When selecting a cloud provider, customers often face a gray area regarding data security practices, says Cloudreach Principal Cloud Security Consultant Jake Necessary.
In a May 2020 webinar, we shared our experience with Google Cloud’s zero-trust cloud security model at Cloudreach, which has twice been named Google Security Partner of the Year.
This re-cap provides an overview of some of the key aspects of Google’s security program, highlighting differentiators and practices.
Trust and Cloud Data Security
Data security tops the list of concerns for customers of cloud service providers. Also making that list? Trust as a Service (TaaS), a newer acronym that refers to third-party endorsement of a provider’s security practices.
Key influencers of a customer’s trust in their cloud include:
- Data location
- Investigation status and location of data
- Data segregation (keeping cloud customers’ data separated from others)
- Privileged access
- Backup and recovery
- Regulatory compliance
- Long-term viability
Trust is a shared responsibility that must develop between any customer and cloud provider and should be based on a “Zero Trust” model. The concept that businesses should not trust any entity inside or outside their organization and should require verification before authorizing any request for access to its networks.
Why Should You Trust Google Cloud for Cloud Security?
So what is Google doing to earn customer trust? From a fundamental perspective, Google designed its cloud platform around customer expectations:
- Delivery of Services and Data: Ensuring that people with the correct identity and the right purpose can access needed data every time.
- Prioritization and Focus: Google has placed access and innovation ahead of threats and risks, meaning that as products are innovated, security is built into the environment. If the customer suspects that a focused threat exists, it won’t be deployed.
TaaS Endorsements: You Don’t Just Have to Take Google’s Word for It.
It’s worth mentioning here that Google has earned approval from dozens of third parties, including professional certification organizations, accreditation bodies, and government agencies in the United States and abroad, have validated Google Cloud’s security measures.
High-Level Principles Guiding Google Cloud Security
As a cloud services provider, Google operates data security with the ultimate goal of reducing the unverifiable trust surface.
- Strong Cryptographically Secured Identities: Being identity-aware applies not only to users, but also devices, machines, services and code. In the context of Google Cloud security measures, being “identity aware” means combining all these features to produce a resulting identity.
- Establishing Security Provenance and the Hardware Root of Trust: Before you can trust a provider, you need to be able to trust the chip. Google has built a hardware root of trust into its environment, engraining security from chip to surface – data center, servers, storage, network – which helps secure the environment in an almost physical way.
Establishing Real Transparency: Visibility and Control Activities
Ensuring strong visibility and control of data is an important concept in validating the trust of any cloud provider, and Google provides multiple “panes of glass” in this area.
Having good visibility begins with Google’s Cloud Security Command Center, which provides the ability to review a range of pertinent information to help understand who’s been accessing the environment and why.
Likewise, Google is committed to data classification policies, which are central to visibility and control – and which many organizations lack.
Classifying levels of data (e.g., PII, PCI, company confidential) guides the formulation of strict access controls to help protect data as it’s moved into the cloud. As access is granted through applications and specifically to user devices, a classification system helps limit exposure to exfiltration. It can also help answer the first question asked in the case of a data breach: What data has been exfiltrated?
Understanding the level of access transparency on the part of any cloud provider is crucial. Google ensures a high level of transparency by using these controls:
- Limited data center access from a physical standpoint, adhering to strict access controls
- Disclosing how and why customer data is accessed
- Incorporating a process of access approvals
Multilayered Security for a Trusted Infrastructure
To establish a trusted infrastructure, it’s important for cloud services provider customers to understand how each layer of infrastructure works and build rules into each. Google’s multilayered approach includes:
- Operational and Device Security: Google runs a 365x24x7 approach to protect operational and device security as data enters the environment.
- Internet Communication: By default, Google encrypts data at rest and in transit. Google’s process of encrypting data at rest is especially noteworthy. Data at rest is formulated into chunks. Each chunk is given a different key, and the storage device itself encrypts at the storage layer. Other controls are in place to ensure proper communication channels.
- Identity: Multiple layers of identity and building in rules for access is crucial. We are no longer in a data castle surrounded by a protective moat of firewalls. Our data is everywhere. This means we need to protect data not only with firewalls, but also with identity-aware activities and controls.
- Storage Services, Service Deployment and Hardware Infrastructure: Multilayered and multi-tiered, and supported by security by default.
Google Security Program Activities
As this graphic illustrates, from the infrastructure level to the applications and data level through monitoring and operations, security is preeminent.
The end goal of all of these activities is to arm your organization against threats that exist to data in the cloud, with measures from prevention to detection to incident response. The reality is that any data stored in the cloud is vulnerable to attack.
A Note About Compliance
While compliance programs help you assess your risk, organizations should avoid building data security plans on compliance standards alone. This promises only minimum levels of action. Rather, while a strong security program defines and enforces policies that help ensure compliance, it should be based on customized policies, activities, and controls.
BeyondCorp: Google’s Zero-Trust Model
BeyondCorp is the zero-trust security framework model implemented by Google. Its architecture relies on access controls placed on individual users and devices rather than perimeters, which removes the need for a traditional VPN. Rather, employees have secure access to internal web apps hosted anywhere.
This diagram shows the end destination – apps and data – on the right, with the path to get there flowing from the left. Device and user (on the left) are both identities with attributes that influence access authorization.
Ready for a Zero-Trust Approach?
As a Google partner, Cloudreach has helped many third-party customers implement data security programs. We can help guide you through the trust-building process, serving as a resource in navigating the complexities of providing cloud users access when and where they need it, while minimizing the threat to data security. Contact Us today to learn more.