A new approach to enterprise security.

View Research Papers View Context-Aware Access

BeyondCorp at Google

BeyondCorp is a security model that builds upon seven years of building zero trust networks at Google, combined with ideas and best practices from the community. By shifting access controls from the network perimeter to individual devices and users, BeyondCorp allows employees to work more securely from virtually any location without the need for a traditional VPN.

BeyondCorp implementation at Google

BeyondCorp began as an internal Google initiative to enable every employee to work from untrusted networks without the use of a VPN. BeyondCorp is used by most Googlers every day, to provide user- and device-based authentication and authorization for Google's core infrastructure.

BeyondCorp for everyone

BeyondCorp is now available as a Google Cloud solution called context-aware access that is powered by Cloud Identity, Cloud Identity-Aware Proxy, Cloud Identity and Access Management, and VPC Service Controls. Administrators can create granular access control policies to GCP workloads and G Suite based on attributes like user identity, device security status, and IP address.

About BeyondCorp

High-level components of BeyondCorp
Single sign-on, access proxy, access control engine, user inventory, device inventory, security policy, and trust repository.
BeyondCorp principles
  • Connecting from a particular network must not determine which services you can access
  • Access to services is granted based on what we know about you and your device
  • All access to services must be authenticated, authorized, and encrypted
Google's BeyondCorp mission (2011—present)
To have every Google employee work successfully from untrusted networks without the use of a VPN.
BeyondCorp trademark guidelines

These guidelines provide you with guidance for using the BeyondCorp trademark. You can use the BeyondCorp name on your website or in print without pre-approval, provided you follow these basic guidelines.

You may display or use the BeyondCorp name only in connection with compliant implementations of BeyondCorp and related uses in the following ways: display or use of the BeyondCorp name in connection with your compliant implementation; your integration with a compliant implementation; your support for a compliant implementation; your BeyondCorp-compatible product; or in collateral, presentations, and marketing materials relating to compliant implementations of BeyondCorp.

Use of the BeyondCorp logo or other Google brands in ways not expressly covered by this document is not allowed without prior written consent from Google (see the Guidelines for Third Party Use of Google Brand Features for more information). Send requests to

“The BeyondCorp vision is without question the future of enterprise IT. BeyondCorp is an enterprise security model that builds upon 6 years of building zero trust networks at Google, combined with best-of-breed ideas and practices from the community.”

— Steve Pugh Ionic Security CISO and former White House Military Office CISO