Google Cloud’s new tool enables some remote work without a VPN

Google Cloud has introduced BeyondCorp Remote Access, a zero-trust platform that lets employees and extended workforce access internal web apps from any device without a traditional remote-access VPN.

On Monday (20 April), Google Cloud announced its plans to roll out BeyondCorp Remote Access, a new cloud-based product that enables employees to securely access their company's internal web apps from any device or location, without the use of a VPN.

The announcement was made in a blogpost written by Google Cloud vice-president and general manager, Sunil Potti and the company's director of product management, Sampath Srinivas.

The company said that it was launching BeyondCorp Remote Access after numerous discussions with customers who are concerned about adapting to remote working life while keeping their data protected.

Google Cloud is collaborating with Deloitte's cyber practice to deliver the end-to-end architecture, design and deployment of the new tool to companies that are intrigued by the technology.

BeyondCorp Remote Access

According to Google Cloud, companies have been looking for new, more efficient ways to provide workers with access to key internal applications.

The company said: “Workers can't get to customer service systems, call centre applications, software bug trackers, project management dashboards, employee portals and many other web apps that they can normally get to through a browser when they're on the corporate network in an office.”

In an effort to solve some of these issues, Google Cloud has launched BeyondCorp Remote Access, which is based on the zero-trust approach the company has used internally for almost a decade.

The platform enables employees and extended workforce to access these internal web apps from “virtually any device, anywhere, without a traditional remote-access VPN”.

Potti and Srinivas have said that over time, the company plans to offer the same capability, control and additional protections for “virtually any application or resource a user needs to access”.

What's wrong with a regular VPN?

According to Google Cloud, traditional VPN infrastructure can be difficult for IT teams to deploy and manage for so many new users in such a short period of time, as was necessary in the middle of March when millions of workers migrated from offices to their homes.

Potti and Srinivas wrote: “From the user perspective, VPNs can be complex, especially for those who haven't used one before. These problems are exacerbated when organisations try to roll out VPN access to their extended workforce of contractors, temporary employees and partners.

“VPNs can also increase risk since they extend the organisation's network perimeter and many organisations assume that every user inside the perimeter is trusted.”

Google Cloud has been developing BeyondCorp since 2011, to enable Google employees and the firm's extended workforce to work from untrusted networks on a variety of devices without a client-side VPN.

The company said that its solution ensures that “only the right users access the right information in the right context”.

Policies can be set on the platform, for instance, only enabling particular employees to access web-based document management systems and nothing else, and only if they have the latest version of the OS or are using phishing resistant authentication like security keys.

In the past, Google has released similar products based on the principles behind BeyondCorp, such as the Identity Aware Proxy (IAP) which is used to help Google Cloud customers control access to cloud and on-premises applications and VMs on the platform.

The company also introduced Cloud Identity in 2018 to give customers a single console to manage users, devices, apps and access.