BeyondCorp

A new approach to enterprise security.

What is BeyondCorp?

BeyondCorp is Google's implementation of the zero trust model. It builds upon a decade of experience at Google, combined with ideas and best practices from the community. By shifting access controls from the network perimeter to individual users, BeyondCorp enables secure work from virtually any location without the need for a traditional VPN.

Hands holding mobile phone with dotted line leading to a shield with an open padlock in the foreground then on to a laptop on a desk
Google wordmark

BeyondCorp at Google

BeyondCorp began as an internal Google initiative to enable every employee to work from untrusted networks without the use of a VPN. Now, BeyondCorp is used by most Googlers every day to provide user- and device-based authentication and authorization for Google's core infrastructure and corporate resources.

Components of BeyondCorp

BeyondCorp allows for single sign-on, access control policies, access proxy, and user- and device-based authentication and authorization. The BeyondCorp principles are:

  • Access to services must not be determined by the network from which you connect 
  • Access to services is granted based on contextual factors from the user and their device
  • Access to services must be authenticated, authorized, and encrypted

Google's BeyondCorp mission (2011–present)

To enable every Google employee to work successfully from untrusted networks without the use of a VPN.

BeyondCorp for everyone

BeyondCorp can now be enabled at virtually any organization with BeyondCorp Enterprise—a zero trust solution, delivered through Google's global network, that enables secure access to applications and cloud resources with integrated threat and data protection. BeyondCorp Enterprise is a modern zero trust platform which allows your employees and extended workforce to access applications in the cloud or on-premises and work from anywhere without a traditional remote-access VPN.