[TheDong]

May I recommend reading up on beyondcorp [0]?

Google has moved its internal stuff to the beyondcorp model, and it honestly seems like a better approach if you really care about security and have a big enough security team to make it work.

[0]: https://www.beyondcorp.com/

[raesene9]

Beyondcorp is a great model IF you can afford to manage it correctly.

Google have a) huge resources and b) a threat model which means they're subject to a lot of high-end attacks all the time.

for many corp's the idea of exposing all their services and endpoints to the general internet without firewalls or VPNs would ... end poorly...

[honkycat]

Thank you for the suggestion! :)

Google I(dentity)A(ware)P(roxy) is actually a hosted beyondcorp implementation! But I probably should have explained that in my original comment.