Secure Google Access

Overview

Acreto offers a comprehensive solution for businesses seeking to safeguard their access to corporate Google applications and data. This is achieved by channeling all traffic to these applications through Acreto’s advanced threat engine and instituting a restriction rule on Google to accept traffic from Acreto’s IP address exclusively. With Acreto, enterprises can be assured of a secure and reliable connection to their essential Google assets.

This document outlines a clear and easy-to-follow process for businesses to secure their corporate Google access with the help of Acreto.

Pre-requisite

  1. Google Workspace Enterprise version or above
  2. New or existing configured Ecosystem
  3. Onboard users to Acreto Ecosystem

Step 1: Enforce IP restrictions on Google using Context-Aware access (CAA)

Google Administrators must enforce the IP restriction rule using Context-Aware access under the Admin console to allow access only from Acreto Ecosystem IP.

When this step is done, access to Google based services will be restricted to the IP address of Acreto, only users connected by Acreto Connect Client can access it.

  1. Log in to https://admin.google.com/ with Admin credentials
  2. Goto Home » Security » Access and Data control » Context-Aware Access Secure-Google Secure-Google
  3. Click Create New Access Level Secure-Google Secure-Google
  4. In the Details section, provide the following:
    • Access level name: Acreto_access_allow
    • Description: Access is allowed only through Acreto Secure-Google Secure-Google
  5. Log in to Acreto Portal amd choose your Ecosystem. From the Left menu choose Objects > Alocated IP’s and copy default exits IPs. Secure-Google Secure-Google
  6. In the Context conditions sections, click ADD CONDITION
    • Select meets all attributes (AND)
    • Select:
      • Attribute: IP Subnet
      • Value: Ecosystem Exit IP IPv4 , Ecosystem Exit IP IPv6 with mask /56 from Acreto Portal
    • Click Create Secure-Google Secure-Google
  7. Next, click ASSIGN ACCESS LEVEL Secure-Google Secure-Google
  8. Select all the apps that need secure access and click ASSIGN Secure-Google Secure-Google
  9. Check both the Access level and assign to the Desktop app and click SAVE, Secure-Google Secure-Google

With this step, the IP enforcement configuration on Google is complete.

Step 2: Turn ON Context-Aware Access

Once onboarding of all the users on Acreto is complete, the administrators can Turn-On the Context-Aware Access for everyone.

When this step is done access restriction rule will be applied to all users.

  1. Goto Home » Security » Access and Data control » Context-Aware Access and click Turn-On Secure-Google Secure-Google

Summary

Once the user or device is connected by Acreto Connect Client, the traffic goes through Acreto Ecosystem, which is thoroughly scanned against any threat or malware. Also, the traffic leaving Acreto gains Acreto’s Exit IP as the source, meeting the Google CAA access criteria.

All traffic that comes from the user to Google is now additionaly secured.