Google transfers corporate applications to the cloud with access from outside

Large corporations, like Google, Amazon, Facebook, have long been working with cloud infrastructure. True, for the most part, these companies create "clouds" for customers, for external consumers. But Google has decided to completely migrate its own corporate applications to the cloud. At the moment, more than 90% of corporate applications have been transferred to the cloud infrastructure.

At the same time, the corporation revised the concept of the corporate network itself, moving away from the model of restricting such a network to certain borders (mostly virtual), opening it to work from the outside, and at the same time strengthening protection measures from the inside. This concept was called BeyondCorp , and its main position - corporate intranet is as dangerous as the Internet, so it is necessary to apply significant precautions.

How it works?

')
Access restrictions are set not only for individual users, but also for individual devices.

At the same time, if there is a certain level of access, the employee gets the opportunity to connect to the corporate network from any place, including office, home or cafe (suddenly an urgent job came up, or an idea appeared). To limit the level of access using different methods of authentication, authorization and encryption. It is worth noting that in this model the protection of the corporate network when entering it from the office is no less strong than the protection when connecting to the same network from a cafe. In particular, a reliable method is used to encrypt the communication channel. Moreover, the office uses the same encryption method used to connect to the network from the outside.

“The model where the intranet is limited to the walls of a building (or a single office) works great when all employees are in a building during business hours. However, now a large number of employees use different types of devices at work, they work with different cloud services, so new types of attacks on networks of enterprises have appeared, ”said BeyondCorp project manager Rory Ward and journalist Betsy Beyer. They outlined their vision of the corporate network and modern threats for such a network in a document published in December.

One more thing is interesting: an employee of the company will not be able to enter the intranet from his home laptop, on which this employee watches the strawberry and plays in the Candy Crash. To enter, you can only use the device issued by the company, and which the company controls. Each entry into the network is recorded and stored in the database. The database is constantly being analyzed - not only in order to detect any deviations from the norm, but also to include such a database in employee performance management processes. The database is updated when you connect a new employee, change the position of the employee or his dismissal. At the same time, the access level for all users changes, if necessary. For example, an employee was promoted - he received a higher level of access. The person left the company - they disconnect him from the internal network, in this case the possibility to “forget” to delete the account of the ex-employee is excluded (in any case, as they say in Google).

What's next?

In addition to Google, companies like Coca-Cola, Verizon and Mazda are beginning to use a similar model. The security model is gradually changing, now the key factor is the user, for which access to network resources is used differentiated access. When Google takes some steps, many follow the corporation. And the transfer of corporate services and applications to the cloud, with a change in the security model of the corporate network, can be the beginning of a process of massive changes in the storage model and work with data for medium and small companies.

Currently, the model that Google has begun to use is significantly different from the model used by most corporations. Many large and medium-sized enterprises are very dependent on corporate software and hardware solutions that prevent unauthorized access to information resources of companies. The market for corporate software used in this model is constantly growing. Analysts expect the market to reach $ 8.14 billion by 2019 instead of $ 6.14 billion in 2014.