Google announces new security enhancements for Google Cloud

Google announced more than 20 new security enhancements to the Google Cloud portfolio at the CEO Security Forum in New York yesterday. Some key announcements included the new Cloud Security Command Center, Cloud Armor and the Cloud Data Loss Prevention API.

“When it comes to Google Cloud Platform (GCP), our goal is to continuously improve on the strong foundation that we’ve built over the years, and help you build out a secure, scalable environment,” Jennifer Lin, director of product management for GCP security and private, wrote in a blog post.

The Cloud Security Command Center, currently in alpha, is designed to enable users to monitor the inventory of their cloud assets, scan storage systems for sensitive data, detect common vulnerabilities, and review access rights to critical resources. In addition, it will provide a deep view into the security status and health of several GCP services.

Google Cloud Armor is a Denial of Service and application defense service that is built using the same technology used to protect Search, Gmail, and YouTube. Cloud Armor provides IPv4 and IPv6 whitelisting and blacklisting, defends against cross-site scripting and SQL injection, and delivers geography-based access control.

The Cloud Data Loss Prevention (DLP) API lets users discover, classify and redact sensitive information. It can be used on any data source or business application and can be used to detect sensitive information in real-time or in match mode.

“Our goal is to make the DLP API an extensible part of your security arsenal. Since it was first announced, we’ve added several new detectors, including one to identify service account credentials, as well as the ability to build your own detectors based on custom dictionaries, patterns and context rules,” Lin wrote.

The company also announced new VPR Service Controls to create a security perimeter around data that is kept in API-based Google Cloud Platform services. VPR Service Controls will help reduce data exfiltration risks that come from stolen identities, IAM policy misconfigurations, malicious insiders or compromised virtual machines.

“By expanding perimeter security from on-premise networks to data stored in GCP services, enterprises can feel confident about storing their data in the cloud and accessing it from an on-prem environment or cloud-based VMs,” Lin wrote.

The company’s new Access Transparency solution will expand visibility with an audit log of authorized accesses by Google Support and Engineering as well as reasons for those accesses. “With Access Transparency, we can continue to maintain high performance and reliability for your environment while remaining accountable to the trust you place in our service,” Lin wrote.

Google also released a Cloud Identity service, which is a built-in service to allow organizations to easily manage users and groups. It enables the use of cloud-centric applications and security.

Other announcements included that GCP has received the FedRAMP Rev. 4 Provisional Authorization to Operate (P-ATO) at the Moderate Impact level from the FedRAMP Joint Authorization Board (JAB), which allows customers to take advantage of this certification from multiple Google Cloud regions. This certification means that U.S. federal, state, and local governments can now take advantage of this solution.

Finally, it announced several new partnerships including Dome 9, Rackspace, and RedLock. These partnerships are meant to provide additional solutions that complement Google Cloud’s capabilities.