<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=986590804759414&amp;ev=PageView&amp;noscript=1">
G Suite Admins Blog > Security and Governance

What is Context-Aware Access in G-Suite and the GCP

What is Context-Aware Access in G-Suite and the GCP

At Google Cloud Next, Google introduced a new addition to their security and privacy management strategy for GCP and G-Suite users.

Inspired by the constant breaches that companies like Equifax and Target had faced using standard password and username combinations for user access, Google decided that it was time to look beyond basic credentials to keep data secure. The Context-Aware Access solution for both G-Suite and the Google Cloud Platform makes security more intuitive and intelligent.

The program looks beyond the basic password and username combination, to determine whether it's your employee or you accessing a system or someone that's just pretending to be that person.

Put simply, Context-aware access is all about giving administrators the power to define information that will make them more accurately aware of the identity of a person trying to access a specific service. Through context-aware access, it's possible to provide granular access to GCP resources, APIs, third-party SaaS apps, and even G-Suite tools. You can determine who should be allowed to use certain solutions based on things like the context of their request, their location, and the user's identity.

What Can You Do with Context-Aware Access for GCP?

In a world where demand for greater security and privacy is growing, Google wants to make sure that it's helping users keep fraud and cybercrime to a minimum. People increasingly want to access tools, applications, and services on a variety of devices that suit them. However, access management solutions often mean that companies have to compromise on either flexibility or security when serving their teams.

One-size-fits-all controls limit users but keep systems secure. On the other hand, context-aware access for the GCP and G-Suite allow organizations to define specific users and maintain granular access to resources based on more in-depth identity factors. You get to better understand the person that's attempting to access your system and services by looking at contextual clues about where they're logging on, the time of day and other things too.

This increases your security strategy while reducing complexity for users, and giving people the ability to log into their favorite apps from any location or device. Currently, Context-Aware Access is only available as a beta solution for G-Suite and GCP users using VPC service controls. The full system is coming soon for customers using Cloud Identity-Aware Proxy, Cloud Identity and Access Management, and Cloud Identity.

Members in the beta test will be able to:

  • Use granular controls to maintain and manage different organizational units
  • Set up different levels of access based on a user's identity and request context
  • Control access to various G-Suite applications and GCP tools by setting distinct policies for specific profiles in the system.

G-Suite admins on the Context-aware access beta will be able to access more dynamic controls for their user access solutions. This means that you can consider device security status, IP address, and other contextual signals when deciding who should access what apps. For instance, you might decide that only people from a "High Trust" group should be able to access a Google Drive from outside of your IP address. Or you could determine that users with an encrypted device will be able to log into Gmail.

Why Did Google Create Context-Aware Access?

The concept of Context-Aware access from Google transforms the notion of security responsibility. It means that the user needs to be able to prove who they are, and it puts control in the hands of the administrator, where it needs to be.

Context-Aware Access was just one of many security updates announced at Google Cloud Next for 2018. As the world becomes more focused on security and privacy standards, and regulations like GDPR continue to transform the way that companies operate, it's essential for admins to have as much control over their systems as possible. Google created Context-Aware Access because it knows the workplace is changing.

Currently, we're facing the side-effects of an evolving office environment, where people are no longer restricted to a specific desk in a certain building. Today's employees can work from wherever they are, as long as they have access to the right tools and devices. However, when people decide to log into their applications and resources from any device, there are more significant security concerns to consider.

When people can log into your environment from anywhere, it's more challenging to trust that the people visiting your apps are who they say they are. This is why Context-Aware Access for the GCP and G-Suite was designed, building on top of the BeyondCorp vision that originally launched in 2011.

The BeyondCorp idea addresses the fact that computing didn't necessarily have to take place within a specifically defined perimeter anymore. In the time before mobile and cloud solutions appeared, security was much easier to handle, because people generally accessed the same systems from a specific place. It was easy to catch someone trying to break into your tools if they came to them from a different location.

When mobile and cloud arrived, Google began to define a concept called Zero trust. This idea suggested that companies should not trust anyone on their service, and instead build a security position based on the idea that everyone needed to prove themselves. The Context-Aware Access solution for the GCP and G-Suite helps to give administrators using a Zero Trust model more information that they can work with when giving people access to services.

The Benefits of Context-Aware Access

Ultimately, the benefits of context-aware access come down to the fact that administrators and business leaders no longer have to trust that people are who they say they are, just because they have a password and username. This is increasingly important at a time when it's easier than ever for criminals to hack their way into mobile devices, unsecured Wi-Fi connections and more.

With Context-Aware access from Google, you can give your users access to infrastructure resources and web applications from any device, without having to worry about VPN remote-access gateways. Google application and G-Suite users around the world can find the perfect balance between the freedom to use any device, and the security required for a safe business network.

Features and benefits that you can expect when you sign up

1. Security approved by Google

Every security solution offered by Google comes from technology that the company has tested and proven themselves. Your IT and security teams will be able to use Context-Aware access to enforce application-level controls without a VPN infrastructure. Built on the back of the Zero-trust model, the Context-Aware Access system gives you the absolute peace of mind you need by validating user context before providing people access to tools and data.

2. Unified Access Management

Reduce the complexity and cost of growing your business with a unified access management platform and single policy solution for your web applications and GCP infrastructure. You can access unified management either on-premise or in the cloud. What's more, because Context-Aware access for Google is built on the Google Cloud Infrastructure, it's integrated with Cloud Identity for those who want an ID as a service solution.

3. VPN-less access

Make the lives of contractors, employees, and partners easier by allowing them to visit their GCP workloads and applications without a VPN from any device that they choose. The Context-Aware Access solution allows organizations to adopt the BeyondCorp security model and improve their privacy structure while their apps and infrastructure move progressively into the cloud.

4. A system to suit you

Enforce your context aware policies on web apps hosted on the GCP, on-premise, or from any other public cloud, including Microsoft Azure cloud environments, and Amazon Web Services

5. A single platform and policy strategy

With G-Suite and GCP - The Context-Aware capabilities offered by Google are built to work seamlessly and natively with both the G-Suite and GCP infrastructure. With a single platform and policy strategy, it requires less time and effort for teams to configure and enforce the policies that keep their businesses safe.

Do You Need Context-Aware Access?

The context-aware access solution from Google cloud is an excellent way for businesses to improve their day-to-day confidence with the knowledge that their system is protected. Not only do you have more control over who gets to access your systems, but you'll also know that your infrastructure is integrated with Cloud Armor and Cloud Identity too.

What's more, there's no charge for using the Cloud Identity Aware proxy, VPC service control, and cloud identity access management services from Google to protect your web applications and GCP workloads. However, if you decide to use the system with your Compute Engine set-up, you might need to pay additional costs for firewall configuration and load balancing.

Additionally, remember that context-aware access capabilities on G-Suite will require a premium license with cloud Identity.

Want to find out more about your options with G-Suite and the Google Cloud Platform? Contact Coolhead Tech today!