Security and Governance

Google Cloud Armor: Introducing Security & Defense for Google Cloud Services

introducing-google-cloud-armorWhen you're trying to run a valuable business in the cloud era, there are a lot of different challenges you'll need to address.  If you're a mid-sized company that wants to maintain some of your on-premise equipment and investments, then you'll need to think about how you can safely create a hybrid plan for cloud adoption.

If you're a forward-thinking innovator who wants to jump into the cloud headfirst, then you'll need to make sure that you're choosing tools that are going to empower and support your cloud users with the same solutions they needed on-premise.

Whatever your road to cloud looks like, there's one consistent truth that remains the same for any organization - security will always come first.

The good news? Google Cloud Platform makes managing security as simple as possible with everything from the intuitive security command center to the brand-new Cloud Armor service.

 

What is Cloud Armor, and How Does it Protect You?

DDoS attacks or Distributed Denial of Service attacks are a common concern for today's companies moving to the cloud. Cloud Armor is Google's solution to solving the consistent threat of DDoS attacks, through high-level protection against application and infrastructure focused DDoS threats.

One of the things that makes the GCP such a great choice for companies in search of a strong security strategy is the fact that Google uses the very same technology they offer to their customers, to protect their own global infrastructure. Cloud Armor is designed using the same technologies that protect everything from Gmail, to YouTube and Google Search.

The Cloud Armor services work alongside a Global HTTP(S) Load balancer to offer in-built support against DDoS attacks, and the system benefits from more the more than ten years of experience that went into protecting some of the world's biggest online properties. Features include:

  • The option to whitelist or blacklist traffic according to specific ranges and IP addresses

  • Rich language rules so you can customize your defense strategy and minimize the risk of various attacks. (We'll come back to this feature a little later)

  • Support from a wide range of partners: Cloud Armor works alongside security offerings from a host of security partners, which leads to more comprehensive security strategies for GCP customers.

Leveraging Google for the Age of Security

Today's online users expect nothing but absolute security when they're on the web. Consumers and companies alike have a greater demand for end-to-end protection and encryption, defense against malicious attacks, and privacy support. That's why Google's cloud experts are always working to help give GCP users the next-level security they need to defend themselves against a host of ever-more threatening attacks.

In a Google Platform blog, the search giant revealed that their research into DDoS attacks over the last ten years suggests that these threats are getting bigger, badder, and more frequent all the time. That's why they're implementing next-level technology like global HTTP(S) load balancing into both the Google Cloud Platform and the systems that protect it.

 

Taking Application Defense to Scale

As mentioned above, Cloud Armor is Google's attempt to help companies mitigate DDoS attacks in a privacy and security-focused environment. With Cloud Armor, you can customize and create your own defense strategy for your internet applications. Armor sits on the edge of Google's network, blocking attacks before they ever have a chance to worm their way into your system. When you invest in Cloud Armor, you get:

  • The Cloud Global HTTP(S) load-balancing defense against DDoS attacks. By sharing resources across a host of global Google Cloud services, Google can absorb some of the biggest DDoS attacks to ensure that one customer attack doesn't impact anyone else.

  • Rich rules languages: With Google Cloud Armor, you can create your defense rules using any combination of geolocation and L3-L7 parameters. You can also access pre-defined rules offered by Google to defend yourself against SQL injections and cross-site scripting.

  • StackDriver logging: As part of the wide Google security experience, Armor comes with access to StackDriver logging, which provides companies with in-depth insight into their policies and rules, and the actions that are taken to handle each incoming request in a network.

  • Rule-based policy frameworks: You can design one or more different security policies, each with their own hierarchy of rules, and apply them to a host of services across your infrastructure. There's also IP-based access control available, so you can ensure that only the right people get access to your system.

  • Preview mode: Google Armor comes with a preview mode, so you can understand the patterns of service access in your system before you enable policies. This ensures that the right traffic sources are permitted, and anything dangerous is immediately blocked.

Cloud Armor's Secure Policy Framework

The technology behind Cloud Armor's configuration is driven by specific security policies. This means that if you want to apply cloud armor to your strategy, you need to create a new security policy for your system, add rules, and attach your policy to one or more back-end services. In other words, it acts a lot like a form of digital armor.

Cloud armor security policies are made up of multiple rules, which help to specify the parameters that the HTTPS load balancing system should look for in the traffic, and what actions they should take if the specific traffic meets those parameters. Cloud Armor allows companies to create multiple policies for every project and customize the defense for a specific subset of your backend services, according to your unique needs.

Perhaps the main thing setting Cloud Armor apart in the security space right now is the fact that it comes with a rich range of languages to choose from. With your rules language in Cloud Armor, you can customize the defenses you need to suit your own needs. Custom rules ensure that you can configure your protection to defend against specific cloud patterns that you can see in your data.

Additionally, there are pre-configured rule sets included as part of the Cloud Armor experience. The first is a cross-site scripting tool, and the second is an SQL injection defense.

 

Start Polishing your Google Cloud Armor Today

Google's next-level cloud security strategy comes connected to a rich selection of security providers who offer services to complement the cloud armor experience. These systems can be used in conjunction with cloud armor and HTTPS load balancing. You can find Google's list of security partners here.

Designed for anyone and everyone deploying internet services within the cloud, Google Cloud Armor is a fantastic step forward for cloud security. Contact Coolhead Tech today to find out more about setting up your own secure cloud strategy.

 

0 Comments