The COVID-19 pandemic is putting pressure on organizations to provide secure and effective remote access solutions to employees. But many businesses are still using ‘forced tunnel’ virtual private networks (VPN) for remote access. Although a tried and tested solution, VPNs can be complex for end users, prone to performance issues, and they are no longer considered the most secure option for remote access.
BeyondCorp Remote Access zero trust network access
To help solve problems with remote access, Google announced April 20th BeyondCorp Remote Access (BCRA). BCRA is a cloud-based remote access solution based on the zero-trust security model. Zero trust is a security framework that dates from 2009. The idea is that you shouldn’t trust anyone. Not even your own employees. Every person accessing your network must be verified. And policies limit the access employees have to corporate IT resources. Policies should provide just enough access to complete work-related tasks and nothing more.
For more information on zero-trust networks, see Choosing between Virtual Private Network and Zero Trust Remote Access Solutions on Petri.
Currently, BCRA supports giving remote workers access to web applications only. But Google says that it plans to extend the product to support virtually any application or resource. In addition to just being a replacement for VPNs, Google says that BCRA helps only the right users access the right information in the right context. Google gives this example policy:
“My contract HR recruiters working from home on their own laptops can access our web-based document management system (and nothing else), but only if they are using the latest version of the OS, and are using phishing-resistant authentication like security keys.”
Image #1 Expand
If this sounds like Azure Active Directory Conditional Access policy, you’d be right. BeyondCorp Remote Access is similar to Microsoft’s zero-trust solution that uses Azure Active Directory and Application Proxy. The key difference at this stage is that Microsoft’s solution works with different kinds of applications, not only browser-based web apps.
BeyondCorp Remote Access aims to get you set up with zero trust faster
BeyondCorp Remote Access requires minimal on-premises infrastructure and changes to existing networks, security policies, and apps. And as BCRA has been used as dog food internally at Google for almost a decade, it thinks you can rely on the solution. Google says the main benefits of BCRA are:
- Keep workers productive
- Retain control
- Deploy quickly
- Avoid disruption
- Lower costs
BeyondCorp started life as an internal project at Google in 2011 to provide zero-trust access to employees. BeyondCorp as a commercial product isn’t new though. It has been part of Google Cloud for some time. Under the covers, BCRA uses Identity-Aware Proxy (IAP) to establish a central authorization layer for applications accessed by HTTPS.
BCRA can provide access to browser-based apps hosted in Google Cloud, other cloud service providers, and on-premises. Google claims that BeyondCorp Remote Access allows organizations to deploy a zero-trust access solution in days. For more information on BeyondCorp Remote Access, see Google’s website here.
The post Google Announces BeyondCorp Remote Access appeared first on Petri.