Among the world’s three largest public cloud providers, Google Cloud currently has the smallest share of the $332 billion global cloud market. However, Google continues to invest heavily in engineering and infrastructure, with the goal of creating innovative features and services that will set it apart from competitors. Google Cloud particularly emphasizes the importance of security as a differentiator. As early as 2018, Google announced that it intends to lead the cloud computing market in delivering enterprise-class cybersecurity.
Although there are many reasons you might choose GCP, including by-the-second billing, speedy, consistent and scalable performance and industry-leading big data analytics and cloud data warehousing capabilities, Google’s end-to-end security model (built on 15 years of experience protecting applications like Gmail) stands out. Whether you’re looking for a trustworthy cloud infrastructure, full-featured security product and solutions or a means of safeguarding your own software products, Google Cloud fits the bill.
Infrastructure That’s Secure by Default
Like other major cloud providers, GCP operates within a shared responsibility model. This means that Google takes responsibility for the security of the cloud, while the customer is in charge of what’s in the cloud (including data, access policies and resource configuration). Google Cloud customers rely on Google for the physical security of the data centers where their cloud workloads run, the machine-level security of the hardware and networking infrastructure, and safeguarding the virtualization layer of the multi-tenant architecture.
Google takes this responsibility seriously, delivering defense-in-depth through a progressively layered security stack that doesn’t rely on any single technology to secure the infrastructure. Standout capabilities include:
- Strong encryption for customer data at rest and in transit. All communications over the public internet to Google Cloud services are encrypted in transit. In addition, all data stored on GCP infrastructure is automatically encrypted at rest by default, using a unique encryption key that’s stored and managed within Google’s redundant, globally distributed Key Management Service.
- Custom-built data center hardware. Google Cloud data centers don’t contain commercially available, off-the-shelf hardware. Instead, the servers and networking equipment are custom-designed and purpose-built to ensure that all hardware supply-chain components come from a known, reliable source. Google servers run a specially-designed operating system (OS) based on a hardened version of Linux.
- Fine-grained access controls. GCP offers robust authentication capabilities for all identities (both human and machine) and services. Advanced tools like phishing-resistant security keys protect sensitive data.
Building on GCP: Make Application Security Part of Your Business Model
Google Cloud offers a comprehensive suite of web application and API protections that guard your apps and APIs against today’s most prevalent internet-borne threats. Google has also prioritized visibility and ease of use when building out its security controls. This helps minimize the impact of the cybersecurity skills shortage by reducing the administrative burden that security teams face.
Google’s Web Application and API Protection (WAAP) solution provides proven protection against distributed denial-of-service (DDoS) attacks, as well as fraudulent activities like web scraping, credential stuffing and exploits carried out by automated bots. WAAP includes Cloud Armor, which combines web application firewall (WAF) capabilities with the ability to filter incoming web requests. WAAP also incorporates access to reCAPTCHA Enterprise, an adaptive risk analysis engine that defends your site against bot attacks. Plus, Google Cloud’s Apigee gives your developers out-of-the-box access to features that make it easier to enforce security policies, control traffic and boost performance.
Google’s focus on security extends into the domain of security operations as well. GCP has created a modern, cloud-native set of threat detection and SecOps data analytics capabilities that are integrated within the Chronicle platform. Chronicle includes an industry-leading data lake powered by BigQuery — which can house security and telemetry data at enterprise scale — as well as a rich, semantically aware analytics engine powered by Looker. Chronicles normalizes, indexes and correlates security information to enable its nuanced search and extensive analysis.
How Cloudreach, an Atos company, Can Help
Cloudreach, an Atos company, has more than a decade of experience helping clients make the most of Google Cloud. We’ve been recognized as a Premier Partner, and we’re a three-time winner of the Google Cloud Specialization Partner of the Year Award for Security.
In recent years, we’ve worked to advance Google Cloud’s already-robust security by building solutions like the Minimum Viable Cloud for Financial Services. These solutions help our clients accelerate their journey to Google Cloud without sacrificing security. We also created a massive-scale Event Threat Detection Platform — built on GCP — for a major U.S. city. The project includes a Security Event and Information Management (SIEM) data pipeline that can log and aggregate event streams from over 400,000 devices.
Want to learn more about how Cloudreach, an Atos company can help your organization increase the speed of your migration to Google Cloud — while advancing your security posture at the same time? Contact us today.