For all those who wonder how Google manages Mobile security in its work environments, here’s a quick update. Google Technical Infrastructure division has recently announced to the world that it is offering utmost mobile security to more than 61,000 of its employees with a tiered access security model that categorizes corporate services and devices into trusted tiers to determine access.
The tiered access looks in contrast to the traditional security models which it has been following since 2011. As per the media update provided by Google, the variables go beyond simple user authentications like device status, group permissions and required level of trust for a particular role of an employee/s.
Technically details divulged by Google are as follows- First internal services associated with a trusted tier based on the sensitivity of data are figured out. In general, a service can have one minimum trust tier. But in many cases where more granular access is needed the components and capabilities are tagged with minimum trust tiers based on certain predetermined risks.
In the next level of authentication, devices are made to go through a verification process where user credentials are gauged based on the state of the device and its risk profile.
After successful user verification, access to services is granted only if the assessed risk profile of the device matches with the required trusted tier.
Readers of Cybersecurity Insiders are requested to make a note that Google’s tiered access can also act as a powerful tool for its future project called “BeyondCorp”. And as per the details available with us, the said upcoming project of Google challenges the traditional security assumptions that private and public IP addresses to represent a more trusted device than those coming from the web and is available as a GCP service called ‘Identity Aware Proxy’.
More details related to the implementation of mobiles security features by the internet juggernaut are available on the Google blog.