Today, Google has announced more than 20 enhancements to its Cloud Security environment, with the aim to give more control to businesses operating in the Cloud. These announcements follow security announcements for Chrome Enterprise, which the company made last week.
These enhancements include: VPC Service Controls, which Google considers to be the first to deliver virtual security perimeters for API-based services with simplicity, speed and flexibility, Cloud Security Command Center, currently in alpha, and more comprehensive cloud auditing tools.
VPC Service Controls help enterprises keep their sensitive data private while using Google Cloud Platform’s fully managed storage and data processing capabilities. Google believes this product will give admins a greater level of control to prevent data exfiltration from cloud services as a result of breaches or insider threats.
Gerhard Eschelbeck, VP, security & privacy, Google, commented in a blog: “Imagine constructing an invisible border around everything in an app that prevents its data from escaping, and having the power to set up, reconfigure, and tear down these virtual perimeters at will. You can think of [VPC Service Controls] like a firewall for API-based services on GCP.”
Using the managed service, enterprises can configure private communication between cloud resources and hybrid VPC networks. By expanding perimeter security from on-premise networks to data stored in GCP services, enterprises can feel confident running sensitive data workloads in the cloud.
Another product that has been announced is the Cloud Security Command Center. It is a security and data risk platform for GCP that helps enterprises gather data, identify threats, and act on them before they result in business damage or loss.
Cloud Security Command Center gives enterprises consolidated visibility into their cloud assets across App Engine, Compute Engine, Cloud Storage, and Cloud Datastore. People can quickly understand the number of projects they have, what resources are deployed, where sensitive data is located, and how firewall rules are configured. With ongoing discovery scans, enterprises can view the history of their cloud assets to understand exactly what changed in their environment and act on unauthorized modifications. It also provides powerful security insights into cloud resources.
Administrators can identify threats like botnets, cryptocurrency mining, and suspicious network traffic with built-in anomaly detection developed by the Google Security team, as well as integrate insights from vendors such as Cloudflare, CrowdStrike, RedLock, Palo Alto Networks, and Qualys to help detect DDoS attacks, compromised endpoints, compliance policy violations, network intrusions, and instance vulnerabilities and threats. With ongoing security analytics and threat intelligence, enterprises can better assess their overall.
“A strong security posture plays a critical role in helping us fulfill our mission of helping our members navigate the complex personal finance landscape through a predictive, data-driven recommendation system,” says Ryan Graciano, CTO, Credit Karma. “User trust is crucial to our business so security was hugely important when selecting a cloud provider. Google Cloud’s end-to-end approach met our high standards. This enables us to spend more time focusing on building the best products for our customers.”