I’ve been aware of Google Cloud identity management and EMM features for years, but it was just a few weeks ago at Google Cloud Next 2018 that I finally had a chance to have a formal briefing. At the conference, I sat down with Karthik Lakshminarayanan, director of product management, Cloud Identity.
Karthik previously worked on EUC at VMware, AppSense, and Microsoft (RemoteFX), so he’s quite experienced with our area of enterprise IT products. I mention this because some folks might not be aware of how extensive Google’s enterprise efforts are. Google Cloud is led by Diane Greene, one of the founders and former CEO of VMware, and at both this year and last year’s Google Cloud Next, I was impressed with all they’re doing. In other words, for those that might not be aware, Google Cloud is big and serious.
But I digress... Anyway, Google Cloud Identity provides identity management (federation, MFA, SSO, etc.) for SaaS and web apps, and MDM and other EMM features for iOS, Android, and (in progress) Chrome OS devices. You can think of it as the equivalent as VMware Workspace One, Microsoft Enterprise Mobility + Security, and other EMM/IDaaS combos.
Google Cloud Identity is part of G Suite and other Google Cloud Platform products, but earlier this year it became available as a freestanding product. In fact, that was one of the key points that Karthik wanted to emphasize—you don’t have to be a G Suite customer to have it.
Google Cloud Identity approach and features
Google Cloud Identity integrates with SaaS apps via SAML and OpenID Connect; it has a catalog of pre-integrated apps; it supports automated provisioning; and you can always do custom integrations. It can sync to Active Directory or LDAP with Google Cloud Sync, and it can be federated with other cloud identity providers.
As you could guess, they take the perimeter-less BeyondCorp approach to access management, and at Cloud Next, they announced context-aware access. This is like the conditional access trend we’ve been talking about; they just happen to prefer the term “context-aware access” instead. It includes standard signals, like device status (OS version; jailbreak/root detection), impossible travel, and on Android, detecting whether the user is real or a bot. This is in addition to Google Cloud’s hardware security key push, with the newly announced Titan Security Key.
On the EMM side, naturally their approach is informed by the types of customers that have long gravitated towards G Suite, and they support a few different management models.
First, you can do “basic” mobile management, which is essentially app-level MAM with a few device checks thrown in. For G Suite customers, the Google apps do a basic device check for the presence of a passcode, the OS version, and jailbreaking/rooting; and to enforce compliance, they can always remove users enterprise accounts. Back in March, this functionality was enabled by default for G Suite accounts.
For “advanced” mobile management, they do MDM for iOS, and for Android, they support Android Enterprise work profiles and company-owned devices. Google’s Chrome Device Management has been around for a while, and its being integrated into Google Cloud Identity now.
All of this is $4/user/month for the first year and then $6 afterwards; you can find information on the different Cloud Identity editions here.
Some things that Google Cloud Identity doesn’t happen to be doing right now include the Apple Device Enrollment Program and Android Enterprise kiosk mode features. We didn’t dive into their whole roadmap, but Karthik told me that they will do macOS and Windows 10 management, as well.
Overall, Google Cloud is clearly ambitious and capable of moving quickly, and the impression that I got from Cloud Next is that they’re sensitive to the needs of their enterprise customers, too. So, going forward, we should keep a close eye on the Google Cloud Identity product line and features, especially now that it’s available as a standalone offering.