Under armor: Google adds new cloud security controls

The first of more than 20 planned security improvements have been revealed

Numerous security enhancements are incoming for the Google Cloud Platform (GCP), as the Mountain View tech firm looks to help its customers shore up their digital defenses.

In a blog post last week, Jennifer Lin, director of product management for GCP, unveiled the first of more than 20 planned security improvements that will be implemented across Google’s cloud portfolio.

Among the list of developments outlined by Lin is VPC Service Controls, which provides an additional layer of protection to help organizations keep their data private.

Currently in alpha, VPC Service Controls creates a security perimeter around data stored in API-based GCP services such as Google Cloud storage, BigQuery, and Bigtable.

“This helps mitigate data exfiltration risks stemming from stolen identities, IAM policy misconfigurations, malicious insiders and compromised virtual machines,” Lin said.

VPC Service Controls will be joined by the new Cloud Security Command Center (Cloud SCC), which will allow enterprises to view and monitor their inventory of cloud assets, scan storage systems for sensitive data, and detect common web vulnerabilities – all from a single, centralized dashboard.

Also in alpha, Lin said Cloud SCC provides “deep views” into the security status and health of GCP services.

“It integrates with the Data Loss Prevention API to help identify sensitive information, and with Google Cloud Security Scanner to uncover vulnerabilities such as cross-site-scripting (XSS) and Flash injection.”

From vulnerability scanning to active threat mitigation, Lin unveiled Cloud Armor, a distributed denial of service (DDoS) and application defense service that’s based on the same technologies used to protect a range of Google services, including Search, Gmail and YouTube.

“A sophisticated rules language and global enforcement engine underpin Cloud Armor, enabling you to create custom defenses… against multi-vector attacks,” said Lin.

Security partnerships

Google said it has been working with several security companies to offer additional solutions that complement GCP’s capabilities.

RedLock’s Cloud 360 Platform has been brought onboard to provide additional visibility and control for Google Cloud environments, while the Dome9 Arc platform has been integrated into the Cloud SCC.

RedLock and Dome9 join a growing list of Google Cloud security partnerships, including Check Point, Fortinet, and Palo Alto Networks.