From Wikipedia, the free encyclopedia

BeyondCorp is an implementation, by Google, of zero-trust computer security concepts creating a zero trust network.[1][2][3][4][5][6]


It was created in response to the 2009 Operation Aurora.[7] An open source implementation inspired by Google's research paper on an access proxy is known as "transcend".[8]

Google documented its Zero Trust journey from 2014 to 2018 through a series of articles in the journal ;login:.  Google called their ZT network, BeyondCorp.  Google implemented a Zero Trust architecture on a large scale, and relied on user and device credentials, regardless of location. Data was encrypted and protected from managed devices.  Unmanaged devices, such as BYOD, were not given access to the BeyondCorp resources.

Design and technology[edit]

BeyondCorp utilized a zero trust security model, which is a relatively new security model that it assumes that all devices and users are potentially compromised. This is in contrast to traditional security models, which rely on firewalls and other perimeter defenses to protect sensitive data.


The corporate network grants no inherent trust, and all internal apps are accessed via the BeyondCorp system, regardless of whether the user is in a Google office or working remotely. BeyondCorp is related to Zero Trust architecture as it implements a true Zero Trust network, where all access is granted on identity, device, and authentication, based on robust underlying device and identity data sources.[9]

BeyondCorp works by using a number of security policies including authentication, authorization, and access control to ensure that only authorized users can access corporate resources. Authentication verifies the identity of the user, authorization determines whether the user has permission to access the requested resource, and access control policies restrict what the user can do with the resource.

Trust Inferer[edit]

One of the main components in BeyondCorp's implementation is the Trust Inferer. The Trust Inferer is a security component (typically software) that looks at information about a user's device, like a computer or phone, to decide how much it can be trusted to access certain resources like important company documents. The Trust Inferer checks things like the security of the device, whether it has the right software installed, and if it belongs to an authorized user. Based on all this information, the Trust Inferer decides what the device can access and what it can't.[10]

Security mechanisms[edit]

Unlike traditional VPNs, BeyondCorp's access policies are based on information about a device, its state, and its associated user. BeyondCorp considers both internal networks and external networks to be completely untrusted, and gates access to applications by dynamically asserting and enforcing levels, or “tiers,” of access.[11]

Device Inventory Database[edit]

BeyondCorp utilized a Device Inventory Database and Device Identity that uniquely identifies a device through a digital certificate. Any changes to the device are recorded in the Device Inventory Database. The certificate is used to uniquely identify a device; however, additional information is required to grant access privileges to a resource.[12]

Access Control Engine[edit]

Another important component of BeyondCorp's implementation is the Access Control Engine. Think of this as the brain of the Zero Trust architecture. The Access Control Engine is like a traffic cop standing at an intersection. Its job is to make sure that only authorized devices and users are allowed to access specific resources (like files or applications) on the network. It checks the access policy (the rules that say who can access what), the device's state (like whether it has the right software updates or security settings), and the resources being requested. Then it makes a decision on whether to grant or deny access based on all of this information. It helps ensure that only the right people and devices are allowed access to the network, which helps keep things secure. The Access Control Engine utilizes the output from the Trust Inferer and other data that is fed into its system.


One of the first things Google did to implement a Zero Trust architecture was to capture and analyze network traffic. The purpose of analyzing the traffic was to build a baseline of what typical network traffic looked like. In doing so, BeyondCorp also discovered unusual, unexpected, and unauthorized traffic. This was very useful because it gave the BeyondCorp engineers critical information that assisted them in reengineering the system in a secure manner.[13]

Some of the benefits BeyondCorp realized by adopting a Zero Trust architecture include

  • the ability to allow their employees to work securely from any location.
  • It reduces the risk of data breaches since data and applications are protected and users and devices are constantly being verified.
  • The Zero Trust architecture is scalable and can be adapted to the changing needs of the businesses and their users.
  • Especially relevant in today's work-from-home era, BeyondCorp allows employees to access enterprise resources securely from any location, without the need for traditional VPNs.

See also[edit]


  1. ^ "BeyondCorp: A New Approach to Enterprise Security - USENIX".
  2. ^ "BeyondCorp: Design to Deployment at Google - USENIX".
  3. ^ Spear, Batz; Beyer, Betsy (Adrienne Elizabeth); Cittadini, Luca; Saltonstall, Max (2 September 2018). "Beyond Corp: The Access Proxy". {{cite journal}}: Cite journal requires |journal= (help)
  4. ^ "Google BeyondCorp Breaks With Enterprise Security Tradition - InformationWeek". 7 April 2016.
  5. ^ "The perimeterless, ever-shifting enterprise: What would a real, red-blooded IT team do?". The Register.
  6. ^ Rose, Scott; Borchert, Oliver; Mitchell, Stu; Connelly, Sean (23 September 2019). "NIST Special Publication, Zero Trust Architecture (2nd Draft)". doi:10.6028/NIST.SP.800-207-draft. S2CID 240898264. {{cite journal}}: Cite journal requires |journal= (help)
  7. ^ "BeyondCorp: The BeyondCorp Story". Retrieved 22 April 2020.
  8. ^ transcend github, accessed: 2019-04-22.
  9. ^ Garbis, Jason; Chapman, Jerry W. (2021), Garbis, Jason; Chapman, Jerry W. (eds.), "Zero Trust in Practice", Zero Trust Security: An Enterprise Guide, Berkeley, CA: Apress, pp. 53–67, doi:10.1007/978-1-4842-6702-8_4, ISBN 978-1-4842-6702-8, retrieved 2023-03-31
  10. ^ Osborn, Barclay; McWilliams, Justin; Beyer, Betsy; Saltonstall, Max (2016). "BeyondCorp: Design to Deployment at Google". ;login:. 41: 28–34.
  11. ^ "Design to Deployment at Google" (PDF). Retrieved 23 April 2020.
  12. ^ "BeyondCorp: A New Approach to Enterprise Security | USENIX". Retrieved 2023-02-22.
  13. ^ Beyer, Betsy (Adrienne Elizabeth); Beske, Colin McCormick; Peck, Jeff; Saltonstall, Max (2017). "Migrating to BeyondCorp: Maintaining Productivity While Improving Security". Login. Summer 2017, VOl 42, No 2.

External links[edit]