Google famously has no "internal" pages (but a lot of private pages of course).
Instead of using a VPN solution for off-site, they have a reverse proxy sitting in front of their back-office sites, the reverse proxy verifies user authentication (inc. 2F) and permissions before allowing access to the site in question (both from on Google's campus and off-site).
The theory goes that even if you break into Google's campus and plug into their corporate network, or find an employee's computer you'll still have no easier time accessing their private pages than you would otherwise.
It is actually a really interesting topic all in its own right.
Yea. This pattern is called BeyondCorp or Zero Trust. Google was the first company to pioneer it but adopting this architecture internally. Only now companies are slowly moving to this and vendors are creating products and services to support this architecture.
Instead of using a VPN solution for off-site, they have a reverse proxy sitting in front of their back-office sites, the reverse proxy verifies user authentication (inc. 2F) and permissions before allowing access to the site in question (both from on Google's campus and off-site).
The theory goes that even if you break into Google's campus and plug into their corporate network, or find an employee's computer you'll still have no easier time accessing their private pages than you would otherwise.
It is actually a really interesting topic all in its own right.