Securing your business and securing your fleet the BeyondCorp way

If you manage your organization’s devices—laptops, desktops and phones—what does it mean to have a healthy fleet? At Google, when we think of fleet health we think of devices that are in good health, as well as tools to measure and correct devices as they deviate from an ideal state.

Device security underpins your overall security posture. You need to keep your critical business information secure, so of course you lock down servers, databases and networks as tightly as possible. But all your employees have laptops or desktops, and those computers access critical data, crucial infrastructure and sensitive information. So you need to pay extra attention to securing that fleet of devices, otherwise your best efforts at securing the data could be compromised by one successful phishing attempt or malware installation.

We call our approach to trust and security BeyondCorp (to go beyond the corporate network). Our BeyondCorp team recently published its sixth research paper on fleet health and threats to a healthy fleet, including its perspective on categorizing and mitigating threats to healthy devices in your fleet.

In the paper we also discuss how IT teams struggle with choosing what platforms to roll out and support across the company, and how we at Google happily support six operating systems for our employees, making the health and security challenges diverse (and exciting). For each OS we think about what controls and measures the platform supports and how we can create and maintain an ideal secure state for these devices once they get into employees’ hands.

Finally we’ve collected some of our lessons learned from running platform security programs, and how to prevent some common headaches in handling fleet health. Because if you can’t keep the fleet healthy, and detect when it’s unhealthy, then either people lose access, or even worse, malicious actors gain access.

I hope you find this paper, and our previous BeyondCorp publications, helpful, and I’d love to hear questions or comments on using these methods in your business. We are making it easier for you to adopt the BeyondCorp model in your organization with Cloud Identity to manage users, apps and devices with one central platform. We also recently announced context-aware access capabilities that will allow you to control access to your cloud apps.