How to use BeyondCorp to ditch your VPN, improve security and go to the cloud
For those that aren’t familiar with it, BeyondCorp is a security approach used by Google that allows employees to work from anywhere, quickly and easily.
This is easier said than done. In 2010, we undertook a massive project to rethink how to provide employees with secure remote access to applications: We moved away from our corporate VPN, and introduced BeyondCorp, a zero-trust network security model.
With BeyondCorp, we no longer have a binary access model, where you are either inside the whole corporate network, with all the access that allows, or outside and completely locked out of applications. Our new approach provides a better, more convenient, and less risky way: access to individual services as you need them, based on who you are and what machine you're using.
While BeyondCorp makes applications easily accessible from anywhere, it also improves security in other ways. Over the course of the migration we’ve discovered services that we thought were long dead, because this change required taking a detailed look at our traffic, our dependencies and our employee usage patterns. It’s also allowed us to scale globally while reducing our attack surface, and increased our ability to provide access when appropriate.