Google kicked off it's London event with a selection of exciting announcements on the 10th, including everything from organizational policy restrictions, to new security systems like the "Alert Center" for G Suite. Indeed, much of the focus of Google Next in London seemed to be around identity management and security. We've seen a stream of new updates to things like context-aware access for the Google Cloud Platform, and a secure LDAP support for apps and IT infrastructure.
According to the senior manager at Google, who took to the stage during the event, expectations in the global marketplace are changing. Today's users need agile and reliable working environments, and it's changing the way Google thinks about their control, access and security measures.
Let's get down into the details of the latest releases.
Cloud Identity for Customers and Partners
Perhaps one of the most exciting updates for Google Cloud Next in London comes in the form of the CICP service. There are three core components to the Cloud Identity for Customers and Partners solution: authentication, threat detection, and scalability.
The CICP authentication solution builds atop Google's own in-house identity technology and Firebase app development platform. This means that Google can provide a highly customizable framework that manages apps for all users signing in and signing up to the service. CICP supports primary password and email authentication, as well as social media accounts, phone numbers, and sophisticated solutions like Security Assertion Markup Language (SAML) and OIDC, or OpenID Connect.
To make the whole thing even more accessible to enterprises, Google has ensured that CICP is compatible with a wide selection of client-side SDKs on mobile and web-based platforms, as well as server SDKs like Python, Java, and Node.JS
The second pillar of CICP, the automated threat detection, uses cloud-based artificial intelligence from Google to detect suggestions that accounts may be compromised. Two-factor authentication is planned for the future, and in the meantime, enterprise-grade availability is assured. Cloud Identity originally appeared in the G-Suite a little while ago in June 2017, but it's emerging today as a standalone package for enterprise companies.
Google Cloud IAP Services
Google also used Google Cloud Next as an opportunity to build on context-aware access for administrators. The feature gives users of the Google VPC Service Controls the option to impose additional conditional policies around their Google Cloud Platform resources, APIs, G-Suite, and other third-party applications in their workflow. The context-aware access feature was introduced in July, and now, Google is bringing those features into the Cloud Identity-Aware Proxy system (IAP).
According to Google, it's all about looking at who the employee in the system is and what kind of data they're trying to access. The new IAP services are only available in Beta, but from now onwards, eligible accounts will be able to manage the access levels they provide to apps hosted on the GCP by context as well as identity.
For instance, you might decide that you want to restrict the use of your apps to people who are logging in from specific countries throughout Europe, or at certain times of the day.
LDAP in Google Cloud Identity
Another major update to the identity features in Google is LDAP. The Lightweight Directory Access Protocol is a unique internet protocol that hardware devices and applications use to analyze stored data on a remote basis. Various companies currently rely on this service, but until recently, they haven't been able to integrate their system with software-as-a-service applications.
To ensure that admins have access to the SaaS solutions they need, Google is implementing LDAP into Cloud Identity. This will allow LDAP-based applications to tap into the identity management platform in the GCP regardless of whether they've deployed their services in the cloud or on-premise. Google claims that almost any application supporting LDAP over SSL, even those with a focus on legacy ID infrastructure will be compatible with secure LDAP.
Ultimately, the LDAP in Cloud Identity update means that users will be able to use the same credentials for Cloud Identity that they rely on for services like SaaS apps and G-Suite to log into their standard applications. This also means that managers can manage the entire system in a single place.
Google announced at London Cloud Next that they'd be rolling the solution out to G-Suite and Cloud Identity customers in the weeks ahead. Though it's been tough to find this solution, Google believes that keeping identity and access secure is crucial to their users.
New Team Drive Roles and Names
In September this year, Google announced that they'd be introducing a new "Content Manager" role to Team Drives. As part of the Google Next London announcements, Google revealed that they will be taking the delivery of new roles a step further. Along with the Content Manager option, Google is also updating the names of various Team Drive membership roles. For instance:
- "Manager" will replace "Full Access."
- "Contributor" will replace "Edit Access."
- "Commenter" will replace "Comment Access."
- "Viewer" will replace "View Access."
Google Learning Center includes more information about Team Drive permissions.
A user with the new Content Manager role will have the ability to reorganize, edit, and delete content in Team Drives, but they won't be able to fully modify Team Drive settings or memberships. Content Manager as a role will replace the "Full Access" option for new Team Drive members. Google has also recommended that Drive File Stream Users also access the Content Manager role, as this will make it easier to manage Team Drive files with their computer's file system.
If you previously opted-in to the new changes in Google, then your migration to change users from the standard Edit Access role to Content Manager will begin soon. When Migration begins, admins and users will not get a notification, but they'll be able to see a description of their role when they look at their Team Drive membership.
Importantly, Google has outlined that external users who aren't members of Team Drives in the organization will not be migrated unless they're also added to a group with internal users. If your users belong to a group with internal users, then the full selection of team members will be migrated, and everyone will have access to the Content Manager role.
Diving Deeper into Google Cloud and G-Suite Security
Aside from all of the announcements surrounding identity and roles in Google, the company also took a more in-depth look at the concept of security and privacy on GCP and the G-Suite. After all, for businesses of all sizes and backgrounds, security continues to be a primary concern. With the new Google Cloud Next London policies, company administrators and leaders will be able to restrict the geographical regions where IT admins can create GCP resources, and limit which domains have access to specific GCP resources.
Protection Against Government-Backed Attacks
For G-Suite users who are concerned about their businesses being targeted by foreign governments, Google may have a new solution. The "Alert" feature initially arrived on the G-Suite as an option in August, and it's designed to trigger notifications if Google's intelligence believes that an account has been accessed by a government-backed attack. Google's Alert Centre will display warnings whenever it detects malware or phishing seeding attempts that are directed against Gmail accounts, and it tracks malicious IP addresses using machine learning.
Admins will also be able to keep a closer eye on the devices that they manage and receive warnings if the accounts have been rooted or jailbroken to support the installation of untrusted or malicious software. Warnings for government-backed attacks will now be available by default in the Alert Centre, which covers various scenarios for monitoring user accounts.
Google will also send various operational alerts through the Alert service, which includes details on the privacy and security issues that can affect G-Suite services in the organisation. The company doesn't say explicitly how it will identify a government-backed attacker, but it does say that people might be notified if they receive emails that contain attachments that have the potential to be harmful. For instance, you'll be alerted if there are links to malicious downloads or fake websites in your emails.
Google actually noted on a blog post that they're unable to reveal what caused them to recognize the presence of an attack because they b believe that criminals will take note of the information and change their tactics.
Though the Government-backed attack alerts have been available for a while, Google decided to make them "default" at Cloud Next because the team had heard that most administrators weren't aware of the option.
Bonus Update: Despite Woes Google+ Lives on for G-Suite Users
One extra announcement that arrived around Google Next London (though not at the event itself) revealed that Google+ isn't as dead and gone as we had initially thought. Despite a number of announcements discussing the end of Google+, it seems that it's not over after all. While Google+ will no longer be available to consumers, the business version of the Google Social Network will be continuing to roll out updates for the foreseeable future.
A brand-new selection of exciting updates has just appeared for Google customers, designed to make it easier for people to share information within the Google environment. Like many of the announcement revealed at Google's Cloud Next in London, the recent features for Google+ are based around giving admins more control.
Recently, Google introduced the option for admins to add bulk groups of users to their Google+ communities for instance, and those admins will soon be able to review, and moderate posts made by employees more easily too. Additionally, Google is also rolling out the opportunity to define custom streams so that employees can gain access to the right information at the right times.
Tags in Google+ will also make it easier for employees in the social network to ensure that their content is getting to the right people in the company, regardless of which group they're working in. Even if you're not sure of the names of all your coworkers in a specific organization, the Google+ updates should ensure that you get the right messages to the right people. According to a recent Google blog post, you'll be able to draft your posts soon using suggested tags like #customer-insights, or #research.
The updates coming to Google + might not be a revolution, but they're exciting when you consider the fact that we weren't sure whether the social network was going to exist anymore after this week. Google recently announced the death of the consumer version of the social channel, and the data breach that went with the decision to shut it down. Perhaps that's why so much of the focus at Google Cloud Next in London has been around security.
Delivering the Best Experience with Google
At Google Cloud Next this week, the focus has been exclusively on improving control and giving more power back to G-Suite administrators and GCP users. Currently, Google is facing a lot of competition in the cloud technology marketplace from people like Amazon, Microsoft, and Apple, and they can't afford to skimp on the services that they offer.
With the recent scandal regarding consumer data lurking in the background, it's been up to Google to prove to their business users that they can keep their data safe and secure. Fortunately, the new releases and services go a long way towards doing that. The chances are that many customers walked away from Google's Next event in London feeling a lot more comfortable about keeping their data in the cloud.
To learn more about how you can make the most of the latest features revealed at Google Cloud Next, or to ensure that your system is as secure as possible, reach out to Coolhead Tech today!