Building a slide deck, pitch, or presentation? Here are the big takeaways:
- Google Cloud Platform’s new Cloud Armor tool uses global HTTP(S) load balancing to protect against DDoS attacks and other threats.
- New VPC Service Controls in Google Cloud Platform further protect data in API-based storage and big data services.
A new security service from Google Cloud Platform (GCP) will use load balancing to protect GCP customers against distributed denial of service (DDoS) attacks, according to a Wednesday blog post from Google.
The service,called Cloud Armor, uses the same global HTTP(S) load balancing found in products like Search and YouTube, the post said. Users only need to configure load balancing for the service to be activated.
“Cloud Armor works with Cloud HTTP(S) Load Balancing, provides IPv4 and IPv6 whitelisting/blacklisting, defends against application-aware attacks such as cross-site scripting (XSS) and SQL injection (SQLi), and delivers geography-based access control,” the post said.
SEE: Cloud computing policy (Tech Pro Research)
Users can create custom defenses with Layer 3 to Layer 7 parameters, the post said. And Cloud Armor will give a breakdown of blocked and allowed traffic as it goes.
Another new security feature in GCP is VPC Service Controls, which protect the data stored in the API-based services in GCP, the post said. For services like Google Cloud Storage and BigQuery, this can protect against exfiltration if identities are stolen, IAM policies are misconfigured, and more. This could go a long way to making business leaders more comfortable with moving their data to the cloud.
Speaking of APIs, the Cloud Data Loss Prevention (DLP) API is now generally available. This allows users to better label, manage, and redact certain pieces of sensitive information, the post said.
Google also unveiled the Cloud Security Command Center (Cloud SCC), a new service in alpha that will provide an “inventory of your cloud assets, scan storage systems for sensitive data, detect common web vulnerabilities and review access rights to your critical resources,” the post said. This will bring more security transparency to services like App Engine, Compute Engine, Cloud Storage, and Cloud Datastore.
To provide more clarity on administrative access, Google also pulled the lid off of Access Transparency. This service provides audit logs of Google Support and Engineering access and why they need the access they had. Transparency is further improve with Cloud Identity, which improves the granularity to which managers can grant access to users and groups, the post noted.
GCP also received the FedRAMP Rev. 4 Provisional Authorization to Operate (P-ATO) at the Moderate Impact level (which accounts for 80% of CSP applications), and announced new partnerships with RedLock, Dome9, and Rackspace.