The cloud clearly provides enterprises with major advantages around IT infrastructure, user collaboration, technology innovation, and organizational efficiency. Especially with a solution like Google Cloud Platform (GCP), organizations are able to do more with their own data and the data that they transact with customers, partners, and other stakeholders. In this flexible and agile cloud environment, Google has also enacted the most effective cloud security policies and capabilities; through rigorous and continuous research and testing from 550+ of the web’s top security and cryptography experts, rigid analysis of cybersecurity trends, and deep customer engagement to understand enterprise needs, GCP has become the standard for enterprise cloud security.
A Cloud-First Mindset
CP is built on the premise that security isn’t just a one-and-done proposition. Indeed, security requires constant attention and new ways of beating the bad actors who use malware and ransomware to do harm. Google has, from inception, been dedicated to a continuous innovation mindset that enables GCP to benefit from the latest and most effective ways of thwarting malicious activity before it can wreak havoc and damage a business.
Google – An innovator in Cloud Security
Over the past two quarters, GCP has added a variety of new security features and capabilities that are built around the different parts of the cloud stack. The addition of these creates new layers around different parts of the stack. Google knows that hackers will always forge forward through the path of least resistance, and keep at their efforts until they find an opening. GCP, with this new innovative security technology, is wrapping their cloud in a way that safeguards it from potential intrusions. GCP customers are getting major benefits from these new elements:
GCP operates in an agile way so users can use data when needed, but maintain a protection layer around it in transit and at rest. With that protection, it can also allow data to interact with data from other sources (databases, applications, APIs) to deliver more useful assets to users. Key management is part of the GCP strategy because it’s all about protecting data in every part of the cloud. Especially for Google, where applications and functionality are tightly integrated and users benefit by being able to easily share the related data within them, key encryption and security is being enhanced with:
- Two-step verification: One of the best safeguards against intrusions is using a two-step process for authentication. GCP has deployed Security Key Enforcement (SKE) as a way to mandate two-step verification for any user trying to access GCP. While easy to use for those with legitimate access rights, it’s enough of an additional barrier that it will be a major help in keeping out phishers and hackers.
- Key management: Key Management Service, a tool made for GCP, enables users to manage their own encryption within their tenant without having to operate any hardware security tools or comprehensive key management systems. It provides flexibility for organizations (even at the team and individual level) to manage their key functionality, but is robust enough so those managers can deploy policies across any, or all segments of users.
Storage and hardware
The hardware products for GCP underline the comprehensive nature of the platform; the layers of the GCP cloud operate in an integrated way because Google has developed them to address security at the compute layer. These products help organizations adhere to compliance and security requirements not matter when or where the data is being used:
- Titan chip: Google has built this chip to support and facilitate all aspects of its cloud platform, from physical security of data centers to the software that drives GCP. Built in to Titan are capabilities that are able to identify and authenticate legitimate access between machines and different types of hardware.
- Secure data centers: GCP operates on servers and other hardware in physical locations that use a layered security model. This means that access to the actual hardware is managed according to strict access and authentication guidelines. Google uses important security mechanisms like access restriction, vehicle access barriers, metal detectors, full time security employees, biometrics, and other means to ensure the data within GCP is protected against live attacks.
As applications now act as the transacting mechanism for digital organizations, they are incredibly important and correspondingly highly desirable in the eyes of hackers. GCP recognizes that securing applications and the communication and collaboration abilities they have is among the first thing potential customers will want to ensure can be protected. With two new capabilities recently added to GCP, there is now a more comprehensive layer around the application layer of their cloud platform:
- Identity proxy: Google is developing an innovative new tool that will change the nature of accessing applications. The Identity-Aware Proxy (IAP) is being designed to give granular access to applications that are running on GCP. What’s so different, however is that access will be predicated on risk as opposed to the traditional VPN approach of “all or nothing”. The idea is that user identity will be assessed and will allow a new security model that gives trusted users the ability to access without a VPN.
- Sensitive data management: GCP uses a data loss prevention (DLP) API that enables scanning of sensitive data types. Users are alerted so that content owners can correct, remove, or redact the sensitive data. This is especially useful for Gmail and Drive users because it will enable them to write specific protection policies that aren’t possible in any other public cloud.
Working with SADA Systems
Security is embedded as part of GCP, which is why so many SADA customers trust it for their enterprise platform. Like Google, we recognize that security isn’t merely a wrapper around your network and applications. The very nature of the cloud encourages lots of data interacting with other, and sometimes third-party, sources, and an effective cloud platform needs to enable that while being able to defend against attacks and provide the best enterprise cloud security and compliance ability.