Two days after one of Google’s earliest employees laid down a bit of a manifesto regarding its commitment to cybersecurity, the company backed up the talk Wednesday with several new cloud-focused security products designed to give Google Cloud Platform and G Suite customers additional security options.
Two of the most prominent new security features are the Cloud Security Command Center, which organizes security-related information in a single dashboard, and VPC Service Controls, which give hybrid cloud operators a better way to extend on-premises security policies into Google’s cloud services. The company also announced some new features for G Suite administrators when it comes to locking down accounts and avoiding phishing emails.
“We believe a more secure business landscape is better for everyone, and we’ll continue to develop ways to help businesses be more secure,” said Gerhard Eschelbeck, vice president for security and privacy, in a blog post scheduled to be released Wednesday morning. The new security features come days after Urs Hölzle, employee number eight at Google and the engineer who basically built Google’s infrastructure, posted a security-related blog emphasizing that Google builds “security through progressive layers that deliver true defense in depth, meaning our cloud infrastructure doesn’t rely on any one technology to make it secure.”
Google said the Cloud Security Command Center, which is being released with the tentative “alpha” designation, allows Google Cloud customers to get a picture of their security risks across their cloud deployments. Google made sure to single out that the Cloud Security Command Center allows administrators to check for unsecured storage buckets, a problem that has dinged several Amazon Web Services customers over the past year.
The company also introduced VPC Service Controls, which give organizations operating hybrid cloud deployments alongside Google Cloud some fences to construct across API connections between their on-premises deployments and Google’s cloud servers. Google claimed it was the first cloud provider to extend this kind of security feature to “API-based services.”
Google now plans to give customers detailed logs of when Google employees must access their accounts for various maintenance-related services. “With Access Transparency, we can continue to maintain high performance and reliability for your environment while remaining accountable to the trust you place in our service,” said Jennifer Lin, director of product management for Google Cloud Platform security and privacy.
Cloudflare and other anti-DDoS (distributed denial of service) attack providers are also about to get some competition from Google, which announced plans for Google Cloud Armor alongside the other security features. Anti-DDoS services work by filtering the massive flood of traffic associated with a DDoS attack across a huge network of servers, distinguishing legitimate requests for a web site from the malicious ones.
The second major component of Google’s cloud strategy, which is generating $1 billion in revenue a quarter these days, is its G Suite office productivity software. Thanks to the prevalence of phishing attacks — attempts to get email users to click on malicious links — Gmail is a serious threat vector for companies that are using G Suite, and Google said new Gmail features would help email administrators detect emails with encrypted attachments or spoofed links.
Cloud security is a constant sticking point for CIOs stuck in an earlier era of computing, despite the fact that modern cloud providers like Google, Amazon Web Services, and Microsoft are far better at security than your average corporation. So it’s not that surprising that Google would emphasize security as it attempts to make inroads among corporate customers who see AWS as the market leader that it is, and Microsoft as an enterprise partner they’ve worked with for decades.
Google’s security team is definitely considered world-class, hardened by its experience with Chinese hackers back in 2010 who stole the company’s source code its search algorithm, easily its most precious asset. But as computing continues to consolidate in cloud data centers, the incentives for criminals to breach the defenses of those cloud vendors skyrocket.