As a Google Cloud Premier Partner, SADA helps customers get the most out of Google Cloud products by building and recommending solutions based on Google’s best practices and methodologies. Recently, we worked with a Google Cloud Professional Services Organization (PSO) customer who wanted to manage and secure access to a couple of their applications (running both on-premises and in AWS) using Google’s Identity Aware Proxy (IAP) product called Cloud IAP.
Cloud IAP is a building block towards BeyondCorp, Google’s implementation of a zero-trust security model designed to enable employees to work from untrusted networks without the use of a VPN.
Cloud IAP enables companies and application admins to control internet access to applications running in Google Cloud Platform (GCP) accessed through HTTPS. This is done by verifying user identity and the context of the request to determine if a user’s request should be allowed through. This provides an application-level access control model instead of relying on network-level firewalls. In other words, you can set granular access control policies for applications based on user identity (such as employees versus contractors), device security status, and IP address.