Cloud-native companies don’t work like this.
Google’s Beyondcorp model is a zero-trust model, delivering context-aware access, where no application is trusted. Applications sit inside a secure perimeter, just as traditional applications do. However, the zero-trust or defence-in-depth approach removes the need for VPNs — with both their license and infrastructure cost.
Google Cloud has made enabling BeyondCorp capabilities available to its customers. This comprises of key tools including
- Cloud IAM — Identity and Access Management
- Cloud IAP — Identity Aware Proxy
These tools complement Google Cloud’s array of security capabilities including Cloud Armor, Forseti, VPC networks, firewalls, load balancers, encryption etc
Cloud IAP is the cornerstone of the capability. Taking an authenticated user and only allowing authenticated access to authorised resources, all underpinned by OAuth2.0.
Companies such as Servian and Google, whose internal applications are operating in a BeyondCorp model have had a smooth transition to the working from home norm under COVID-19 conditions.
For companies who have moved to Google Cloud, this solution can unlock a lot of value quickly. The addition of an Identity Aware Proxy to a GCP environment opens up browser based applications with very little additional effort to enable context aware, remote access, of employee applications.
If the GCP environment is connected to an on-prem environment, authenticated network traffic can then also be explicitly routed through to internally hosted apps as well. Ideally all driven through Infrastructure as Code, so the provisioning and networking is explicitly enabled.
We are aware of a couple of our customers starting to use these patterns to rapidly scale out remote access to help their employees access applications that are both in Google Cloud and on-prem.
For more on Google Cloud Identity Aware Proxy head over here.
At Servian, we are also a big fan of Buzzfeed’s open source SSO solution octoboi which acts as an OAuth2 provider for a specific email domain.
So, by now you should’ve somehow realized what you gotta do, if you would like to know more about how Servian can help you operate in Google Cloud — reach out for a copy of our Cloud Blueprint paper or to discuss moving to a BeyondCorp style model for your company.