Called VPC Service Controls, the service currently in alpha, is claimed by the company to help enterprises keep their sensitive data private while using GCP's fully managed storage and data processing capabilities.
According to Gerhard Eschelbeck, VP, security & privacy at Google, the service is much like an “invisible border” around everything in an app that prevents its data from escaping, and having the power to set up, reconfigure, and tear down these virtual perimeters at will.
“You can think of it like a firewall for API-based services on GCP. Well-defined VPC service controls can give admins a greater level of control to prevent data exfiltration from cloud services as a result of breaches or insider threats,” he said.
Using the managed service, enterprises can configure private communication between cloud resources and hybrid VPC networks. By expanding perimeter security from on-premise networks to data stored in GCP services, enterprises can feel confident running sensitive data workloads in the cloud, added Eschelbeck.
He said that the service gives admins even more precise control over which users can access GCP resources with Access Context Manager. Enterprises can create policies to grant access based on contextual attributes like user location, IP address and endpoint security status. These policies help ensure the appropriate level of protection is in place when allowing access to data in cloud resources from the Internet.
Google also announced its new Cloud Security Command Center, currently in alpha. This is a security and data risk platform for GCP that helps enterprises gather data, identify threats, and act on them before they result in business damage or loss.
Eschelbeck said that this service gives enterprises consolidated visibility into their cloud assets across App Engine, Compute Engine, Cloud Storage, and Cloud Datastore.
“People can quickly understand the number of projects they have, what resources are deployed, where sensitive data is located, and how firewall rules are configured. With ongoing discovery scans, enterprises can view the history of their cloud assets to understand exactly what changed in their environment and act on unauthorised modifications,” he said.
“Access Transparency builds on our already robust controls that restrict Google administrator activity to actions only with valid business justifications, such as responding to a specific ticket our customers have initiated or recovering from an outage,” said Eschelbeck.
He added that these two services provide “a more comprehensive view of admin activity in your cloud environment”.
Doug Cahill, senior analyst at ESG, said that with these announcements, “Google Cloud is continuing to provide more control and insight to customers—and commendable visibility into administrative activity within their cloud environments through Access Transparency—while offering them the peace of mind that many of the fundamental aspects of security are taken care of and constantly evolving along with the threat landscape.”
Justin Day, managing director of technology service provider 6point6 Cloud Gateway, told SC Media UK that Google in reality is third at best in the cloud hosting provider, someway behind AWS and Azure. “This is more that Google is starting to innovate in security by providing a security perimeter and establishing themselves as different from the others,” he said.