With security concerns at an all-time high for enterprises doing business in the cloud, it’s not surprising that many of the announcements coming out of this year’s Google Cloud Next are security-related.
One of the most important security advancements announced is the addition of vulnerability scanning for Google’s Container Registry. Vulnerability scanning has become more important as more software is built based on a complex software supply chain.
“We’re seeing software built with dependencies on libraries that depend on libraries,” said Fernando Montenegro, senior analyst for information security at 451 Research. “So being able to easily scan for security vulnerabilities can help with overall security posture.”
Container Registry also includes Binary Authorization, a security control that can block deployment to production of images that fail to meet specific policies. This allows organizations much more control over what can and cannot run in production, including blocking images with unacceptable vulnerabilities, Montenegro said.
Google also announced VPC Service Controls, which allows more control over how a project is accessed. This allows administrators to define security perimeters around specific Google Cloud resources.
On the user protection front, the company announced two new services. The Phishing Protection service allows users to report unsafe URLs to Google Safe Browsing. Once reported, those URLs will join a list of those reported by other users. This will generate a warning to all users about those URLs. The other service is reCAPTCHA Enterprise, which helps identify unwanted traffic using an adaptive risk analysis engine. These services join the announcement last month of Web Risk API, which helps protect applications from malicious URLs by checking them against Google’s list of unsafe web resources.
Other announcements include:
- Event Threat Detection, a set of prevention, detection and response services for Google Cloud
- Cloud Security Scanner, which detects vulnerabilities like cross-site scripting
- GKE Sandbox to isolate multi-tenant workloads·
- Policy Intelligence to help manage policies
Gmail also got some security upgrades, although many functions are still in beta. For example, Google is working to provide administrators with more controls for advanced anti-phishing and malware protection in Gmail. This includes placing emails into quarantine, protecting against anomalous attachment types in emails, and the ability to identify unauthenticated emails potentially spoofing your domain. Google also is working on a security sandbox for Gmail that detects the presence of previously unknown malware in attachments by quarantining them in a private, secure sandbox environment to analyze their behavior.
Taken together, Montenegro said, these announcements reflect improvements and capabilities around three areas that are key for enterprises: how to secure your own presence in the cloud, how to deploy more robust code to the cloud and how to leverage the “network effect” of your cloud provider’s broad reach to further secure your own customers.