Google LLC said today that its BeyondCorp Enterprise framework is now generally available to all enterprises that want to enjoy the benefits of the “zero-trust” security model.

BeyondCorp Enterprise is a security framework that involves shifting access controls from the perimeter to individual devices and users, thereby enabling employees to work securely from any location without the need for a traditional virtual private network.

With BeyondCorp Enterprise, access control is no longer based on whether users are requesting that access from inside or outside of the corporate network. Instead, under the zero-trust model, it’s assumed that users requesting access from inside the network are just as untrustworthy as those seeking remote access, so access requests are instead granted based on details about the particular users, their jobs and the security status of the device they’re using.

In a blog post, Google Cloud Security Vice President and General Manager Sunil Potti said that one of the biggest challenges for security teams is to “enable disruptive innovation in security without disrupting security operations.”

BeyondCorp Enterprise is both an extension of, and a replacement for the BeyondCorp Remote Access offering that was launched last year to help secure companies that had no choice but to switch to remote work because of the COVID-19 pandemic. BeyondCorp Remote Access was a more limited version of the BeyondCorp framework that implemented zero-trust access controls for the most sensitive applications and data only, to ensure workers can do their jobs safely from home.

“We’ve invested many years to bring our customers a solution that is cost-effective and requires minimal disruption to existing deployments and business processes, using trust, reliability and scale as our primary design criteria,” Potti wrote.

In a press briefing, Potti added that zero-trust security has become critical to prevent new kinds of cyberattacks on the increased number of devices that are located outside of traditional corporate networks. “Without this, we’ll never make a sea change in trust and security,” he said.

Potti explained that the new BeyondCorp Enterprise offering is closely entwined with the Chrome browser, which now provides embedded threat and data protection to prevent malicious and unintentional data loss and exfiltration, including copying and pasting of data and malware infections.

It also provides strong phishing-resistant authentication that helps to ensure users are who they say they are. With BeyondCorp Enterprise, organizations can implement additional resource-dependent authentication controls prior to access, such as enforcing the use of phishing-resistant security keys. Companies can also choose to access continuous authorization to support granular resource access policies that incorporate identity, GEO-IP location and device information.

With this, “each and every interaction between a user and a BeyondCorp-protected resource is evaluated in real-time against the resource’s access policy to ensure users are and remain authorized to access it.”

Moreover, Google says, BeyondCorp Enterprise is extremely dependable, with a global network that consists of 144 network edge locations that enable people to work reliability and efficiently from anywhere on the planet. It’s also backed by Google’s highly scalable distributed-denial-of-service attack protection service, that has been shown to withstand DDoS attacks of up to 2.5 terabytes per second.

The entire framework is unobtrusive too, so most users will not even notice the security that underpins their day to day work. “We are trying to make security go into the background as much as possible,” Potti explained. “The best security is invisible security.”

Google has also built an ecosystem around zero-trust security through the BeyondCorp Alliance, which brings together various security firms and data management providers whose tools help to create a more reliable security framework. For example, it has partnered with the endpoint security startup Tanium Inc. so companies can incorporate the attack signals that platform generates when designing their access policies. Other partners include Check Point Software Technologies Ltd., Lookout Inc., VMware Inc., Palo Alto Networks Inc. and Symantec Corp.

“The battle for security never stops, and enterprises look for vendors to assist them in this effort,” said Constellation Research Inc. analyst Holger Mueller. “With strong network and edge capabilities, Google is bringing a very attractive offering forward.”

With reporting from Robert Hof

Image: Google