Google extends its BeyondCorp security model to G Suite

BeyondCorp is Google’s model for securing networks not just through VPNs and other endpoint security techniques, but through a model that focuses on context-aware access policies that focus on the user’s identity, hardware and the context of the request. That has been Google’s internal security policy for a while now and over the last few months, it started bringing it to its own customers, too, starting with its Cloud Identity-Aware Proxy, which is now generally available, and its VPC Service Controls.

Today, the company is extending these context-aware access capabilities to its Cloud Identity user and device management service, as well as G Suite, its productivity suite. So while earlier implementation centered around protecting a company’s technical cloud infrastructure, this release focuses on devices and cloud-based apps like Gmail, Drive, Docs, Sheets and Calendar.

In this context, some devices, for example, may be more highly trusted because they have been enrolled in the Cloud Identity service and because a number of security policies are in place for it. That’s a different kind of security posture than a system that simply trusts users because they come through a specific VPN.

Context-aware access for G Suite apps is now in beta, but only for customers who subscribe to Cloud Identity Premium, G Suite Enterprise and G Suite Enterprise for Education.

With today’s release, Google also announced the BeyondCorp Alliance, which brings together a number of security and management partners. These include Check Point, Lookout, Palo Alto Networks, Symantec and VMware. According to Google, these companies are all working to bring device posture data to Google’s context-aware access engine.