Google is launching a new form of secure login for business customers it’s calling context-aware access. Instead of relying solely on users to appropriately set up two-factor authentication and manage secure passwords, context-aware access will let system administrators for G Suite businesses put a set of parameters in place that can prevent malicious third parties from accessing secure systems.
These parameters, as the name implies, can now be based on a user’s context: where they’re logging in from, the IP of the machine they’re using, the time of day, and other factors. The news was announced this morning on the second day of the company’s Cloud Next conference in San Francisco.
Google is expanding the idea of security to include context clues
“People increasingly want access to their business critical apps on the devices that make the most sense for how they work,” writes Jennifer Lin, a product management director at Google Cloud, in a blog post published today. “However, traditional access management solutions often put security at odds with flexibility by imposing one-size-fits-all, coarse-grained controls that limit users.”
Google is responding mostly to two trends here. The first is that hacks are always getting more sophisticated, with new workarounds like SIM hacking to bypass SMS-based two-factor authentication and advanced forms of phishing that compromise login details. The other is that, with cloud and mobile access to remote systems, modern work is increasingly being spread out across the globe as employees are accessing software on any number of different devices in any number of different locations and network environments.
To improve security, it makes sense that Google would want to give system admins a bit more control over the conditions under which a user can access a secure system that contains sensitive data. Right now, context-aware access is reserved for select G Suite customers who are using the company’s VPC Service Controls. Access for customers using Cloud Identity and Access Management (IAM), Cloud Identity-Aware Proxy (IAP), and Cloud Identity is coming soon.