A new approach to enterprise security.

What is BeyondCorp?

BeyondCorp is Google's implementation of the zero trust model. It builds upon a decade of experience at Google, combined with ideas and best practices from the community. By shifting access controls from the network perimeter to individual users, BeyondCorp enables secure work from virtually any location without the need for a traditional VPN.

Hands holding mobile phone with dotted line leading to a shield with an open padlock in the foreground then on to a laptop on a desk
Google wordmark

BeyondCorp at Google

BeyondCorp began as an internal Google initiative to enable every employee to work from untrusted networks without the use of a VPN. Now, BeyondCorp is used by most Googlers every day to provide user- and device-based authentication and authorization for Google's core infrastructure and corporate resources.

Components of BeyondCorp

BeyondCorp allows for single sign-on, access control policies, access proxy, and user- and device-based authentication and authorization. The BeyondCorp principles are:

  • Access to services must not be determined by the network from which you connect 
  • Access to services is granted based on contextual factors from the user and their device
  • Access to services must be authenticated, authorized, and encrypted

Google's BeyondCorp mission (2011–present)

To enable every Google employee to work successfully from untrusted networks without the use of a VPN.

BeyondCorp for everyone

BeyondCorp can now be enabled at virtually any organization with BeyondCorp Remote Access—a cloud solution that can help you rapidly deliver secure remote access to web apps and cloud services through Google’s global network, allowing your employees and extended workforce to access the apps they need from virtually any device, anywhere, without a traditional remote-access VPN.