If you have been one of the biggest tech companies on the planet for over a decade, a lot of people have tried to hack your network. Google now plans to share some of the security capabilities it developed to protect its own assets with Google Cloud customers.
The company is expected to announce new access-control features modeled on its BeyondCorp remote login system as well as a version of a hardware security key that has protected Google employees from attacks for several years at Google Cloud Next Wednesday in San Francisco. Cloud customers will also be able to take advantage of new protective features for cloud virtual machines and container deployments, said Jess Leroy, director of product management for Google.
Google’s BeyondCorp system replaces traditional VPNs with the concept of a “zero-trust” network, and Google employees around the world use it to access corporate networks every day without the overhead associated with many VPN products. Google Cloud and G Suite customers will be able to use a version of this called context-aware access to control access to their Google Cloud or G Suite accounts based on location from which access is requested and the type of device being used.
It also plans to sell the Titan Security Key, a USB hardware device based around the FIDO standard that can replace two-factor authentication systems without tying access to a phone number. Earlier this week, Google told security blogger Brian Krebs that after rolling hardware security keys out to its employees, it hasn’t seen a successful account takeover involving its 85,000 employees in well over a year.
Phishing, the practice of trying to entice an email user into clicking on a malicious attachment or link, is the gateway for around 71 percent of all successful attacks, Leroy said. These attacks are surprisingly easy and hard to prevent through education alone; it’s believed that a phishing attack at Google in 2010 led to the theft of some of its valuable source code, back when the primary international cybersecurity concern was shadowy hackers working at an arm’s length from the Chinese government, as opposed to now, when the primary international cybersecurity concern is shadowy hackers working at an arm’s length from the Russian government.
Google also plans to announce that it will roll out “shielded VMs,” or protections for virtual machines during the boot process, as well as a container registry system that allows companies to double-check that they are deploying the correct container to their production environments before it is too late.
(Editor’s note: This post was updated to clarify how security keys have protected Google employees.)
