondCorp was designed from the start to deal with such scenarios. Google had been trying to simplify its own network access features going back to 2011, leading to the creation of BeyondCorp. The system made it far easier to set specific access policies for a narrow set of users around each internal application.
Inside Google, BeyondCorp avoids the need for a VPN through a design that includes a database of every device authorized to connect, a security certificate installed on that device, and integration with a human resources database that includes information about usernames and group memberships.
From the employee side, they enter the network remotely through a single sign-on system that authenticates them across the internal databases, making the process fairly seamless. There is no need to install or configure a separate piece of software.
With BeyondCorp Remote Access, companies facing similar issues, whether they are Google Cloud customers or not, can use this version to help directly solve those problems. The service is generally available starting today.