Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Many New Security Features, Services Added to Google Cloud

Google Boosts Security of Google Cloud

Google this week announced a series of tools meant to increase the overall security of Google Cloud and improve customer trust in the service.

Google Boosts Security of Google Cloud

Google this week announced a series of tools meant to increase the overall security of Google Cloud and improve customer trust in the service.

The new functionality will allow users to gain better visibility into their environments, detect threats and accelerate response and remediation, mitigate data exfiltration risks, ensure a secure software supply chain, and strengthen policy compliance.

Building on the Access Transparency service introduced last year and which is now generally available in G Suite Enterprise, Google announced Access Approval for Google Cloud Platform (GCP) in December, and is now making it available in beta for Compute Engine, App Engine, Cloud Storage, and other services.

Access Transparency was designed to provide visibility into the access that Google Cloud employees had into G Suite data (details on each access and the reason behind it is logged in the G Suite Admin Console). Through Access Approval, users can explicitly approve access to their data or configurations.

Google Cloud securityA newly introduced Data Loss Prevention (DLP) user interface, which is now in beta, allows users to perform scans with just a few clicks.

Google also made virtual private cloud (VPC) Service Controls generally available to help customers define a security perimeter around specific resources, including Cloud Storage buckets, Bigtable instances, and BigQuery datasets, and mitigate data exfiltration risks.

The Cloud Security Command Center (Cloud SCC) introduced last year is now generally available to help prevent, detect, and respond to threats across a broad set of GCP services (App Engine, BigQuery, Cloud Storage, Compute Engine, Google Kubernetes Engine, and more).

Google also added new services to Cloud SCC, including Event Threat Detection to detect malware, crypto mining, and outgoing DDoS attacks, and Security Health Analytics to automatically find public storage buckets, open firewall ports, stale encryption keys, deactivated security logging, and much more.

Advertisement. Scroll to continue reading.

Generally available for App Engine and in beta for Kubernetes Engine (GKE) and Compute Engine, Cloud Security Scanner detects vulnerabilities such as cross-site scripting (XSS), use of clear-text passwords, and outdated libraries in GCP applications.

Additionally, Google announced security-focused partner integrations with Capsule8, Cavirin, Chef, McAfee, RedLock, StackRox, Tenable, and Twistlock.

New security reporting in Apigee, Google Cloud’s API management platform, helps customers gain a holistic view of the health and security status of API programs.

Google also announced several GKE services “to help build confidence in your containerized software supply chain.”

Generally available soon, Container Registry can find package vulnerabilities for Ubuntu, Debian, and Alpine Linux to identify bugs before containers are deployed. Binary Authorization, which can be integrated with Cloud Key Management Service and Cloud SCC, helps customers make sure containers meet the organization’s requirements before being deployed.

Google is also promoting GKE Sandbox out of beta. Based on the open-source gVisor project, the tool provides additional isolation for multi-tenant workloads, to prevent container escapes and increase workload security.

Furthermore, GKE now offers Managed SSL certificates (currently in beta), with full lifecycle management (provisioning, deployment, renewal and deletion) of your GKE ingress certificates. Google Cloud also offers Shielded VM, designed to provide verifiable integrity of Compute Engine VM instances.

Google also introduced new ways to help customers protect, control, and remediate threats to the business data created and stored in G Suite.

Since some organizations want their data to be stored in specific locations, G Suite Business and Enterprise customers can select where their covered data is stored (globally, in the US, or in Europe), and backups are now covered as well.

New controls for advanced phishing and malware protection (in beta) should help stay safe from anomalous attachments and inbound emails spoofing domains in Google Groups. A security sandbox (in beta for G Suite Enterprise customers) improves protection against ransomware, sophisticated malware and zero-day threats by executing attachments in a sandbox environment.

G Suite also includes security and alert centers, with best practice recommendations, unified notifications, and integrated remediation against threats. With new beta functionality, admins can save and share investigations, indicate alert status and severity, assign alerts to other admins, automate actions, and send notifications to the alert center.

Also this week, Google introduced Policy Intelligence, with three new tools to help understand and manage policies and reduce risk, namely IAM Recommender (to remove unwanted access to GCP resources), Access Troubleshooter (to understand why requests were denied and modify policies), and Validator (to set up governance and security guardrails to prevent overly-permissive access).

Following the introduction of the Web Risk API last month (in beta), Google now announced Phishing Protection, a service for reporting unsafe URLs to Google Safe Browsing and viewing the status in Cloud SCC, and reCAPTCHA Enterprise, a new service with capabilities designed specifically to address enterprise security needs.

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.