<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=986590804759414&amp;ev=PageView&amp;noscript=1">
G Suite Admins Blog > Security and Governance

Cloud Confidence: The Latest Updates to Google Security

Cloud Confidence The Latest Updates to Google Security

Google has always had a strong commitment to security - particularly when it comes to cloud computing. After all, when the cloud first emerged as an alternative to on-premise software and data storage, countless business leaders worried that the internet could never be safer than their own private systems on-premise.

Fortunately, year after year, Google has been striving to prove that anyone can be secure and confident in the cloud. Whether it's the dedicated Google Security Team that gives you peace of mind, or hardware devices like a USB physical security key, Google has you covered.

At the 2019 Google Cloud Next event, the market leaders announced more than 30 new products and services for their security strategy, designed to give you even more stability in the Google Cloud Platform, and G-Suite. According to Google, these tools will:

  • Reduce data risk with DLP and VPC service controls.
  • Provide meaningful transparency through Access Approval and Support for G-Suite.
  • Centralize security management through tools like the Cloud Security Command Centre, Event Threat Detection hub, and Cloud Security Scanner.
  • Offer insights into incident response and management with Stackdriver Incident Response.
  • Provide an overview of your APIs with Apigee Security Reporting.
  • Secure the software supply chain with tools like GKE Sandbox, Binary Authorization, Certifications for GKE, and Shielded VMs.
  • Deliver better control over G-Suite with Region enhancements, advanced malware and phishing protection, and Security Alert Center.
  • Maintain safety on the web with reCAPTCHA Enterprise, and Phishing Protection.
  • Unlock insights with machine learning through Policy Intelligence Programs.

Here's what's new for Google Cloud Security in 2019


Ensuring Better Transparency on the Cloud with Google


Increasingly, companies of all sizes are turning to the cloud to help them run more scalable and agile businesses. However, just because companies want to be able to adapt and pivot faster, doesn't mean that they don't want to see where they're going.

In 2018, Google announced its Access Transparency service for the Google Cloud Platform, which logs issues almost in real-time. This transparency service is now available for all G-Suite Enterprise users, which means that you can enjoy a deeper overview of your G-Suite data too. All you need to do is visit the G-Suite Admin Console to check what's been happening in your company.

Access Approval was also introduced in December 2018, which allows administrators to better control the access that users have to the configurations and data in the GCP. Access Approval is currently available in beta mode for the Google Compute Engine, Google Cloud Storage, and Google App Engine.

The easier it is for business leaders and IT teams to access information about sensitive data, the better they will be at reducing exposure and breach risks. In 2019, Google also introduced its Data Loss Protection UI, which is available in beta mode for businesses of any size. There's no code required, and no VMs to control. Instead, all you need is the Google console to get started.


Find Threats Wherever They Might Be


The first step in protecting any information - wherever it is, is knowing where you can find your data. Most companies should already have strong data management and protection policies in place to help them comply with regulations like GDPR. Google can help you to make the most out of your security and privacy measures within the GCP Console.

In 2018, Google announced the new Google Cloud Security Command Center - an all-in-one security management and risk management solution for the GCP. In 2019, they made the Command Centre generally available. With Google Cloud Security through SCC, you can detect and manage threats across a host of Google services including BigQuery, Compute Engine, Cloud Storage and App Engine. Now that the SCC is generally available, there's also a new set of services to discover, including:

  • Security Health analytics: Automatic scanning that checks the infrastructure of your GCP to uncover any issues with storage systems, encryption keys, security logging, and more.
  • Event Threat Detection: Using Google's proprietary AI and ML models, Event Threat Detection finds threats like malware, DDoS attacks, and more. It can scan your Stackdriver logs for suspicious activity in the GCP too.
  • Cloud Security Scanner: With the Cloud Security Scanner, you can detect various vulnerabilities, including cross-site scripting, clear-text password usage, and outdated GCP libraries. The Cloud Security Scanner is now available in GA for the App Engine, or beta for Kubernetes.

With the Cloud Security Command Centre, you can also respond to the threats you find faster by exporting information to your SIEM and tracking incident resolution in the Stackdriver management tool. Google also unveiled a host of partner integrations with security leaders like Redlock, McAfee, Capsule8, and more this year.


Google Cloud Security for APIs and the Supply Chain


There are many different ways for businesses to build and customize their cloud experiences today.

APIs are a valuable solution for developers, but they're also a potential target for criminals who want to find their way into a company's security systems. The Google Cloud API management platform with Apigee allows you to track your APIs and programs with holistic central management experience. Your findings will be available through the Apigee console and are available to integrate with SIEM tools.

When you're developing your business with a robust supply chain, Google Cloud Security can assist with that too. At Google Cloud Next 19, Google revealed various new GKE services to improve your containerized system support. For instance, Container Registry is a private Docker registry that offers native integration for GKE capable of identifying issues with Alpine Linux, Debian, and Ubuntu.

Before deploying a container into a GKE cluster, companies may also want to check that it meets with their deployment requirements. Fortunately, Binary Authorization can help with this. It gates images that go against your company's needs and restrictions. There are even options for people who want to provide an extra level of security with the GKE Sandbox.

For those concerned about the security of their entire lifecycle management strategy, the GKE Managed SSL certificates are now available in beta, making it easier to operate and manage your GKE applications according to your specific needs. What's more, to harden your VM workloads, the Google Cloud has introduced Shielded VM, which ensures verifiable integrity for VM instances on the Google Compute Engine workspace. Google claims that over 21,000 shielded VMs are already running on the GCP today.


Protecting your G-Suite Experience


If defending your Google Cloud Platform instances with the latest Google updates wasn't enough, then how about the range of upgrades that are available for G-Suite too? During Google Cloud Next 2019, Google announced a variety of new ways that users could manage and improve their protection of the G-Suite network of productivity tools. 

For instance, if you keep up with the Google blog, you might have noticed that they're enhancing their data region opportunities, with a range of new environments where you can store your data backups. Additionally, there are new beta controls available for companies searching for advanced protection from malware and phishing. These controls will give administrators better protection against inbound content (like emails), and attachments. The security sandbox is also available in G-Suite for Enterprise users, which helps to offer better protection against malware and ransomware too.

What's more, just like the Google Cloud Security Center, there's also a security center specifically designed for G-Suite users too. This environment gives admins access to unified notifications about what's going on in their productivity apps, as well as best-practice recommendations to help them deal with threats. The beta service comes with options for admins to share and save investigations via a security investigation tool. What's more, within the alert center, admins can also create rules that perform defense actions automatically.


Smarter Security with Machine Learning


It wouldn't be a security update from Google if there wasn't at least a little bit of artificial intelligence thrown in. Google knows that companies often struggle with staying on top of the latest demands with their security policies. As the industry becomes more complex, and technology becomes more immersive, it's essential to make sure you're always adjusting to get your security systems right. Fortunately, Google can help you to stay on top of your security standards with Policy Intelligence.

Policy Intelligence is available as a feature initially for Cloud IAM, and it comes with three primary tools to add machine learning to your security policies. The first tool is IAM recommender, which helps administrators to use machine learning when making smarter access control decisions. The second solution is the Access Troubleshooter, which helps security admins to see why certain requests might be denied by the Google defense system.

The final ML service is the Security Validator, which allows admins to set up unique security and governance guidelines that stop them from giving users too much access to any specific tool.


Keeping Companies Secure


Staying ahead of the curve on the Google Cloud and G-Suite isn't just about making sure you access the latest tools. You also need to make sure that you're keeping your operations and data as secure as possible. Fortunately, Google puts safety and intelligence at the heart of everything they do.

The updated Google Cloud Security environment for 2019 has everything you need to ensure better peace of mind when you're discovering the benefits of your latest cloud solutions or productivity tools.

For more help setting up your Google experience, reach out to Coolhead Tech today.