Google BeyondCorp review

Google BeyondCorp Enterprise is a zero-trust and subscription-based security solution provided by Google

Google BeyondCorp
(Image: © Google)

TechRadar Verdict

Google BeyondCorp Enterprise is the ideal starting point for unlocking the power of a cloud-centric, zero-trust security model. What's more, with the Google brand and the comfort of Chrome integration, Google BeyondCorp is sure to cover all your security bases - provided you're comfortable placing your trust in the cloud and Chrome Browser.

Pros

  • +

    Advanced security

  • +

    Fine-grained access control

  • +

    Fast and scalable deployment

  • +

    Chrome integration

Cons

  • -

    Third-party and legacy systems may not work as intended

  • -

    You will be highly reliant on Google’s ecosystem

Why you can trust TechRadar We spend hours testing every product or service we review, so you can be sure you’re buying the best. Find out more about how we test.

In 2009, a cyber attack known as Operation Aurora spurred Google to take drastic measures and reassess their security protocols. The threat actor, affiliated with China’s People’s Liberation Army, targeted the Gmail accounts of human rights activists in various countries, leading Google to withdraw from the China market. 

In response, Google developed BeyondCorp, a comprehensive Zero Trust network architecture that shifted the perimeter from the network to individual users, thereby replacing the company's traditional VPN-based approach to remote access. Over the decade that followed, BeyondCorp evolved into a complete, secure access control system, protecting both on-premises and remote users' access to Google resources.

Google BeyondCorp Enterprise is a zero-trust and subscription-based security solution provided by Google. It is designed to provide easy and secure on-premise and cloud-based access to valuable corporate applications. Yes, riding on the zero-trust bandwagon is hardly a surprise for Google, considering its pioneering work on this model back in the early 2000s.

Sounds good so far? Let’s see how it works in practice.

Perimeter 81 is a Forrester New Wave™ ZTNA Leader 

Perimeter 81 is a Forrester New Wave™ ZTNA Leader 

Ditch your legacy VPN hardware and automate your network security with ZTNA.  Secure remote access from anywhere with just a few clicks. Onboard your entire organization in minutes, not days. Learn why Perimeter 81 is one of TechRadar's choices for the best ZTNA security providers. Download the report.

 Google BeyondCorp security features 

Google BeyondCorp is a revolutionary security model that has completely transformed the way companies defend their data and applications. With its zero-trust approach, it never trusts any user or device, regardless of if they are inside the corporate network. This paradigm shift is a huge divergence from traditional security models that rely on the trustworthiness of users and devices inside the network. 

Google BeyondCorp ensures that only legitimate users and devices can access company applications and data by using multi-factor authentication. Furthermore, it goes a step further by providing advanced threat detection capabilities. This system constantly monitors and analyzes user activity, searching for any suspicious behavior or signs of a possible breach. If risks are identified, an alert will be sent out with necessary measures being taken to stop further damage. Ultimately, Google BeyondCorp is an effective tool for organizations to protect their data and applications from any internal or external threats.

At the heart of this model is the Zero Trust concept in which nothing is assumed when verifying one’s identity. This means that whenever an employee tries to connect to protected services or assets BeyondCorp will not use the network from which the access request has been made as a reference point for security verification. Instead, it will rely on the specific context relevant to that user and their device. The final outcome should be comprehensive insulation from the cybersecurity risks such as data leakage, malware and phishing attacks, theft of corporate information, etc.

The BeyondCorp solution employs several different security features to ensure users are protected from credential theft and accidental exposure. This is done by granting access only when both a device certificate and user credentials are presented. There is also the On-premises Connector which enables Google Cloud-based Identity-Aware Proxy traffic to travel to and from virtual machines and applications outside the Google Cloud. 

Moreover, the Threat and Data Protection Services provides security intelligence and helps prevent data leakage, malware, and malicious sites. Plus, with the Endpoint Verification feature, administrators can generate a list of devices and set security requirements for each one. Additionally, with the Access Context Manager, custom zero-trust access policies can be quickly created and deployed, with access limits depending on the credential strength and time. 

Rounding out the supported security features are application-based segmentation, one-time passwords, SMS codes, 2SV keys, push notifications, pre- and post-login risk assessments, SSL certificate management, global load balancing, and DDoS protection. All these features are perfectly integrated with the popular Chrome browser, providing users with an agentless and proxy-less solution.

Management features 

The BeyondCorp security model is an effective way to protect your organization's valuable data - and it all starts with the four key pillars of its design that extend into its management features.

Pillar One: Device identity requires all users’ devices to be registered in the system, with up-to-date security patches and a strong cryptographic key for extra security.

Pillar Two: User database and SSO ensures that changes in the organization's teams and roles are always reflected in the access system.

Pillar Three: Removing trust from the network and always-on access control means that each connection is encrypted and authenticated, no matter where it's from.

Pillar Four: An internet-facing access proxy is essential to ensure that only users with verified identities and trusted devices can access the organization's services.

BeyondCorp puts these four pillars together to create a comprehensive, secure system, so you can rest assured your data is safe. The management of these pillars can be done using the Chrome browser, in an easily accessible and oddly familiar way.

Access policies can be managed and controlled via the administration console whenever the users sign into the Chrome browser from any platform. The management of their accounts can be done via Chrome Enterprise, Google Workspace, or Cloud Identity.

The Endpoint Verification feature is a great tool for administrators that allows them to gain valuable insights on the devices from which corporate assets are being accessed. With this data, you can tailor access policies such as password management, safe browsing, and extension management. Moreover, you can also enforce BeyondCorp Enterprise threat and data controls at the profile level to protect users from malicious websites, monitor access to sensitive data, and submit suspicious files for analysis. Additionally, security event reporting for managed user profiles provides you with information about the activities of high-risk users, data protection, and threat reports.

Google BeyondCorp interface 

Finding your way around with Google BeyondCorp should be easy, at least if you are familiar with any of Google’s products, such as the Chrome browser.

Upon signing in to a new profile, accessing protected profiles via Chrome is as intuitive as it gets. In line with predefined access policies, end users may be asked to submit additional information when signing on, including two-factor authentication. What follows involves just taking note of provided instructions for the completion of the Google sign-in process.

The Google BeyondCorp interface is the ideal solution for efficient user access management, combining user-friendliness, intuitive design and powerful features. Whether accessing from any location, device, or internet connection, the interface offers granular access control for admins to tailor permissions for each user, group or device. In addition, real-time monitoring enables admins to detect and respond to any suspicious behavior. Detailed logs and reports make it easy to trace user activity and stay in line with company policies and regulations. Ultimately, the Google BeyondCorp interface simplifies and secures user access control.

Pricing 

When it comes to Google BeyondCorp, one size definitely does not fit all. Tailored to suit the specific needs of organizations, this powerful platform provides flexible pricing plans that accommodate different budgets and company sizes. With the free trial period, new users can try the service out before opting for a paid subscription. 

The Enterprise plan starts at $6 per user per month, while the Essentials plan starts at $4 per user per month. However, keep in mind that there is a minimum contract cost for Enterprise at $14,000 and $10,000 for Essentials. On top of that, Google offers a custom quote for companies which aim to have a custom solution for their business.

The easiest way to decide if six dollars is too much for what is being offered here is to check the list of both paid and baseline features here

Final verdict 

The renowned Google BeyondCorp Enterprise provides an effortless, swift and affordable route to achieve a zero-trust model implementation. Minimizing security incidents, thwarting malicious assaults and minimizing your exposure are just a few of the benefits of this renowned option. Not to mention, Google's trusted brand and seamless integration of the Chrome browser makes this a highly desirable choice. While Google devotees will find the price of entry to be more than suitable, others who want to test out the zero-trust approach will be delighted with what BeyondCorp Enterprise can do for their security.

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.