Security fears have been associated with cloud computing ever since it began, and for the most part those fears have been unfounded: the big cloud providers are way better at security than your average enterprise. Still, there’s always more to be done, and Google and Microsoft unveiled new services this week to give customers additional peace of mind.
On Friday, Google and Spotify announced that their security teams had come together to release a set of open-source tools for Google Cloud Platform (GCP) customers to “help give security teams the confidence and peace of mind that they have the appropriate security controls in place across GCP,” Google said in a blog post. The new project is called Forseti Security, and it helps developers and security teams work together to make sure a group’s security protocols are followed at each step of the cloud development phase, not just tacked on at the end.
And on Thursday, Microsoft announced that it has developed a method for protecting data while it is being used, encrypting that data in a secure enclave that means even Microsoft can’t see exactly what’s inside that enclave while running on its Azure services. This protects Azure customers from unauthorized data access by attackers who have stolen log-in credentials or exploited bugs in cloud software, the latter of which is believed to have led to the epic Equifax event.
Both moves are a sign that cloud companies are still facing a little pushback from some potential customers worried about security concerns or who are required by law to protect data with specific approaches. This includes financial institutions, health care providers, and others that would love to put some of their workloads in the cloud but can’t afford to make a single security-related mistake.
And while all three big public cloud providers have world-class security teams protecting their main servers, configuration mistakes made by customers can render that expertise moot, as we saw earlier this year with a Verizon breach that was the result of a contractor leaving customer data on an unsecured Amazon Web Services server. Anything that makes cloud security easier will be welcomed by current and future customers alike.
