The latest Google cloud security blitz unleashed more than 20 updates. It’s a push to get companies to move their workloads to Google’s cloud — and off of Amazon Web Services (AWS) and Microsoft Azure.
The new security capabilities cover Google Cloud Platform (GCP), G Suite, and Chrome Enterprise. They include features like better visibility across cloud services and potential threats and beefed up security against email phishing attacks.
Google also partnered with four additional enterprise mobility management providers (it announced a partnership with VMware AirWatch last year) in a move that allows IT admins to manage security policies across devices from a single place. The new partners are Cisco Meraki, Citrix XenMobile, IBM MaaS360, and ManageEngine Mobile Device Manager Plus, a division of Zoho Corp.
Here’s a rundown of some of the other security updates:
- Cloud Security Command Center (Cloud SCC) provides better visibility into GCP services including App Engine, Compute Engine, Cloud Storage, and Cloud Datastore. It lets enterprises monitor GCP cloud assets, scan storage systems for sensitive data, detect vulnerabilities, and review access rights from a single dashboard. In addition to using Google’s own threat detection, it works with security partners such as Cloudflare, CrowdStrike, Dome9, Palo Alto Networks, Qualys, and RedLock. It’s currently in alpha.
- VPC Service Controls, in beta, provides virtual security perimeters for API-based GCP services such as Google Cloud Storage, BigQuery, and Bigtable. It’s a managed service, and it establishes a private, direct link between GCP and hybrid VPC networks using Cloud VPN or Cloud Dedicated Interconnect. This allows companies to store data in the cloud but access it securely from on-premises data centers or cloud-based virtual machines. It also provides context-aware access control for GCP resources using the Access Context Manager feature, which lets enterprises create control policies based on attributes like user location and IP address.
- Google is giving users more visibility into how it’s using their data with Access Transparency. This service will provide customers with an audit log of authorized administrative accesses by Google “for many GCP services,” according to a blog post by Jennifer Lin, director of product management, GCP security and privacy. The cloud company will also give users justification for those accesses, and it promises to add more services to the list throughout the year.
- Default-on email protections target phishing attacks by automatically flagging emails from unauthenticated senders as well as untrusted senders that have encrypted attachments or embedded scripts. These new security controls also warn against email that tries to spoof employee names or that comes from a domain that looks similar to your own domain. And they scan images for other phishing indicators and expand shortened URLs to uncover malicious links.
- Device management for mobile devices that access G Suite lets admins see which devices access corporate data from a single dashboard. It also enforces pass codes and can erase confidential data on Android and iOS devices. It does this without requiring employees to install profiles on these devices.
- New additions to the G Suite security center include security charts showing OAuth activity and business email compromise (BEC) scam threats as well as improved protection against phishing scams. Additionally, new mobile management charts show when devices have been hijacked, rooted or jailbroken, as well as when other suspicious device activity.
The Google cloud security updates come as more companies are using public and private cloud infrastructure. And security is the most commonly cited benefit of hosting networks in the cloud, according to Cisco’s most recent annual security report. (It’s also worth noting that Cisco has a hybrid cloud partnership with Google and plans to deploy the service in the second half of this year).
But as Google continues to struggle to pull market share from no. 1 and no. 2 cloud providers AWS and Microsoft, respectively, we’ll be watching closely to see if its security investments pay off.
