Google Cloud Adds to Security Services Lineup

Google Cloud Platform is rolling out several new services designed to help enterprises address a number of security challenges, including keeping users safer while on the internet, protecting against targeted cyberattacks and securing sensitive data.

The three services come as businesses continue to migrate more of their applications and data to the cloud and adopt strategies where they use more than one public cloud for their workloads. Even as enterprises increasingly turn their attention to such issues as managing their multicloud environments and taking better advantage of the cost efficiencies inherent in the cloud, security continues to be a concern.

That was highlighted most recently by the RightScale 2019 State of the Cloud report from Flexera, which showed that 84 percent of survey respondents said managing cloud spend and governance were the top challenges, increases in the results from the survey a year ago. However, 81 percent of respondents – the same as in the 2018 report – put security in the No. 3 position.

“Today’s enterprises face a complex threat environment,” Jennifer Lin, director of product management at Google Cloud, wrote in a blog. “Attacks targeting users, networks, sensitive information and communications are increasing in sophistication and scale. Organizations of all sizes need advanced security capabilities that are easy to deploy and manage to help defend against these threats.”

Google Cloud Armor Dashboard

The new Google Cloud services include Web Risk API, which enables customer applications to check URLs against lists of unsafe web resources created by Google. According to Lin, the Web Risk API service, which is in beta, includes data on more than a million unsafe URLs. The service is powered b the same technology that is the foundation of Google Safe Browsing, which is used to protect more than 3 billion connected devices every day.

The applications leverage Web Risk API with a simple API. The service then runs a check on URLs for threats such as those that rely on social engineering like phishing or sites that host malware. The API enables enterprises to quickly identify such bad sites, warn users before they click on malicious links and keeps users from posting links to known dangerous pages.

Google’s Cloud Armor is a web-application firewall service that also protects against distributed denial-of-service (DDoS) attacks, offering Layer 3 and 4 DDoS defense, and the ability to decide based on the IP whether to block or deny traffic. It was created using the same technology that Google uses to protect such services as search, Gmail and YouTube.

Cloud Armor, which is generally available, includes a dashboard for monitoring and analyzing traffic as well as evaluating the effectiveness of the service. Users also can analyze the potential impact of proposed rules in preview mode, Lin wrote.

The cloud provider also is running out a cloud-hosted managed hardware security module service – Cloud HSM – for protecting encryption keys and performing cryptographic operations in FIPS 140-2 Level 3-certified HSMs. FIPS 140-2 Level 3 is a federal government security standard.

Cavirin’s Nisha Agarwal

“Protecting sensitive data is a top priority for organizations, especially for those in highly regulated industries like financial services,” Lin wrote. “Encryption is a core way to help with this challenge, and many security-sensitive organizations deploy [HSMs] to add extra layers of security to their crypto operations. But deploying, configuring and running HSMs can be hard.”

The new services are “the latest examples of the public cloud providers [making it] easier to consume security tools,” Nisha Agarwal, vice president of strategic partnerships at Cavirin, which provides cybersecurity for hybrid clouds and is a partner of Google Cloud, Amazon Web Services and Microsoft Azure, told Channel Futures. “Enterprises still have concerns regarding …