Google Cloud’s new tool enables some remote access without a VPN

21 Apr 2020

Image: © Andrei/

Google Cloud is rolling out BeyondCorp Remote Access, which allows users to access internal web apps without a traditional remote-access VPN.

On Monday (20 April), Google Cloud announced its plans to introduce BeyondCorp Remote Access, a new cloud-based product that enables users to securely access their company’s internal web apps from any device or location, without the use of a VPN.

The announcement was made in a blogpost written by Google Cloud vice-president and general manager, Sunil Potti, and the company’s director of product management, Sampath Srinivas.

Future Human

They said Google Cloud is rolling out BeyondCorp Remote Access after discussions with customers who are concerned about adapting to remote working while keeping their data protected.

The company is collaborating with Deloitte’s cyber practice to deliver the end-to-end architecture, design and deployment of the new tool to companies.

“Workers can’t get to customer service systems, call centre applications, software bug trackers, project management dashboards, employee portals and many other web apps that they can normally get to through a browser when they’re on the corporate network in an office,” Potti and Srinivas wrote.

“[BeyondCorp Remote Access] lets your employees and extended workforce access internal web apps from virtually any device, anywhere, without a traditional remote-access VPN. Over time, we plan to offer the same capability, control, and additional protections for virtually any application or resource a user needs to access.”

What’s wrong with a regular VPN?

According to Google Cloud, traditional VPN infrastructure can be difficult for IT teams to deploy and manage for large numbers of new users in a short period of time, as was necessary for many companies in the middle of March when millions of workers migrated from offices to their homes.

Potti and Srinivas wrote: “From the user perspective, VPNs can be complex, especially for those who haven’t used one before. These problems are exacerbated when organisations try to roll out VPN access to their extended workforce of contractors, temporary employees and partners.

“VPNs can also increase risk since they extend the organisation’s network perimeter and many organisations assume that every user inside the perimeter is trusted.”

A diagram showing employees, contractors and partners accessing internal apps through a browser after having their identity confirmed and information filtered through proxies, to use browser-based apps on Google Cloud and apps hosted in other clouds or on-premises.

The architecture of BeyondCorp Remote Access. Image: Google Cloud

Google Cloud has been developing the BeyondCorp system since 2011 to enable Google employees and the firm’s extended workforce to work from untrusted networks on a variety of devices without a client-side VPN. The company said the tool ensures that “only the right users access the right information in the right context”.

Policies can be set on the platform – for instance, only enabling particular employees to access web-based document management systems and nothing else, and only if they have the latest version of the OS or are using phishing-resistant authentication like security keys.

In the past, Google has released similar products based on the principles behind BeyondCorp, such as the Identity-Aware Proxy (IAP), which is used to help Google Cloud customers control access to cloud and on-premises applications and virtual machines on the platform.

The company also introduced Cloud Identity in 2018 to give customers a single console to manage users, devices, apps and access.

Kelly Earley was a journalist with Silicon Republic