At its second annual Cloud NEXT conference, Google announced new anti-phishing hardware and tools li
Cloud NEXT, now in its second year, is becoming Google’s go-to event for updating the world on how its cloud infrastructure is evolving. Google kicked off the conference in San Francisco yesterday with the announcement of new AI-powered tools across Docs, Gmail, and Hangouts Chat.
The conference’s second day is all about next-gen security. Google dropped more than a dozen announcements across Google Cloud Platform (GCP), G Suite, and more for IT admins and enterprise security professionals, including a new physical Titan Security Key based on its Titan chip hardware announced last year. Read on for all the latest Google security updates.
This article originally appeared on PCMag.com .
The biggest day two announcement is the new Titan Security Key, which is based on the custom Titan chip Google announced at last year’s Cloud Next conference. The low-power microcontroller was designed to establish a hardware root of trust, meaning another layer of secure authentication. The Titan Security Key is that capability made real in a physical device. The FIDO -approved security key is built with firmware developed by Google to provide a phishing-resistant second factor of authentication for IT admins and other high-value users in an organization to protect against credential theft. Jess Leroy, Director of Product Management for Google Cloud Security, said the key breaks the connection for exploits like man-in-the-middle (MiTM) attacks and can come in Bluetooth or USB versions to automatically authenticate and exchange certifications. For admins, Leroy said all they have to do is check a box in their dashboard that enables «Use Titan Security Keys for this app.» Google employees have been using the USB keys internally since last year to prevent phishing, but Titan Security Keys are available now to Google Cloud customers and will soon be available for purchase on the Google Store.
Google’s new Context-Aware Access in G Suite and Google Cloud is designed to make apps and services securely accessible for the BYOD and telecommuting crowd. The security feature lets IT define and enforce granular access policies based any attribute from a user’s device info or their location, to logging in at a particular time, from a specific range of IP addresses, or to perform a given action. Based on all that contextual data, the policy will grant or deny access. Context-Aware Access is available now in beta for GCP customers using VPC Service Controls. It’s coming soon to beta for other IT security services including Cloud IAM, Cloud IAP and Cloud Identity, though Leroy said the access policies can also be applied to G Suite and third-party apps connected to GCP.
On the virtualization front, Google announced new Shielded VMs now in beta on GCP, hardened with security controls to protect against rootkits and other remote attacks. There’s also vulnerability scanning for Google’s container registry and a new binary authorization feature both coming soon to beta for container development on GCP. Leroy said binary authorization acts as a safety net to prevent coding mistakes or malicious access for exploits like cryptocurrency mining to be pushed into Google’s Kubernetes Engine.
Cloud Next brought some G Suite security news as well. In a clear GDPR -motivated move, you can now control where your data is stored using new G Suite Data Regions. In the G Suite Security Center, there’s also a new Investigation Tool that extends some of Google’s deeper audit trail and oversight features to G Suite. Leroy said the tool gives G Suite admins the ability to visualize everything happening on the service: what users are doing, what files they’re sharing, what attacks or phishing emails they’re seeing, and triage threats by managing devices and users.
Google also gave updates on many of the security features and products announced back in March. Cloud Armor, Google’s built-in DDoS defense layer, is now in beta, while Access Transparency logs will soon be generally available to give organizations a complete audit trail of what’s happening to their cloud data. Finally, Google announced a new cloud-hosted hardware security module called Cloud HSM coming soon to beta. Leroy said Cloud HSM is a highly requested feature for organizations that need PCI or HIPAA compliance, giving them a hardware crypto module that’s custom-built and tamper-proof. If someone tries to steal the data, it’s automatically wiped.