The company may also be working on a blockchain-style digital ledger to further secure the Google Cloud
Google has introduced a range of new and upcoming security features for its cloud products, as it seeks to give enteprises confidence they can use its remote infrastructure for critical data and systems.
Separately, a report said Google is working on its own blockchain-style technology to add further security to its cloud offerings.
The updates are aimed at giving companies more visibility into the security of their cloud infrastructure and more control over it, with tools for protecting data, mitigating denial of service attacks and managing user and administrator actions.
The moves arrive during a week when the difficulties of protecting data online has been in the spotlight, with a scandal unfolding around the allegedly improper harvesting of Facebook information by British firm Cambridge Analytica.
“We continue to develop new ways to give our customers the capabilities they need to keep up with today’s ever-evolving security challenges,” said Google vice president of security and privacy Gerald Eschelbeck in a blog post.
New VPC Service Controls, currently in early testing, allow companies to extend a firewall-like perimeter into the cloud, protecting assets including cloud storage, Bigtable and BigQuery, Eschelbeck said.
It also protects communications between resources deployed in the cloud and on customers’ premises.
“By expanding perimeter security from on-premise networks to data stored in GCP services, enterprises can feel confident running sensitive data workloads in the cloud,” Eschelbeck wrote.
Cloud Security Command Centre, also in early testing, aims to give companies more visibility across all their cloud resources, including Compute Engine, Cloud Storage and Cloud Datastore, indicating what projects they’re running, the resources they’re using, where sensitive data may be located and how security settings are configured.
The dashboard makes it easier to see if the cloud deployment has changed and to identify issues such as data or settings that are accessible from the internet, or whether cloud applications are vulnerable to threats like cross-site scripting errors, Eschelbeck said.
The Access Transparency feature gives better visibility into actions taken by Google’s own engineers when they interact with enterprise workloads, providing an audit trail and allowing restrictions to be put into place.
Cloud Armour protects cloud workloads against denial of service attacks, while new updates to Google’s cloud productivity tools add default protections against phishing threats, including automatic flagging of untrusted emails that contain embedded scripts or encrypted attachments.
The anti-phishing tools also warn against emails that pretend to come from staff within the same company.
Google is working on a distributed digital ledger technology similar to the blockchain that underpins Bitcoin, and is planning to deploy it on the Google Cloud Platform (GCP), Bloomberg reported.
When complete, the technology would be used to verify transactions on Google’s own cloud and would also be offered to third parties who want to run it on their own servers, Bloomberg’s sources said.
How well do you know the cloud? Try our quiz!