Thank you for signing up!

Thank you for signing up for our newsletter. It's a great way to stay up to date with everything about Grove Group.

Google Cloud Security: Key announcements every CIO should know from the Event

Building on cloud security leadership to help keep your business protected

It is mind-boggling to see the staggering scale on which targeted breaches encapsulates the current threat landscape. For any business, moving to the cloud requires not only careful planning and hard work but also something more fundamental: trust. You need to trust that your cloud provider will keep your data safe, prevent threats, and on top of that also do it transparently to keep you in control. As threats increase in complexity, trust requires a cloud provider that is always working to create new ways to protect you by being on the forefront of security innovation.


When it comes to security, Google Cloud continues to deliver innovative ways to help enterprises be more secure. Consequently, they’ve recently been named a Leader in The Forrester Wave™: Public Cloud Platform Native Security, Q2 2018 report. Their impeccable approach to security was also highlighted during the recent Google Next’18 event. From context-aware to shielded VMs, and binary authorisation, Google announced a variety of security tools and capabilities, to secure data and the operating environment.


A more secure business landscape is better for everyone

During the event, Google has introduced new security capabilities focussing on access, infrastructure, securing sensitive data and transparency. These new features added to the more than 20 security updates that Google announced in March 2018. According to Jennifer Lin, director of product management at Google Cloud, the goal is to provide organisations with a scalable and highly secure foundation for running cloud workloads. “As your organisation moves workloads to the cloud, trust in the underlying infrastructure is critically important,” she noted. Here are some of the announcements.


1. Making access to apps and services more secure and convenient

People increasingly want access to their business-critical apps on the devices that make the most sense for how they work. However, traditional access management solutions often put security at odds with flexibility by imposing one-size-fits-all, coarse-grained controls that limit users. To address this Google Cloud announced context-aware access and Titan Security Key functionality.


Context-aware access

The new context-aware access support for cloud customers implements many elements of  BeyondCorp, a zero-trust approach to security that Google uses internally to control employee access to its data and services. This feature allows organisations to define and enforce granular access to GCP APIs, resources, G Suite, and third-party SaaS apps based on a user’s identity, location, and the context of their request. Context-aware access increases your security posture while decreasing complexity for your users, giving them the ability to seamlessly log on to apps from anywhere and any device.


Titan Security Key

Google also introduced its new key-based authentication service via the Titan Security Key, a hardware key featuring firmware development by Google. Organisations can use the Titan Security Key to implement two-factor authentication to their cloud workloads on G Suite and GCP. It gives organisations an authentication mechanism that is stronger and more phishing resistant than two-step authentication via text messaging.


2. Strengthening a secure foundation

As your organisation moves workloads to the cloud, trust in the underlying infrastructure is critically important. Google Cloud’s goal is to deliver a highly reliable, highly secure foundation for you to build on, and to allow you to take advantage of the protections they’ve built in. This includes Shielded VMs, Binary Authorisation, Container Registry Vulnerability Scanning and geo-based access for Cloud Armor.


Shielded VMs

Shielded VMs are virtual machines (VMs) on GCP hardened by a set of security controls that help defend against rootkits and bootkits. Using Shielded VMs helps protect enterprise workloads from threats like remote attacks, privilege escalation, and malicious insiders. With Shielded VMs you can monitor and react to any changes in the VM baseline as well as its current runtime state.


Binary Authorisation and Container Registry Vulnerability Scanning

With Binary Authorisation, you can enforce signature validation when deploying container images. This can be integrated with existing CI/CD pipelines to ensure images are properly built and tested prior to deployment. It can also be combined with Container Registry Vulnerability Scanning to prevent deploying images that contain any vulnerable packages. Container Registry Vulnerability Scanning automatically performs vulnerability scanning for Ubuntu, Debian and Alpine images to ensure your images are safe to deploy.


Cloud Armor

Cloud Armor is Google’s DDoS and application defense service, based on the same global infrastructure that they use to protect Search, Gmail and YouTube. During Google Next’18, they’ve announced geo-based access control for Cloud Armor, available now in beta, which allows you to control access to your services based on the geographic location of the client trying to connect to your application.


3. Giving you more transparency, insight and control

Google Cloud empowers you with the visibility, insight and control you need to meet your organisation’s security objectives as you move to the cloud or increase your cloud adoption through Access Transparency for GCP.


Access Transparency

Google provides a comprehensive level of documentation on how they do things in the cloud, such as data encryption. They also offer customers near real-time visibility into the limited situations when they are required to interact with your data on the Google Cloud Platform. Access Transparency for GCP — a first-of-its-kind capability — is soon to be generally available to all customers.


Tags:

Recent Tweets