Google brings Cloud Security Command Center into GA, adds new services
At the Google Cloud Next conference in San Francisco, Google rolled out several new security services and features for enterprise customers, including a number of enhancements in Cloud Security Command Center (Cloud SCC). The security management and data risk platform, which helps GCP users manage threats across services like App Engine, BigQuery, Cloud Storage and Compute Engine, is now generally available.
One new Cloud SCC feature, now in alpha, is Security Health Analytics. It automatically scans GCP infrastructure to surface problems like configuration issues with public storage buckets, open firewall ports, stale encryption keys or deactivated security logging.
Cloud SCC can now also sign up for the beta Event Threat Detection program. It scans Stackdriver logs for suspicious activity in your GCP environment, distills findings, and flags them for remediation. Some of the threats it scans for include malware, crypto mining and outgoing DDoS attacks. Cloud SCC also offers new integrations with Capsule8, Cavirin, Chef, McAfee, Redlock, Stackrox, Tenable.io, and Twistlock.
The Cloud SCC announcements were part of the announcements at Google Cloud Next that showcase the way Google is improving the security in the cloud — in other words, how Google is empowering business users to manage their own security.
According to Michael Aiello, director of product management for cloud security at Google, the company has started to think about its work in cloud security in three different categories: security of the cloud, security in the cloud and security services. Security of the cloud refers to the parts of cloud security that providers like Google should be directly responsible for. Meanwhile, security services are SaaS products that Google takes directly to market.
“Overall, the mission is to build the most trusted cloud,” he said, noting that Google launched more than 70 new or enhanced security products in 2018.
Google on Wednesday also announced Policy Intelligence, a product available in alpha to provide smart access control across CGP. One of the tools within Policy Intelligence is IAM Recommender, which uses machine learning to help admins remove unwanted access to GCP resources. Another too, Access Troubleshooter, enables security administrators to understand why requests were denied and helps modify policies to grant the appropriate access. Meanwhile, Validator enables admins to set up compliance and security guardrails that prevent admins from granting overly-permissive access.
G Suite is also getting a series of security enhancements. Access Transparency for G Suite is now generally available in G Suite Enterprise. Introduced last year, Access Transparency creates logs in near-real-time when GCP administrators interact with your data for support.
Additionally, Access Approval is now available in beta for Google Compute Engine, Google App Engine, Google Cloud Storage, and many other services. Rolled out for GCP in December, it allows you to explicitly approve access to your data or configurations — before GCP administrators look at it.
According to Aiello, Google believes this is an “unparalleled capability” among public cloud providers.
G Suite enterprise customers also now have access, in beta, to the security sandbox — a tool that executes email attachments in a sandbox environment to find out if they are malicious. G Suite also has a new security investigation tool in beta that allows admins to save and share their investigations. Additionally, the new alert center beta allows admins to indicate alert status and severity and assign alerts to other admins.