The new services aim to secure user safety on the web, protect against attacks and manage encryption keys.

Jeffrey Burt

March 8, 2019

5 Min Read
Cloud Security
Shutterstock

Google Cloud Platform is rolling out several new services designed to help enterprises address a number of security challenges, including keeping users safer while on the internet, protecting against targeted cyberattacks and securing sensitive data.

The three services come as businesses continue to migrate more of their applications and data to the cloud and adopt strategies where they use more than one public cloud for their workloads. Even as enterprises increasingly turn their attention to such issues as managing their multicloud environments and taking better advantage of the cost efficiencies inherent in the cloud, security continues to be a concern.

That was highlighted most recently by the RightScale 2019 State of the Cloud report from Flexera, which showed that 84 percent of survey respondents said managing cloud spend and governance were the top challenges, increases in the results from the survey a year ago. However, 81 percent of respondents – the same as in the 2018 report – put security in the No. 3 position.

“Today’s enterprises face a complex threat environment,” Jennifer Lin, director of product management at Google Cloud, wrote in a blog. “Attacks targeting users, networks, sensitive information and communications are increasing in sophistication and scale. Organizations of all sizes need advanced security capabilities that are easy to deploy and manage to help defend against these threats.”

Google-Cloud-Armor.png

Google Cloud Armor Dashboard

The new Google Cloud services include Web Risk API, which enables customer applications to check URLs against lists of unsafe web resources created by Google. According to Lin, the Web Risk API service, which is in beta, includes data on more than a million unsafe URLs. The service is powered b the same technology that is the foundation of Google Safe Browsing, which is used to protect more than 3 billion connected devices every day.

The applications leverage Web Risk API with a simple API. The service then runs a check on URLs for threats such as those that rely on social engineering like phishing or sites that host malware. The API enables enterprises to quickly identify such bad sites, warn users before they click on malicious links and keeps users from posting links to known dangerous pages.

Google’s Cloud Armor is a web-application firewall service that also protects against distributed denial-of-service (DDoS) attacks, offering Layer 3 and 4 DDoS defense, and the ability to decide based on the IP whether to block or deny traffic. It was created using the same technology that Google uses to protect such services as search, Gmail and YouTube.

Cloud Armor, which is generally available, includes a dashboard for monitoring and analyzing traffic as well as evaluating the effectiveness of the service. Users also can analyze the potential impact of proposed rules in preview mode, Lin wrote.

The cloud provider also is running out a cloud-hosted managed hardware security module service – Cloud HSM – for protecting encryption keys and performing cryptographic operations in FIPS 140-2 Level 3-certified HSMs. FIPS 140-2 Level 3 is a federal government security standard.

Agarwal-Nisha_Cavirin.jpg

Cavirin’s Nisha Agarwal

“Protecting sensitive data is a top priority for organizations, especially for those in highly regulated industries like financial services,” Lin wrote. “Encryption is a core way to help with this challenge, and many security-sensitive organizations deploy [HSMs] to add extra layers of security to their crypto operations. But deploying, configuring and running HSMs can be hard.”

The new services are “the latest examples of the public cloud providers [making it] easier to consume security tools,” Nisha Agarwal, vice president of strategic partnerships at Cavirin, which provides cybersecurity for hybrid clouds and is a partner of Google Cloud, Amazon Web Services and Microsoft Azure, told Channel Futures. “Enterprises still have concerns regarding …

… continuous visibility and compliance, as well as how best to secure a hybrid or multicloud deployment. One positive development is the availability of services that aggregate findings from multiple security services and tools, including those from third parties, such as the Google Cloud Security Command Center and the AWS Security Hub.”

Cloud customers can be overwhelmed by the “sheer volume of management and logging data, and these will help,” Agarwal said.

Dan Hubbard, chief product officer at cloud security vendor Lacework, told us that Google Cloud has been innovative regarding security at the platform level and in specific applications — and that the new services will help users. However, “to truly have security coverage across the entirety of their cloud environments, users will need something that can operate within GCP and across other cloud platforms, and with on-premises infrastructures,” Hubbard said.

The new services also come amid a strong push by Google Cloud to grow the number of enterprises in its user base in hopes of better competing against public cloud market leaders AWS and Azure. Google in November hired ex-Oracle executive Thomas Kurian to head up its cloud business and over the past couple of months has made such moves as buying Alooma, a startup whose technology was created to make it easier for businesses to move their data into the cloud, launched its Cloud Services Platform to enable enterprises to run Google Cloud services and applications in their own on-premises data centers, and rolled out a new pricing option for storing data on the cloud platform that will give businesses greater cost predictability.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like