Google Unveils an Internal System for Secure Remote Access

Google debuted BeyondCorp Remote Access, a cloud-based service allowing remote access of internal systems without using a virtual private network (VPN). With so many employees working from home during the coronavirus pandemic, Google said it has “heard repeatedly … that organizations need an easier way to provide access to key internal applications.” Based on a product built for internal use almost ten years ago, the system uses a “zero-trust approach,” which requires additional authentication before granting access.

VentureBeat reports that, “BeyondCorp Remote Access is also another example of advanced technology companies like Google taking their own internal IT projects and turning them into resources for general use, such as Kubernetes or Vitess.”

“We keep seeing some version or flavor of the same problem over and over, and we wanted to bring something that solves that problem quickly and easily for people,” said Google Cloud Security chief marketing officer Rick Caccia, who added that Google has found “that VPNs pose a challenge as companies attempt to deploy and configure a huge number in a short period of time.” The VPN architecture “may not be equipped to handle the load” when the number of remote connections skyrocket.

Google started trying to “simplify its own network access” in 2011, which led to BeyondCorp, which “made it far easier to set specific access policies for a narrow set of users around each internal application … [and] avoids the need for a VPN through a design that includes a database of every device authorized to connect, a security certificate installed on that device, and integration with a human resources database that includes information about usernames and group memberships.”

Employees “enter the network remotely through a single sign-on system that authenticates them across the internal databases, making the process fairly seamless.”

On the Google Cloud blog, the company stated that, with the uptick in remote working, employees “can’t get to customer service systems, call center applications, software bug trackers, project management dashboards, employee portals, and many other web apps that they can normally get to through a browser when they’re on the corporate network in an office.”

“The root problem lies with the remote-access VPNs organizations normally use … [which] can be difficult for IT teams to deploy and manage for so many new users in a short period of time,” it added, noting that VPNs can “also increase risk since they extend the organization’s network perimeter, and many organizations assume that every user inside the perimeter is trusted.”

“BeyondCorp offers much more than a simpler, more modern VPN replacement,” it said. “It helps ensure that only the right users access the right information in the right context.” Google added that, with BeyondCorp, organizations can “get started today solving the pressing problem of remote access to internal web apps for a specific set of users.”