Google Cloud beefs up security on GCP, G Suite and more in major update

Google Cloud has unveiled major security revamps to its portfolio, across Google Cloud Platform (GCP), G Suite, Chrome Enterprise, and more.

The company has made 20 announcements in total in conjunction with the CEO Security Forum in New York. GCP had no fewer than eight notes, with alpha services around security perimeters and cloud asset management the highlights.

VPC Service Controls aims to stop identity mismanagement, misconfigured policies and compromised virtual machines by creating a security perimeter around data stored in API-based Google Cloud Platform services, such as Google Cloud Storage and BigQuery.

This is a serious update as many data breaches happen accidentally based around seemingly negligible setup errors. “By expanding perimeter security from on-premise networks to data stored in GCP services, enterprises can feel confident about storing their data in the cloud and accessing it from an on-prem environment or cloud-based VMs,” Jennifer Lin, director of product management at GCP Security and Privacy wrote in a blog post.

Cloud Security Command Center, by contrast, lets users go through a variety of security options through a single centralised dashboard, from monitoring their cloud inventory, scanning storage systems for sensitive data, and reviewing access rights across critical resources.

Other GCP updates include Cloud Armor, a DDoS and application defence service, as well as partnerships with Dome9, RedLock, and Rackspace. The latter is offering managed security and compliance assistance services for Google Cloud; the company said it was ‘well positioned to deliver solutions for customers’ infrastructure and security needs’ as more organisations move to GCP to run critical workloads.

G Suite, Google’s productivity and collaboration toolkit, is seeing updates including stronger mobile management, built-in protections for Team Drives, and greater anti-phishing support. The latter includes provisions that can be set by default, including automatically flagging emails from untrusted senders and warnings against opening emails from similar domains or that appear to spoof employee names. Google claims its protections lead to 99.9% of what it calls BEC scenarios – business email compromise – being either flagged up or spammed out.

For Chrome Enterprise, the key announcement was around expanding partnerships with enterprise mobility management (EMM) providers, helping IT admins manage and implement security policies across every device in an organisation. The new partners, joining VMware AirWatch from last year, are Cisco Meraki, Citrix XenMobile, IBM MaaS360, and ManageEngine Mobile Device Manager Plus.

Google all but said earlier this week that it was going to push out a variety of security updates, with Urs Holzle, senior vice president for technical infrastructure, writing in a blog that ‘more than ever, it’s important for companies to make security an utmost priority and take responsibility for protecting their users.’

This was backed up by a further missive yesterday from Gerhard Eschelbeck, VP of security and privacy. “It’s been our belief from the beginning that if you put security first, everything else will follow,” Eschelbeck wrote. “We continue to develop new ways to give our customers the capabilities they need to keep up with today’s ever-evolving security challenges.”

Earlier this month Google announced its App Engine and Cloud Machine Learning Engine were HIPAA-compliant – or the nearest thing to it, a HIPAA Business Associate Agreement. Around the same time, it was revealed that Spotify and Apple were both Google Cloud customers. The former’s disclosure was noted in its initial SEC filing; however it has been since updated to note that the music streaming service provider is paying €365 million (£317.6m) to Google over three years.