At Google Cloud Next 2018 conference, the search engine giant has announced no less than 10 security enhancements for its cloud services.
Google said that customers need to trust their cloud providers on keeping their data safe and prevent threats. They also expect the cloud providers to keep everything transparent and in control.
“As threats increase in complexity, trust requires a cloud provider that is always working to create new ways to protect you by being on the forefront of security innovation,” said Jennifer Lin, Product Management Director, Google Cloud.
One of the most exciting announcement is the Titan Security Key. It is a FIDO (Fast Identity Online) key used along with the two-factor authentication. It will allow customers to enable a strong and phishing-resistant authentication for critical assets of cloud, like cloud admin panel.
As of now, these keys are available to Google Cloud customers, and will be soon available on Google Store for all users.
Along with physical security, Google has announced context-aware access capabilities that make access to apps and services more secure and convenient. Enterprises want access to business apps on mobile devices on the go, but traditional access management solutions don’t offer the same security for mobility.
The context-aware access capabilities leverage Google’s BeyondCorp vision for apps and services on Google Cloud and beyond, and enhances the security and flexibility. These capabilities enforce granular access to GCP APIs, G Suite, and third-party SaaS applications on the basis of user identity, location, and context of request. These capabilities are currently in beta.
Google also announced Shielded VMs, which are available in beta. The Shielded virtual machines allow monitoring of VMs and helps admins to react to changes in VM baseline and current runtime state. These VMs make use of advanced platform security capabilities so that enterprises can ensure security of virtual machines.
In addition to VM security, enterprises can also ensure that only trusted containers get deployed on Google Kubernetes Engine by using newly announced Binary Authorization.
The Binary Authorization can be combined with new Container Registry Vulnerability Scanning tool to prevent deployment of images containing vulnerable packages.
The search engine giant has updated its Cloud Armor service with new geo-based access controls. Google uses Cloud Armor to protect its services including Gmail and YouTube. The update will allow admins to control access to services on the basis of geographic location of clients connecting with them.
The new Cloud HSM service will enable customers to host encryption keys and perform cryptographic operations. It is a managed cloud-hosted hardware security module (HSM) service that protects the most sensitive workloads without customers having to worry about operational overhead of managing HSM cluster.
Additionally, Google has announced Access Transparency (expected to be available soon), G Suite security center investigation tool (available via Early Adopter Program), as well as G Suite data regions (generally available).