6 Tips For Enhanced Visibility and Control on Google Cloud

Google administrators often struggle with the monumental task of making sure that everything is flowing smoothly in the business. That means not only keeping track of how well technology is performing but also examining what kind of tools and software your team relies on most when it comes to accomplishing their goals on the cloud.

While there are many things that a good Google admin needs to thrive in their job, two of the most valuable of all are visibility and control. Fortunately, the Google team is constantly working to provide customers with higher levels of control and visibility when it comes to everything from data, to team performance.

Let’s take a look at just some of the tools and solutions that you can use within the Google Work Space (G Suite) environment to take your visibility efforts to the next level.

Storing Encryption Keys with External Key Manager

In November 2019, Google used Cloud Next as an opportunity to announce a range of updates to the way that administrators can control and manage keys on the cloud. With a wide selection of encryption options to choose from, admins have more choice when it comes to balancing risk, security, operational efficiency and security in the cloud.

As standard, the Google cloud automatically encrypts customer data at rest. You also get access to various solutions for managing and controlling encryption keys. For instance, the External Key Manager works with the Cloud KMS solution, allowing teams to encrypt their data in both Compute Engine and Big Query. Your encryption keys are stored and manage in a third-party system deployed outside of the infrastructure that you already rely on with Google.

The benefit of this solution is that it allows you to maintain a separation between the data that you hold at rest, and your encryption keys, while still having access to all of the power of the Google cloud environment for computing and analytics. To make access even easier, Google even partnered with leading key management vendors like Equinix, Unbound, and Ionic.

More Control Over How Data is Accessed

Key Access Justifications is a feature designed to work with your External Key manager. Basically, this technology offers an in-depth justification, perfect for auditing purposes, whenever a key is requested for the decryption of data.

This allows administrators to access a greater level of transparency when dealing with data on the cloud and storing information. There’s also a mechanism built in that allows you to approve or deny the request to use the key using an automated policy established by your team.

By using Key Access Justifications and External Key Manager together, you can also decide if you want to deny Google the option to decrypt your data too. This means that you have complete control over your information. That’s a level of control that you just can’t get from any other cloud provider. The changes to encryptions that Google introduced in 2019 also complemented other updates like:

• Cloud HSM availability in all Google Cloud regions.
• Key importing solutions for Cloud HSM
• Application layer secrets encryption support for GKE
• Customer managed encryption keys for GKE disks
• Customer managed encryption for Cloud SQL keys.

Handling Internet and Network Threats

It’s not just encryption that Google provides more control and visibility over for customers. When you create applications on the Google Cloud environment, you also get the benefit of web attack and DDoS protection at scale. Google Cloud Armor – the security solution available from Google, works with global load balancing to provide an always-on solution for attack detection and mitigation.

Google introduced a new web application firewall solution for Cloud Armor in 2019 that helps to protect applications against distributed and targeted internet threats. You can now create policies in Cloud Armor with location-based access controls, pre-configured WAF policies with location focused controls, WAF app protection, and custom rules language to create custom filtering policies.

Cloud Armor also integrates with the Cloud Security Command Center provided by Google. This notifies customers of any unusual traffic patterns that appear within the Cloud SCC dashboard.

Protecting G-Suite and Cloud Identity Users

Advanced Protection from Google Work Space (G Suite is one of the strongest solutions that the company offers for users risking targeted attacks. In the enterprise environment, this includes supporting both executives and IT administrators alike. The advanced protection program is already companies around the world to defend their G Suite and cloud identity users.

Since 2019, Google has been helping brands to enforce specific policies for enrolled users, spanning from security key enforcement, to blocking trusted app access. Google also offers increased app access control for enterprise admins that need to reduce data loss risks by ensuring limited access to Google Work Space (G Suite APIs. This feature ensures that you can more easily restrict and manage which Google APIs should be available to customer-owned and third-party applications.

At the same time, Google is still building products that are committed to helping customers benefit from the techniques that the Google team uses itself. If you’re using the Cloud Security Command service to monitor your data, then you’ll be able to tap into the benefits of threat detection and prevention capabilities exclusively available from Google too.

The arrival of Event Threat Detection in the Google landscape means that administrators can detect some of the threats that are targeting their cloud resources with the use of logs. This means that you can send incident information to your Security Information and Event management tools for further analysis. Event threat detection technology takes advantage of Google intelligence so that users can easily spot and eliminate problems before they cause business loss or damage.

Securing your Data with More Control Over Devices

There are numerous organizations in the current business landscape where administrators need to manage both on-premise and cloud-based solutions for data protection. This can make it difficult to collect and store information from various systems and tie individual events together to analytics. Fortunately, Backstory can assist with this, providing a deeper level of comprehensive intelligence.

On top of that, the Google landscape also comes with support that allows IT admins to unlock simpler strategies of managing access to devices and controlling those devices. At the end of October 2019, Google announced the arrival of new endpoint security solutions for even deeper control. Many of these features are turned on by default for both Cloud Identity and G Suite, to reduce the burden that IT admins face when it comes to ensuring that their teams have the right level of protection.

Control and Visibility in Google

As you can see from all the features above, the security and control capabilities of the Google Work Space (G Suite and Google Cloud just keep getting better. As we look forward to a new decade of Google Cloud solutions, and a digital Google Cloud Next experience this year, it’s likely that we’ll see even more opportunities for security and privacy management emerging from the tech giant.

In the meantime, if you want to learn more about how to get the most out of the admin features available from Google, contact  Apps Admins today!