(SAN FRANCISCO) - People remain a significant liability to an organization’s cloud security posture, but there are always new technologies that help IT gain more control and mitigate risks.
To that end, Google made several cloud security related announcements here on Wednesday at Google Cloud Next, from context-aware access to a physical security key designed to provide extra authentication for high-value users, including cloud admins.
With context-aware access, organizations can define and enforce granular access to GCP APIs, G Suite and other third-party SaaS apps, including the ability to specify locations by IP addresses or specify unmanaged or managed devices. One of the factors that helped Google Cloud gain recognition by Forrester was the granularity of its security controls was in a recent cloud security report.
Google is rolling out context-aware access capabilities to more services, including Cloud Identity and Access Management, Cloud Identity-Aware Proxy, and Cloud Identity.
Physical keys are one of the strongest ways to protect against unauthorized access and phishing, Google said. A physical security key could prevent an organization from being the next Timehop by providing another layer of authentication. Titan Security Key is a new FIDO security key with tamper-proof firmware developed by Google, and available immediately to Google Cloud customers. Google engineers said that most customers will put this in front of high-value applications or users.
Having increased visibility and control over access is a key way for IT admins to secure cloud environments. On Tuesday Google announced geo-based access control for Cloud Armor, which allows users to control access to services based on the geographic location of the client trying to connect to the application. The feature is available now in beta.
Also on Tuesday Google announced the beta of Shielded VMs, which help users ensure VMs have not been tampered with, and allow users to monitor and react to changes. The VMs have a set of security controls that defend against rootkits and bootkits, and protect against threats like remote attacks, privilege escalation and malicious insiders.
For customers looking for help getting their HIPAA compliance, Google announced that Cloud HSM will soon launch in beta. The managed cloud-hosted hardware security module (HSM) service allows users to host encryption keys and protect workloads without needing to manage an HSM cluster.