Google Cloud Next 2019: End user computing news

BeyondCorp gets revamped and more Google Cloud security product announcements.

The first day of Google Cloud Next focused on general cloud announcements. Today, however, features more EUC-related news; our bread and butter.

For now, here are the main EUC announcements that Google shared with the media ahead of time. We’ll pick up a lot more context on these in today’s product keynote, breakout sessions, and interviews.

BeyondCorp expansion

With the industry laser focused on conditional access and zero trust, it’s no surprise to see that Google Cloud is expanding their implementation of the BeyondCorp concept, which they first started talking about almost a decade ago. (By the way, if you’re keeping score on the argument over whether to use the term zero trust, conditional access, post-perimeter security, CARTA, or other, you can see that Google prefers “context-aware access.”)

Today, Google announced the BeyondCorp Alliance, which will be available later this year; no specific timetable provided. If you’ve read our coverage of VMware Workspace ONE Intelligence and Citrix Analytics, you’ll immediately understand what this is. It’s a partnership and integration program, and it features familiar names like Check Point, Lookout, Symantec, and Palo Alto Networks. In addition to security vendors, Google Cloud is partnering with UEM vendors like VMware.

The data from BeyondCorp Alliance partners will feed into Google’s context-aware access engine, with the UEM vendors providing information (like device attestation) to help decide whether to trust a device or not.

While we’re waiting for the BeyondCorp Alliance, Google is rolling out plenty of other built-in context-aware access features: Context-aware access is now generally available for Google Cloud Identity Aware Proxy, and in beta for Cloud Identity and G Suite. The overall goal here is to take what started out as the BeyondCorp concept and implement it for all of Google’s products, ranging from end user-facing apps like G Suite to infrastructure like GCP APIs.

We also learned that Cloud Identity will be able to verify Windows and macOS devices through a Chrome extension. It will be able to check for basic hygiene attributes (screen lock, device type, encryption, etc.), track device identifier, and put a certificate on the device. Again, all of this will feed back into context-aware access policies.

In authentication, Google continues their security key push with a the addition of a software-based key available to all Android 7.0 (Nougat) and newer users. (This was originally revealed at RSA 2019.) Last year, they released their own branded hardware security key, the Titan Security Key, but with a FIDO-based authentication option in the phone, it could reduce the cost of MFA adoption, especially as it’s generally harder to lose a phone than a small hardware key.

Google Cloud Identity is announcing support for password vaulting and stuffing, for the many apps out there that still don’t support standard federation protocols like SAML and OpenID Connect. The next Cloud Identity release will also have a new end user-facing dashboard, as well as integration with HR software providers, including ADP, BambooHR, Namely, and Ultimate Software.

In other types of identity, the Google Cloud Identity Platform—formerly Cloud Identity for Customers and Partners—is now in GA. The Identity Platform provides organization with a way to manage customer, partner, and IoT identities.

Last on our list to share for today, Google is announcing that they will offer Active Directory as a managed service in GCP. This is now in alpha. Assuming this could be used for desktop VMs in addition to servers, this could certainly be interesting for VDI and published app workloads.

Dig Deeper on Cloud provider platforms and tools

Data Center