Google puts internal apps on the Internet

Google has taken a novel approach to enterprise security by moving its internal corporate applications onto the Internet.

The  move is interesting because it represents a stark contrast to the age-old notion that best security practice is keeping files locked away behind perimeter devices such as firewalls, in favour of a model  where employees will be able to access corporate data from anywhere. This is, of course, providing they have access to the internet, the right device and user credentials.

The Wall Street Journal reports that the ‘BeyondCorp' initiative, which was first detailed by Google's Rory Ward and Betsy Beyer in a paper last December, has so far seen 90 percent of the firm's corporate applications move onto the Internet.

The set-up does away with previous virtual private network (VPN) connections into the corporate network, and encrypts the employee's connections to corporate apps – even when doing so from within a Google building. The one catch appears to be that there's no space for Bring Your Device (BYOD) programmes, with access only permitted by devices procured and “actively managed” by the San Francisco firm.

After authentication, the next step involves identifying the user. Google is said to be able to track and manage all employees in a user database and a group database that is tied into the company's human resources processes.

These databases are updated as employees join and leave the company, or change responsibilities. There's also a single sign-on (SSO) system, which helps validate employee use against the user database and group database, generating short-lived authorisation for access to specific resources.

Google failed to respond to SC's request for comment at the time of writing.