[kdv]

BeyondCorp sounds great in theory, but deployment sounds like a nightmare without going to one of the several companies that are offering it as a service. It's certainly not as accessible as a decent VPN w/ 2FA, and I doubt we'll see mass deployment for smaller groups until then.

[datguacdoh]

We wrote a lot more about what we did to ensure then end user experience was good in https://research.google.com/pubs/pub46366.html

You're right that it's still early for companies that don't have the same resources of a company like Google, but products are slowly starting to emerge to make it more turnkey, so I have high hopes that this will be the norm for new companies in a few years.

[Promarged]

BeyondCorp is indeed complex but I don't know about outsourcing it to someone else. It's a core of one's company's infrastructure so that'd be extremely risky to let someone else manage it. But maybe it depends on the company size but if that's so a small company doesn't need this level of protection (device keys in TPM, device management and health checking service, etc).

[mtgx]

BeyondCorp is not just about using secure channels and authentication, it's also about using secure end-points (=minimal data breach impact).