Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Google’s New Cloud Security Tools Increase DDOS Protection, Transparency and Usability

Google’s New Cloud Security Tools Increase DDOS Protection, Transparency and Usability

This item in japanese

Google has introduced several new cloud-focused security enhancements for the Google Cloud Platform (GCP). These enhancements include new services like Cloud Security Command Center (Cloud SCC), Google Cloud Armor, VPC Service Controls, and several new features for G Suite administrators. Furthermore, these enhancements are a part of Google’s investment in their cloud platform to aid their customers to harden the security of their enterprise solutions and GCP services they consume.

With the Cloud Security Command Center customers can organize security-related information in a single dashboard, and the Google Cloud Armor protects against DDoS attacks and other threats. Additionally, VPC Service Controls offer cloud operators a better way to extend on-premises security policies into Google’s cloud services, and the new features for G Suite provide administrators a way to lock down accounts and avoid phishing emails. Hence, more controls are available to the customer to deepen and expand the control over their environment and services.

The new Cloud SCC service is an alpha product in GCP, which will bring more security transparency to services like App Engine, Compute Engine, Cloud Storage, and Cloud Datastore. Customers can get an inventory of their cloud assets, scan their storage systems for sensitive data, detect common web vulnerabilities and review access rights to critical resources. 

Image source:

Another alpha product is Google’s VPC Service Controls, which includes protection of data stored in the API-based services in GCP. Moreover, in the blog post about the release of this new security product by Jennifer Lin, director of product management, GCP Security, and Privacy:

For services like Google Cloud Storage and BigQuery, this can protect against exfiltration if identities are stolen, IAM policies are misconfigured, and more. This could go a long way to making business leaders more comfortable with moving their data to the cloud.

Note that to use VPC Service Controls, users need to request access through a beta program with their details.

Next, with the Cloud SCC service and VPC Controls, customers can use Google Cloud Armor, which uses the same global HTTP(S) load balancing found in products like "Search" and "YouTube". In the same blog post, Lin about Cloud Armor:

Cloud Armor works with Cloud HTTP(S) Load Balancing, provides IPv4 and IPv6 whitelisting/blacklisting, defends against application-aware attacks such as cross-site scripting (XSS) and SQL injection (SQLi), and delivers geography-based access control. Users can create custom defenses with Layer 3 to Layer 7 parameters. And Cloud Armor will give a breakdown of blocked and allowed traffic as it goes.

Google Cloud Armor sits on the edge of Google’s network, aids in blocking attacks to its services, and has IP whitelisting and blacklisting tools. The service is built on three pillars: a policy framework, a rich rules language, and global enforcement infrastructure.

Image source:

Google added several new features to its G suite office software, including the prevalence of phishing attacks in Gmail. Furthermore, it has added additional security features for Team Drives in Google Drive, and more controls for team members who use G Suite on mobile devices.

To conclude, data loss can be a serious issue, and with the upcoming introduction of General Data Protection Regulation (GDPR), security is high on everyone’s agenda. Hence every cloud provider, including Google, is aiming to provide security services to a high standard. Google’s recent investment in security enhancements on their cloud platform is an example of that.

Rate this Article