Google renews its cloud security pitch: If it’s good enough for Google, it’s good enough for you
As one of the most prominent tech companies of the last 25 years — and the victim of a sophisticated 2010 hack that made it re-evaluate its entire security protocol — Google intends to further emphasize its security prowess as a major selling point for its cloud services at Google Cloud Next 2019 Wednesday.
The company plans to introduce several new security features for cloud customers that aim to deliver as much of its BeyondCorp philosophy to those customers as possible. The new features include new identity-management services that ensure employees are who they say they are when accessing sensitive corporate resources and also plans to turn Android phones into security keys for two-factor authentication.
BeyondCorp was introduced internally at Google in 2011 in the wake of a hack believed to be the act of Chinese attackers working on behalf of the state. It advances the idea of “zero-trust networks,” shedding older security practices that focused on building a moat around corporate networks and embracing the notion that companies should base secure access to those networks around trusted devices, under the assumption that there’s no sure way to trust that external networks are secure.
On Wednesday, Google plans to introduce new capabilities for its cloud customers in the spirit of that approach that center around the idea of context-aware access, or the notion that “access to services is granted based on what we know about you and your device,” according to a company security web page.
Those new features include Cloud Identity-Aware Proxy and VPC Service Controls, which govern how employees can access Google Cloud resources. Those features were introduced last year but are now generally available for Google Cloud customers, and are now available as a beta service for G Suite customers.
Security has long been a top concern for companies thinking about moving their workloads to the cloud, despite the fact that Amazon Web Services, Microsoft, and Google have better security teams and technologies than all but the most paranoid corporate clients. AWS plans to launch a new security-focused conference this June in Boston to discuss similar efforts, and Microsoft also spends a great deal of time talking up its security focus as a selling point for Microsoft Azure.
Google also plans to introduce a beta feature that lets Android phones act as two-factor authentication security keys, similar to the hardware security keys it introduced last year at Cloud Next 2018. Employees with Android phones running Android 7.0 or later will be able to use their phones as two-factor authentication devices for signing into Google resources, without having to rely on shaky SMS-based two-factor authentication.