Skip to content
envelope-open icon
phone-volume icon

+1 888 545 3685


Implement Google Workspace Zero Trust Policies with BeyondCorp Enterprise


In part two of our series, we discussed zero trust and demonstrated how Context-Aware-Access can help you implement a zero trust framework.  Today we will discuss Google’s solution for zero trust, BeyondCorp Enterprise (BCE). When it comes to zero trust Google is a pioneer. 

For over a decade Google has been working on zero trust.  As a result of a security incident, Google had to fundamentally change its model on security. Shifting access controls to users and devices, not the network perimeter. Now Google has been utilizing zero trust for years and likely has the largest zero trust implementation. BeyondCorp is Google’s product offering to help customers accelerate their zero trust journeys.  

Google describes BeyondCorp Enterprise as a zero trust solution, built on Google’s global network, which provides customers with simple and secure access to applications and cloud resources and offers integrated threat and data protection. In today’s cloud-first world it's a high priority for customers to implement zero trust in their cloud infrastructure (Google Cloud Platform or other).  BCE also supports customers with applications on-premises. In a later series, we will dive deeper into BCE and Google Cloud Platform.       

BeyondCorp Enterprise also includes threat and data protection. Threat protection protects against malware transfers using reputation, signatures, and cloud sandboxing. Data protection helps prevent sensitive data leakage in files transferred and content uploaded by the browser. Today we will be focusing on data protection.  Our demonstration will cover using BeyondCorp Enterprise to implement Chrome data loss prevention rules and the end user experience when a rule is triggered.

Watch our latest how-to video to learn how you can Implement Google Workspace Zero-Trust Policies with BeyondCorp Enterprise.

What are Chrome Connectors?

Chrome Enterprise Connectors provide APIs and connectors to simplify integrations with Chrome. With BCE Chrome Enterprise Connectors enable content gathered in Chrome to be uploaded to Google Cloud for analysis. Chrome Enterprise Connectors must be set to BCE for DLP rules to integrate with Chrome.

What are Chrome Connectors

Creating a Rule

In part one of our series, we covered data loss prevention.  If you are familiar with data loss prevention the process is the same. Once you have Chrome Enterprise Connectors set to BCE you will have the option to choose Chrome when creating the rule.  Now you can utilize Google’s predefined content detectors for Chrome DLP rules.

Creating a Rule

Blocking Content

When triggering a DLP rule you can choose to block, warn, or audit.  We set our rule to block content.  One of the great features is that it doesn’t just apply to Workspace, it can apply to any webpage.  This can help cut down on shadow IT concerns or could be targeted specifically at enterprise applications.

Blocking Content

In our example, we prevented specific content from being uploaded or downloaded.  This is a common use case.  A few other common use cases are, you have sensitive content you don’t want to leave or enter your environment.  You could also apply rules more broadly and prevent all content from specific applications. You may also not be ready to actually block content, you could choose to warn users or just audit behavior.

Some clients have wanted to prevent any downloads from Google Drive.  Sometimes this was organization-wide but often it was targeted at a specific group of users.  Google has added functionality over the years that has helped this use case. For example, you can now prevent Google Drive for desktop. You can also adjust share settings to prevent users with view or comment-only permissions from downloading. 

With BeyondCorp Enterprise you can block those downloads. Data protection is just one of the many components BCE has to offer.  If your organization is looking to implement BeyondCorp Enterprise Chrome DLP. As a Google Cloud Partner with a Specialization in Work Transformation, our seasoned team is available to help you implement BeyondCorp Enterprise within your organization. Schedule time with our team here.

As a Google Cloud Partner with a Specialization in Work Transformation, our seasoned team is available to help you leverage the tools within the security center to protect your organization. Schedule time with our team here.