Jump to Content
Security & Identity

Deliver zero trust on unmanaged devices with new BeyondCorp Enterprise protected profiles

May 12, 2021
https://storage.googleapis.com/gweb-cloudblog-publish/images/GCP_Security_10.max-2600x2600.jpg
Jian Zhen

Product Manager, Google Cloud Security

Modern enterprises rely on vast and complex networks of technologies and skillsets to accomplish their goals. Markets are global, workers are remote, and information needs to be accessible anywhere, while remaining secure. This increasing complexity has led many enterprises to adopt a zero trust approach to security and deploy Google's BeyondCorp Enterprise, which provides customers with simple and secure access to applications and cloud resources with integrated threat and data protection. To help BeyondCorp Enterprise customers account for the global, mobile nature of work, we're excited to unveil a new feature, the protected profile. Protected profiles enable users to securely access corporate resources from an unmanaged device with the same threat and data protections available in BeyondCorp Enterprise–all from the Chrome Browser. 

Building the Trusted Cloud

Some of your employees may not actually be employed directly by your organization, but instead are part of your extended workforce, contracted to serve in roles such as project support, advisory services, specialty freelance jobs, or temporary and seasonal help. You still need to know that these workers have secure and appropriate access to the applications and resources they need to do their work. 

This can be a challenging task. IT administrators often lack the ability to install security software or agents, let alone manage devices for an extended workforce. Similarly, VPNs for these groups can be costly, cumbersome, and unnecessary when users may only need access to a handful of apps. Worse, granting non-employees broad access to the corporate network presents significant security risks. Still, the job remains to ensure these workers can be productive.

At Google, our trusted cloud vision means security technologies are engineered into our platforms and products for all who use them, whether they are your own employees, your extended workforce, or your partners. With zero trust as a central pillar of this vision, customers can operate with confidence that threats from ransomware, account takeovers, phishing, and even more advanced attacks are minimized, detectable, and recoverable.

Enable BeyondCorp Enterprise on unmanaged devices with protected profiles

Protected profiles utilize Chrome to deploy policies and protections to users, delivering access, threat and data protection to an unmanaged device, as if it were corporate-managed. Profiles are already an existing feature in Chrome, used across enterprises and personal devices for keeping things like bookmarks, history, passwords, and other settings separate from other users. Now, corporate access policies and protection from malicious websites, phishing, and data loss can be applied to profiles through BeyondCorp Enterprise so organizations can protect data and users against threats, and provide information to inform access decisions directly from the browser, while keeping work and personal profiles separate.
https://storage.googleapis.com/gweb-cloudblog-publish/images/unmanaged_device.max-1100x1100.jpg
Click to enlarge

Protected profiles are great for the extended workforce and contractors using unmanaged devices, but they are also ideal for frontline workers sharing devices. In healthcare, for instance, doctors and nurses doing rounds may share a common computer in each wing. In retail, store clerks frequently share tablets and will sign in and out at shift change. In these cases, logging in from protected profiles ensures access to permitted applications based on user profiles, and prohibits access to resources that are considered out of scope. Data leakage policies can be used to detect, monitor and prevent loss of customer information.

The simplicity of this solution and our agentless approach with Chrome is ideal for all end users, as they can securely and productively work and access resources as they normally would on a managed device. Admins can easily create granular policies and deploy them for specific user groups or activities without disrupting operations. BeyondCorp Enterprise can also generate reports that provide visibility into security events, helping to surface and address potential security risks.

https://storage.googleapis.com/gweb-cloudblog-publish/images/BeyondCorp_Enterprise_reports.max-1500x1500.jpg
Click to enlarge

Interested in learning more?

If you’d like to learn more about BeyondCorp Enterprise or to speak with someone on our team, please visit our product page. To learn more about the new protected profiles feature, be sure to check out the BeyondCorp Enterprise session featured in the May 2021 Google Cloud Security Talks and read our white paper.

Posted in