Employees have been clamoring for remote work options for years. Prior to COVID-19, about 80% of employees expressed a desire to work from home at least some of the time, and more than one-third said they were willing to take a pay cut in exchange for that option. However, fewer than 4% actually did work remotely. Then, COVID-19 abruptly and fundamentally altered business operations. Suddenly, organizations that had few or no remote workers had to rapidly enable and secure armies of at-home employees — an onerous task, especially for companies that lacked an existing remote work infrastructure.
Chief among the problems has been providing remote workers with simple and secure access to business-critical internal applications, including employee portals, project management dashboards, customer service systems, software bug trackers, and myriad other web apps that employees accessed right from their web browsers while connected to the company’s network on-prem.
VPNs Aren’t Doing the Job
Typically, organizations have depended on virtual private network (VPN) solutions to secure their remote workers. VPNs have their place, but they have proven to be a poor fit in this extraordinary COVID-19 environment. They are expensive, time-consuming to deploy and manage, and don’t scale well. Employees find them difficult to use, and they’re particularly ill-suited to third-party users, like contractors or partners.
VPNs also leave open unfortunate security gaps based on their fundamental architecture. This approach to security has been called “the castle” method, in which a firewall is used to set off an internal network that can only be accessed by way of a VPN. It is predicated on the notion that everything behind the firewall will not be accessed without a secure VPN. The problem with such an approach is that once the perimeter is breached, the entire internal network, including all associated applications, are at risk. Phishing, man-in-the-middle, SQL injection attacks all find fertile ground on VPNs.
What if remote employees could securely access internal web apps on their home networks, through their web browsers, as easily as they access Gmail? Now, they can.
BeyondCorp Remote Access: Easy, Secure Remote Access to Internal Web Apps
Google Cloud’s new security solution, BeyondCorp Remote Access, enables organizations to rapidly and securely enable remote access to internal web apps for their employees and extended workforce. This bundled, cloud-based solution is generally available right now, and it works with web apps running on GCP, on-prem, or even in other clouds.
1. Rapid Deployment & Easy Scaling
Traditional remote-access VPNs are difficult to configure and can take days, weeks, even months to deploy. BeyondCorp remote access is a bundled, cloud-based solution that gives organizations everything they need to get up and running in a few hours, with minimal changes to their existing network architecture, security controls, or application configurations. Need to deploy more remote workers or call some back on-prem? BeyondCorp Remote Access easily scales up and down to accommodate changing business situations.
2. Easy Access From Anywhere
BeyondCorp Remote Access lets your employees and extended workforce access internal web apps on virtually any device, from any location, directly from their web browser. If your users can log into their Gmail account, they’ll have no trouble using BeyondCorp Remote Access.
3. Fast and Secure Access From Anywhere
Sluggish performance is the bane of traditional VPNs. With BeyondCorp Remote Access, your internal apps will run on Google’s private global network, which consists of thousands of miles of fiber optic cable and utilizes advanced networking and edge caching services to deliver fast, consistent, and scalable performance. Because GCP’s points of presence (POPs) connect to Google’s data centers via Google-owned fiber, GCP-based applications have fast, reliable, and unimpeded access to all GCP services, along with DDoS mitigation, load balancing, and TLS termination.
BeyondCorp Remote Access customers reap the benefits of GCP’s private network even when their applications are running on prem or on another cloud provider’s network, as requests to those apps are redirected to the closest Google POP and routed through Google’s network. This reduces latency and improves performance no matter where in the world your users are connecting from.
4. Less Expensive
BeyondCorp Remote Access saves companies money with simple, pay-as-you go pricing instead of intricate licensing agreements. It also offloads infrastructure tasks to the cloud, further reducing total cost of ownership.
5. Modern Zero-Trust Security Model
VPNs increase cyber risk because they extend the organization’s network perimeter while using the “castle and moat” approach, an outdated security model that assumes that every user inside the perimeter can be trusted. BeyondCorp Remote Access uses a modern zero-trust security model. It trusts no one; all users and devices must be authenticated, and only authorized users from known devices are granted access to a specific set of apps.
6. The Same Proven Technology Google Uses In-House
Google pioneered the zero-trust security model. For over a decade, Google has been using BeyondCorp to enable Google employees and its extended workforce to work remotely without using a client-side VPN. BeyondCorp Remote Access has also been “battle-tested” in production by thousands of GCP enterprise customers, including New York City Cyber Command.
Remote Work Isn’t Going Anywhere
Even after the current situation has resolved, remote work will be here to stay. Global Workforce Analytics estimates that by the end of next year, 25% to 30% of the workforce will be working from home multiple days each week. COVID-19 was also a wakeup call for organizations regarding the importance of rapid remote work deployment to business continuity and disaster preparedness.
BeyondCorp Remote Access will get significant enhancements throughout 2020 and beyond, including extending the same capability, control, and protections it provides for internal web apps to virtually any application or resource.