Google Cloud bolsters security offerings at RSA – as Thales report warns of more breaches

Google Cloud has beefed up its security offerings to include greater threat detection, response integration, and online fraud prevention.

The news, announced at the RSA Conference in San Francisco, focused predominantly on enterprise security product Chronicle, which was ‘acquired’ by Google Cloud last year having been a bet of the ‘moonshot’ X R&D company.

Users will be able to target threats through YARA-L, a new rules language built specifically for modern attack behaviours, with Google Cloud promising ‘massively scalable, real-time and retroactive rule execution.’

One part of Chronicle’s development, ‘intelligent data fusion’, is also being forwarded as part of this rollout. This means companies can automatically link multiple events into a single timeline. The move is alongside security partners, with Palo Alto – announced as a collaborator for hybrid cloud platform Anthos in December – first on the list.

In terms of more general security defences, Google Cloud is also introducing an enterprise-strength reCAPTCHA product, as well as Web Risk API, both available for separate purchase. The former has recently been fortified with various bot defence systems, while the latter enables client applications to check URLs against unsafe web resources.

For Google, whose updates and iterations are mainly focused around the enterprise – the company certainly being the ‘noisiest’ of the biggest cloud providers – this aims to represent another step in the right direction.

“When it comes to security, our work will never be finished,” wrote Sunil Potti, Google Cloud VP security in a blog post. “In addition to the capabilities announced today, we’ll continue to empower our customers with products that help organisations modernise their security capabilities in the cloud or in-place.”

Alongside this, security provider Thales has reported in its latest global Data Threat study that while around half of all data is now stored in cloud environments, a similar number of organisations across various industries have suffered a data breach.

The study, conducted alongside IDC and which polled more than 1,700 executives, found that 47% of organisations experienced a breach or failed a compliance audit over the past year. Financial services firms, at 54%, suffered the most, ahead of government (52%) and retail (49%). Yet government respondents said they were the most advanced in their digital transformation strategies.

IDC noted four key strategies based on the report’s findings, with encryption at the heart of security across big data, IoT, and containers. Organisations should invest in hybrid and multi-cloud data security tools; increase focus on data discovery and centralisation of key management; focus on threat vectors within their control; and consider a Zero Trust model.

Yet the latter came with a caveat. “Zero Trust is a fantastic initiative to authenticate and validate the users and devices accessing applications and networks, but does little to protect sensitive data should those measures fail,” said Frank Dickson, IDC program vice president for cybersecurity products. “Employing robust data discovery, hardening, data loss prevention, and encryption solutions provide an appropriate foundation for data security, completing the objective of pervasive cyber protection.”

https://www.cybersecuritycloudexpo.com/wp-content/uploads/2018/09/cyber-security-world-series-1.pngInterested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.