Safeguarding your data needs a sure-fire game plan and Google Cloud continues to constantly update our products and services to help you achieve that. In the third installment of this series, let’s explore a few key launches from Google Cloud Security during the second half of 2022.
Want to check out the previous posts? Here are the links:
IAM Deny, a security guardrail to help Google Cloud customers harden their security posture at scale, is now generally available (GA). Google Cloud’s IAM Allow policy lets you grant granular access to Google Cloud resources. The more coarse-grained Deny policies let you explicitly prohibit access to certain resources regardless of existing Allow rules. IAM Deny policies always supersede IAM Allow policies and override conflicting IAM Allow rules.
IAM Deny policies manage access to Google Cloud resources based on principal, resource type, and permissions they’re trying to use. And, did you know that you could use the IAM Recommender tool to achieve the principle of least privilege?
Zero Trust certificate issuance
Zero Trust certificate issuance can be done with Google Certificate Authority Service, letting you complete a cloud migration with a zero trust posture by using a fully managed cloud-based certificate authority. So you can get Public Key Infrastructure protection for your sensitive data or workloads, while also turning down legacy on-prem solutions. Go try it yourself with a quick tutorial or watch a video to learn more.
reCAPTCHA Enterprise Mobile SDK
reCAPTCHA Enterprise Mobile SDK provides complete coverage for iOS and Android applications. Designed with digital-first and mobile-first organizations in mind, the new Mobile SDK fully integrates reCAPTCHA Enterprise’s frictionless experience on end-users’ mobile devices.
By combining both device and network signals, the new mobile SDK can better protect mobile applications from bot attacks while unlocking the full potential of reCAPTCHA Enterprise. It provides:
Frictionless customer experience — no picking fire hydrants from a grid
Easy integration to your native mobile app with support for popular frameworks like CocoaPods and Swift Package Manager
A regularly-updated device threat model to help stay ahead of attack evolution
Rapid Vulnerability Detection
Rapid Vulnerability Detection (public Preview), a zero-configuration service in Security Command Center Premium that actively scans public endpoints to detect vulnerabilities like exposed admin interfaces, weak credentials, and incomplete software installations is now available in public Preview. Try it out and find out what exploits you can stop.
Cloud Certificate Manager
Cloud Certificate Managerenables our users to acquire, manage, and deploy public Transport Layer Security (TLS) certificates at scale for use with your Google Cloud workloads. TLS certificates are required to secure browser connections and transactions. Cloud Certificate Manager supports self-managed and Google-managed certificates, as well as wildcard certificates, and has monitoring capabilities to alert for expiring certificates.
You can also scale and support as many domains as needed, streamline migrations, and automate with Kubernetes and Self-service ACME certificate enrollment. This overview article can get you started.
Chronicle Security Operations
Chronicle Security Operations brings together the capabilities that many security teams depend on to identify and respond to threats quickly. It unifies Chronicle’s security information and event management (SIEM) tech, with the security orchestration, automation, and response (SOAR) solutions from our Siemplify acquisition and threat intelligence from Google Cloud.
This includes integrated alert management between Chronicle SIEM detections and Chronicle SOAR threat-centered case management, for a more streamlined investigation experience. It also has pre-packaged response playbooks to Google Cloud-based alerts surfaced by Security Command Center, which can speed up resolutions and reduce manual effort. Learn more and find out how to activate it.
Software Delivery Shield
This is a fully-managed software supply chain security solution that offers a modular set of capabilities to help equip developers, DevOps, and security teams with the tools they need to build secure cloud applications. It spans across multiple Google Cloud applications.
Software Delivery Shield includes capabilities across five different areas to address security concerns along the software supply chain: application development, software “supply,” continuous integration (CI) and continuous delivery (CD), production environments, and policies. It also allows for an incremental adoption path, so organizations can tailor the solution to their specific needs, choosing the preferred tools to start with based on their existing environment and security priorities.
Try the solution to leverage the best practices on how to develop securely in Google Cloud.
Fancy some quick hands-on tutorials? Try one of these and send us feedback:
And that’s a wrap!
See you in the next de-ciphering of #SecurityRoundup.
Cloud BlogRead More