This week, Google has added a wave of new cybersecurity vendors to its BeyondCorp Alliance to add Zero Trust to its security model for mobile devices.
With digital transformation and cloud being swiftly adopted by organisations, smartphones, tables and laptops have become integral for the everyday working individual. For mobile devices, this is extremely critical given that they have replaced more traditional devices as our main productivity tool which has meant there is now a heavy reliance on Android and iOS devices. A Zero Trust model had now become a necessity and so the BeyondCorp Remote Access was created by Google to help make access to internal Google applications easier and more secure.
In a statement released this week, Google announced the names of the partners added to the roster and the capabilities expected to be used in the BeyondCorp Alliance:
Device Management: Enterprise Mobility Management (EMM) vendors can provide device context and telemetry such as whether a device is managed or corporate-owned to aid in policy evaluation.
Endpoint Security: Endpoint Detection and Response Vendors (EDR) or Mobile Threat Defense (MTD) vendors can provide device posture information, such as whether a device is compromised to aid in policy evaluation.
Gateways: Infrastructure vendors can provide more secure access to hosted infrastructure (e.g., virtual desktops, etc.) via BeyondCorp.
Vendors:
Lookout continuously assesses a smartphone, tablet or Chromebook’s risk level and provides it to Cloud Identity and BeyondCorp from the Lookout Security Graph. Device risk levels of “high, moderate or low” are set based on the organization’s security policies. When Lookout detects a threat on a mobile device, the risk level is changed accordingly and delivered in real-time to Cloud Identity via API. This integration enables Google Workspace to block risky or non-compliant devices from accessing applications and data. This functionality is now available in preview via the Google Admin console. Learn more by reading Lookout’s blog.
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Mobile (SEP Mobile) report on the security posture of an organization’s traditional and mobile endpoints, including both managed and unmanaged devices. With the upcoming integration, customers can leverage Symantec’s endpoint signals such as indications of compromise, operating system configuration risks, app risks, anomalous network behavior, and more, to create more granular and customized access policies for Google Workspace, web apps, and Google Cloud infrastructure.
Citrix and Google Cloud are extending our deep collaboration to include BeyondCorp. Google Cloud has always been one of the best places to run Citrix Workspace, and the first step, bringing together Citrix Workspace and BeyondCorp, is coming soon. It will allow customer applications, whether they are deployed on-premises, on GCP, or delivered as a service (SaaS), to be exposed through Citrix Workspace with BeyondCorp’s access controls and policy enforcement. Users get a single pane of glass for all of their applications, which can now be accessed from BYOD and non-corporate devices without the need for a VPN. We’re also exploring the sharing of endpoint signals and further extending policy enforcement to virtual desktops.
CrowdStrike will deliver real-time endpoint posture assessments from endpoints regardless of location, network, or user so that BeyondCorp adopters can prohibit access from untrusted or compromised hosts as part of conditional access policies, reducing risk for users and the organization. This integration is coming soon.
Tanium and Google Cloud recently announced a strategic partnership with the goal of delivering security transformation for the distributed IT era. As part of the BeyondCorp Alliance, Tanium will be providing device identity information through Tanium Endpoint Identity, which is available today. Tanium monitors and evaluates the health of endpoints in real-time, providing comprehensive visibility and control from a single platform no matter where the device is located. Through the combined solution, coming soon, organizations will be able to ensure that devices connecting to network resources and applications are authorized, secured, and up-to-date.
VMware is working to bring Workspace ONE and Google Cloud’s BeyondCorp solution together to keep devices under control and compliant with policies that protect corporate data. Workspace ONE will continually feed device compliance status information to Google Cloud’s context-aware access engine, allowing access to be revoked at any time if a device becomes non-compliant. This integration is coming soon.
Check Point SandBlast Mobile is a mobile threat defense solution that detects and stops attacks on iOS and Android devices before they start. Integration with the Google Admin console can be used to selectively prevent compromised devices from accessing applications and resources, helping to keep sensitive data secure. The integration is now available to customers in preview in the Google Admin console.
Jamf is working to extend its device compliance capabilities for organizations leveraging Google Cloud and BeyondCorp. In the past, organizations have expressed concerns about unprotected Mac devices accessing cloud and on-premises resources. Now, through a unique Jamf preview, customers can ensure that only trusted users, from managed devices, using approved apps, are accessing company data.
