A 2016 Spotlight report indicates that 53% of companies migrate through cloud infrastructures because of security issues. In recent years, IaaS suppliers have been developing new services to reassure their customers. Currently number 3 in the cloud vendor market as an IaaS provider, Google Compute relies on the Gmail experience and search engine to carry out its security policy. In particular, the following points can be highlighted:
- An important security team
750 experts in information, application and network security work on Google infrastructures to ensure that no security breaches can be exploited.
- The Data centers physical security
All data centers must be protected to avoid “to the source” attack. To do this, Google uses several levels of protection and resources of defense: tailor-made electronic access cards, alarms, barriers to control vehicle access, security fences, metal detectors and biometric technologies.
- Servers and software stacks security
Servers and software stacks were designed specifically to enable Google to better manage their security. The servers standardization and the ownership of the entire stack increase their intervention ability.
- An enhanced data access control
Staff access to data follows the "least privilege" rule. So, they only have access to the data they need. Any staff member requesting access to the data must authenticate using personal public key certificates which have limited duration. These certificates emission, on the other hand, is protected by two-factor authentication.
- A highly supervised data destruction
Data that needs to be deleted are erased according to a precise protocol with the intervention of a person with specific rights. A double check is performed to ensure that all data are deleted. Finally, audits are carried out weekly to ensure the proper application of these safety procedures. Google teams put everything in place to ensure the security of the Google Cloud Platform. However, users should not forget that using the Cloud leads to a sharing of responsibilities. Google protects the resources it makes available and its users also have a role to play.
Google Cloud Platform security: the available bricks
Google put in place a strictly securing policy of its infrastructure. But can its customers use Google Cloud Platform without risk?
The answer is clearly no, because some of the cyber-attack risk is related to companies using Cloud resources. Indeed, users will deploy assets, servers, applications, services on their clouds and will be solely responsible for their management and configuration.
To help them secure their Cloud Workloads (applications, services …) Google has developed solutions such as:
- Google Cloud Logging and Google Cloud Monitoring: enable to collect and easily analyze query logs and supervise the infrastructure services availability.
- Cloud Security Scanner: helps users identifying the most common vulnerabilities on their Web applications, in particular the cross-site scripting (XSS) and mixed content presence.
- Cloud Compute Engine: allows to keep the operating system and the virtual machines applications up-to-date by installing the latest security patches published by Google.
The Cloud security, companies responsibility
All the solutions offered on the Google Cloud Platform are necessary to ensure the security of its infrastructure. However, we observe that networks managers and IT teams have difficulty to obtain an overall view of their security level.
Indeed, the ease of deployments leads to a decrease in the DevOps vigilance. Few of them are correctly following the Google good practices of security. They can not be specialized in this constantly evolving environment, with the deployment of more and more new services and Workloads. So they need a solution that will help them keep track of their level of risk in real time.
This is why we have developed Elastic Workload Protector, a solution for continuous analysis of the cloud environments risk level. It enables to detect all infrastructure and applications vulnerabilities (more than 50 new vulnerabilities on average are detected every day in 2017).
In particular, it responds to the needs of the CISOs on:
- The infrastructure visibility: our self-discovery technology allows to identify the entire company assets. There is no longer Shadow IT risk.
- The overall level of security: our risk indicators facilitate communication between the CISO and the management. They are adapted to the different interlocutors while being complete and customizable.
- The need of having an evolving product: As the Cloud environments are constantly evolving, our solution automatically integrates all the new assets deployed.
- A continuous security: our analyses allow to trace in real time any new vulnerability or configuration error thanks to an alarm system.
To know your Google Cloud Platform security level, try for free our Elastic Workload Protector solution.