Context-aware access is an approach to access management that provides granular controls for Google Cloud Platform (GCP) workloads and web applications, including G Suite, based on a user’s identity and context of the request. Based on the BeyondCorp security model, context-aware access enables you to provide a simpler access for your users, enforce granular controls, and use a single cloud platform for both your cloud and on-premises applications and infrastructure resources.
Simpler user access
Enable your users to access web applications and infrastructure resources from virtually any device, anywhere, without the complexity of remote-access VPN gateways. Most of your users are already familiar with Google login, and now they can use their company account to access resources from their preferred devices. This is how Googlers across the world get their work done.
Give peace of mind to your IT and security teams by enabling them to enforce application-level, granular access controls without maintaining a VPN infrastructure. Based on the BeyondCorp security model (also known as Zero Trust), context-aware access allows you to verify users’ identity and validate context before allowing access to GCP workloads or a specific web application.
Unified access management
Reduce complexity and cost by leveraging a unified access management platform and a single set of policies for both GCP infrastructure (APIs, VMs, resources) and web applications, in the cloud or on-premises. Context-aware access is built on Google Cloud’s planet-scale infrastructure and is natively integrated with Cloud Identity, an identity-as-a-service (IDaaS) solution.
VPN-less user access
Make the lives of your employees, contractors, and partners easier by allowing them to access web applications and GCP workloads (APIs, VMs, resources) without VPN, from virtually any device, anywhere.
Zero Trust security
Adopt the BeyondCorp security model to improve your organization’s security posture as more apps and infrastructure workloads move to the cloud.
Built-in with GCP and G Suite
Context-aware access capabilities are built-in with GCP infrastructure and G Suite, making your life a little easier since it requires less effort and time to configure and enforce access policies.
Cloud or on-premises
Enforce context-aware access policies for web apps hosted on GCP, on your premises, or other public clouds, including Amazon Web Services (AWS) and Microsoft Azure.
Single platform and policies
Reduce complexity, cost, and misconfiguration chances by leveraging a single cloud platform and policy engine to control access to your apps and infrastructure resources.
There is no charge for using Cloud Identity-Aware Proxy, Cloud Identity and Access Management, and VPC Service Controls to protect access to GCP workloads and web applications with context-aware access. However, when used with Compute Engine, the required load balancing and firewall configuration may incur additional costs. Read more about load balancing and protocol forwarding pricing in the Compute Engine pricing guide.
Using context-aware access capabilities to protect access to G Suite requires a Cloud Identity Premium license.
Manage access to apps and infrastructure based on a user’s identity and context
This product is in beta. For more information on our product launch stages, see here.