We’ve traditionally secured our corporate systems by throwing up a perimeter around them. Until a few years ago, it was relatively easy to define the limits of that perimeter: almost everyone who needed access to our systems was sitting at a desk in one of our corporate locations (or in the data centre). The few users who were mobile or worked remotely could be given a company laptop and access corporate applications via a Virtual Private Network (VPN).
Today, the picture is very different. More of us are working from home or on the move, using personal or company-issued devices. We’re giving front-line workers smartphone apps to help them work more effectively and efficiently when out in the field. We’re increasingly working in teams that span organisational boundaries — and using cloud-based services that may be running anywhere in the world.
VPNs are no longer an effective response to these challenges
- They’re difficult and expensive to set up and manage, especially at scale and when working with users’ own devices.
- They may set limits on how many users can connect and authenticate at once — and once someone’s inside the perimeter, they can easily access many different resources.
- They don’t let you enforce security policies on user devices, such as ensuring the operating system is running the latest security patches.
A new approach to security
What we need today is a new security model that uses contextual clues to set and enforce policies on an application-by-application basis. These contextual clues will ensue access is granted only for:
- specific user groups
- connecting from a particular location — as narrow as a specific office or as wide as the user’s usual country of residence — and during specified hours
- using well-managed devices where minimum security policies are enforced
- using sufficiently secure encryption for network traffic, with the possible addition of strong 2-factor authentication
Introducing Google's BeyondCorp security model
This is the basis for Google’s BeyondCorp security model. Originally created to meet Google’s own security needs, it lets your users connect over any network but only grants access to each application based on the user’s identity and whether the context of their request meets the rules set by your IT and security team. More than that, with BeyondCorp, every separate request must be encrypted, authenticated and authorised — all the time and not just when the user first connects. This allows users to work from anywhere on any device without needing a VPN while still ensuring your company systems and assets remain secure.
BeyondCorp can be implemented one application at a time, letting you start small with a proof of concept before slowly extending it to all your applications. And it can be applied to on-premise solutions as well as applications running in public or private clouds.
Get started with the Google Workspace Security and Trust ebook
To find out more about how Google Security can help your organisation provide secure access to corporate resources from anywhere at any time with solutions like BeyondCorp, read about some of the other ways Google Cloud secures modern end-user computing.
Working with a Google Workspace Premier Partner
Ancoris is only one of a handful of European Google Cloud partners with the Work Transformation Enterprise specialisation. Our deployment experts will help you make a smooth transition―for the technology and for the people using it.
A business is only as good as its people – so why not make them extraordinary? Empowering them to work better together not only unleashes their talent and creativity but makes them your competitive advantage. The modern, easy to use applications in Google Workspace make real-time collaboration a breeze. Combine Google Workspace with Chrome Enterprise and you've got the most secure and mobile workplace.
To complement our technical service delivery consultants, we have a dedicated in-house change management and user enablement team to guide you through the process.