Zero-Trust Model

Instead of traditional methods such as VPNs and login credentials to establish trust and verify identity, Google relies on a “tiered access” model, which looks at the user’s individual and group permissions, the user’s privileges as defined by the job role, and the state of the device being used to make the request.

Access rights are based on multiple variables—usernames and passwords are just one part—such as device state, user’s group permissions, user’s job role, device behavior, and user behavior, to name a few.