BT

Google’s New Cloud Security Tools Increase DDOS Protection, Transparency and Usability

| by Steef-Jan Wiggers Follow 9 Followers on Apr 06, 2018. Estimated reading time: 2 minutes |

Google have introduced several new cloud-focused security enhancements for the Google Cloud Platform (GCP). These enhancements include new services like Cloud Security Command Center (Cloud SCC), Google Cloud Armor, VPC Service Controls, and several new features for G Suite administrators. Furthermore, these enhancements are a part of Google’s investment in their cloud platform to aid their customers to harden the security of their enterprise solutions and GCP services they consume.

With the Cloud Security Command Center customers can organize security-related information in a single dashboard, and the Google Cloud Armor protects against DDoS attacks and other threats. Additionally, VPC Service Controls offer cloud operators a better way to extend on-premises security policies into Google’s cloud services, and the new features for G Suite provide administrators a way to lock down accounts and avoid phishing emails. Hence, more controls are available to the customer to deepen and expand the control over their environment and services.

The new Cloud SCC service is an alpha product in GCP, which will bring more security transparency to services like App Engine, Compute Engine, Cloud Storage, and Cloud Datastore. Customers can get an inventory of their cloud assets, scan their storage systems for sensitive data, detect common web vulnerabilities and review access rights to critical resources. 

Image source: http://www.googblogs.com/category/google-cloud-platform-blog/page/2/

Another alpha product is Google’s VPC Service Controls, which includes protection of data stored in the API-based services in GCP. Moreover, in the blog post about the release of this new security product by Jennifer Lin, director of product management, GCP Security, and Privacy:

For services like Google Cloud Storage and BigQuery, this can protect against exfiltration if identities are stolen, IAM policies are misconfigured, and more. This could go a long way to making business leaders more comfortable with moving their data to the cloud.

Note that to use VPC Service Controls, users need to request access through a beta program with their details.

Next, with the Cloud SCC service and VPC Controls, customers can use Google Cloud Armor, which uses the same global HTTP(S) load balancing found in products like "Search" and "YouTube". In the same blog post, Lin about Cloud Armor:

Cloud Armor works with Cloud HTTP(S) Load Balancing, provides IPv4 and IPv6 whitelisting/blacklisting, defends against application-aware attacks such as cross-site scripting (XSS) and SQL injection (SQLi), and delivers geography-based access control. Users can create custom defenses with Layer 3 to Layer 7 parameters. And Cloud Armor will give a breakdown of blocked and allowed traffic as it goes.

Google Cloud Armor sits on the edge of Google’s network, aids in blocking attacks to its services, and has IP whitelisting and blacklisting tools. The service is built on three pillars: a policy framework, a rich rules language, and global enforcement infrastructure.


Image source: https://cloudplatform.googleblog.com/2018/03/getting-to-know-Cloud-Armor-defense-at-scale-for-internet-facing-services.html

Google added several new features to its G suite office software, including the prevalence of phishing attacks in Gmail. Furthermore, it has added additional security features for Team Drives in Google Drive, and more controls for team members who use G Suite on mobile devices.

To conclude, data loss can be a serious issue, and with the upcoming introduction of General Data Protection Regulation (GDPR), security is high on everyone’s agenda. Hence every cloud provider, including Google, is aiming to provide security services to a high standard. Google’s recent investment in security enhancements on their cloud platform is an example of that.
 

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss
BT