Term · 27. Emerging Categories 2024-2026
BeyondCorp
BeyondCorp is Google's implementation of Zero Trust, which shifts access decisions from the network perimeter to individual users and devices. Instead of trusting anything on the corporate VPN, every request is authenticated, authorized and encrypted based on user identity and device state, regardless of location. Published by Google from 2014, BeyondCorp popularized the idea that there is no trusted internal network — only verified identity and context.
Definition
Google's enterprise Zero Trust security model published in 2014, eliminating the concept of a trusted internal network. Every access request — whether from corporate office or coffee shop — undergoes identity + device verification, with authorization decisions based on contextual signals (user, device posture, location, time). Inspired the broader Zero Trust Architecture movement and NIST SP 800-207.
- Synonyms
-
- BeyondCorp model
- Google Zero Trust
- Perimeterless security
- Application
- Regulatory: NIST SP 800-63 (Digital Identity Guidelines)
- Standards & regulations
-
- NIST
- Sources
-
- Google BeyondCorp research papers primary source
- NIST SP 800-207 Zero Trust Architecture (related) industry commentary
Related terms
-
Availability
Availability — property of being accessible and usable on demand by an authorized entity. One of the three core informat …
-
Continuous Adaptive Risk and Trust Assessment (CARTA)
Gartner framework introduced 2017 — a security posture that continuously evaluates risk and adjusts trust assertions thr …
-
CMMC (Cybersecurity Maturity Model Certification) (CMMC)
US Department of Defense framework certifying cybersecurity practices of Defense Industrial Base (DIB) contractors handl …
-
FedRAMP (Federal Risk and Authorization Management Program) (FedRAMP)
US government program standardising security assessment and authorization of cloud services used by federal agencies. Th …
-
Forrester Zero Trust (originator framework) (ZTX)
Originated by Forrester analyst John Kindervag in 2010 as «No more chewy centers — abolish the trusted network», Zero Tr …
-
CSA CCoP (Cybersecurity Code of Practice for CII, Singapore) (CSA CCoP)
Singapore Cyber Security Agency's mandatory Code of Practice for Critical Information Infrastructure (CII) operators acr …
Frequently asked questions
What is the core idea of BeyondCorp?
Trust is based on user and device identity, not network location. Being inside the corporate network grants no special access; every request is verified, so employees can work securely from anywhere without a traditional VPN.
BeyondCorp vs Zero Trust?
Zero Trust is the principle (never trust, always verify); BeyondCorp is Google's concrete architecture that implements it. BeyondCorp is one influential blueprint among several Zero Trust models such as NIST SP 800-207.
Do I need to remove my VPN for BeyondCorp?
Not overnight. Organizations typically introduce identity- and device-aware proxies for specific apps, then expand coverage, gradually reducing reliance on flat VPN access rather than switching in one step.