Google Cloud Apps Admins

Using Google Cloud Platform to Banish Modern Security Threats

Written by Christopher Alghini (Senior Cloud Strategist) | August 7, 2017

Recently, many companies have been examining Cloud and the potential it might offer in terms of cost-savings and flexibility.  However, there's also an opportunity to use a Multi-Cloud Strategy including GCP for security purposes too, creating a safe infrastructure and applications.

While there are many goals and priorities to consider in security terms for a business, there are some fundamental concerns that can persist. For instance, businesses need to give the right people the right access at the right times, using infrastructure they can rely on. Additionally, they need to comply with a constantly evolving collecting of external regulations and internal policies, and they need to know how to make changes when new threats emerge.

As these challenges grow more complex, moving to the cloud becomes a more appealing option for the modern enterprise, but not just any cloud will do.

Here, we're going to examine what Google cloud has done to enhance security services for their customers by:

  • Building a secure foundation

  • Offering visibility and control

  • Innovating new products and services for the industry


Google Cloud and the "Secure Foundation"

Perhaps one of the most innovative initial aspects of the Google Cloud is the fact that it doesn't rely on the functionality of a single piece of technology for true security. Instead, security is designed using progressive layers that lead to greater protection. For instance, Hardware is built, secured, and controlled by Google, and any application that runs on their infrastructure is managed securely.

All services, users, and identities are carefully authenticated, and data stored on the Google cloud infrastructure is automatically encrypted and distributed for reliability and availability. Communications of the internet to cloud services are fully encrypted, and the scale of the Cloud infrastructure makes it easier for Google to absorb and mitigate various Denial of Service, or DoS attacks.

Google is responsible for one of the largest supporting networks in the world, and they connect data centers across the globe through thousands of miles worth of fiber optics. Third parties believe that about 25% of global traffic, if not more, moves through the Google network each day, and the brand has 100 points of presence across 33 countries, consistently growing through new regions and zones to meet the needs of new customers. Altogether, Google provides something that not only boosts latency but also improves the security of browsing and cloud usage for every business involved.

 

An Infrastructure Built for Customers

The Google hardware infrastructure was designed specifically by Google to meet with precise requirements, including the need for ongoing security. This means that the Google OS and servers are designed specifically for Google services. There are no extraneous components to worry about which might introduce security factors.

Google provides Purpose-built Everything:

  • Purpose-built servers

  • Purpose-built chips

  • Purpose-built storage

  • Purpose-built data centers

  • Purpose-built networks

By ensuring that they understand all elements of provenance all the way throughout their hardware stack, Google can control every aspect of their security needs. Separately to other Cloud providers, Google has worked to reduce the issue of "vendor in the middle" networks. This means that if vulnerabilities are discovered, they can quickly take steps to eliminate problems and deliver a new fix. This helpful level of control leads to reduced exposure to all customers.

 

Google and Complete Visibility and Control

Most other cloud providers provide optional levels of encryption. However, the approach offered by Google is something new. All communications through the web, to Google, need fully-managed TLS connections. However, once that data reaches the Google infrastructure, it's further encrypted at rest, broken down into chunks and managed with key encryption.

The result of such versatile security means that if an attacker compromises an individual key, they'd still have no way to read customer data. Additionally, because customers require different levels of security, Google offers opportunities for customers to manage their own encryption keys.

From an endpoint perspective, Google offers solutions that follow a similar multi-layered approach for security. For instance, Google devices use universally available security services, strong on-premise security primitives and constantly evolving security programs. From a browser perspective, Google offers automatic updates, networking security features, and diverse security settings.

 

Constant, Holistic Security

Because regulators and Google customers alike expect an independent verification of Google security, compliance controls, and privacy solutions, Google consistently uses third-party audits. This means that independent auditors examine all the controls present in Google infrastructure and operations. Certifications for Google include some of the most internationally accepted security standards, including:

  • ISO 27001, ISO 27017, ISO 27018

  • HIPAA

  • ISAE 3402 type II

  • AICPA SOC

  • SSAE 15 Type II

  • PCI DSS v3.1

  • FedRAMP ATO

  • Privacy Shield Framework

  • CSA STAR

Additionally, to ensure peace of mind through transparency, Google makes their security and data processing terms for the Cloud available for anyone to review through the website. Customers can access fully-detailed data processing solutions that describe a full commitment to protecting data. This solution states that Google will not process data for any purpose beyond fulfilling contractual obligations. Additionally, if customers delete that data, Google is committed to deleting the information from their services within 180 days. Ultimately, Google's security products allow customers to meet business, regulatory, and policy objectives, from access and identity management to data protection and network security.

 

Continuous Innovation in the Google Cloud

Of course, it's fair to say that the threats to security that exist within today's landscape are constantly evolving. The flexibility of the cloud makes it the perfect solution for those in need of an immediate solution for changing security standards.

Google cloud strives to seek out the most innovative solution to security programs. For instance, they've made $24.4 billion worth of security investments over the last three years. Google's "BeyondCorp" for instance, helps them to offer more secure access without a VPN. Additionally, they delivered end-point security through security features for the ChromeOS portfolio, which is highly resistant against Malware.

Ultimately, Google Cloud offers their customers a more secure solution for growth and innovation in the cloud. Every aspect of their cloud service is designed and built to deliver true defense to customers, through a rich and innovative collection of security features and controls that help customers to simplify the protection of their data in the cloud. Google delivers trust through transparency using third-party certifications and clear data management terms, and continually invest in new advancements in state of the art security.