This week, Google Cloud is holding its annual Security Summit, and unsurprisingly, the firm is launching a few new security features during the event. This year’s announcements are focused on software supply chain security, Zero Trust, and tools to make Google Cloud’s security capabilities more accessible to businesses.
It’s no surprise that this year’s conference will focus on software supply chain security. It’s been the subject of White House summits as a result of recent high-profile attacks, and just last week, a group of companies including Google, Amazon, Ericsson, Intel, Microsoft, and VMware pledged $30 million to work with the Linux Foundation and Open Source Security Foundation to improve the security of open-source software.
Google Cloud announced the debut of its Assured Open Source Software service at today’s Summit, which allows businesses and government agencies access to the same validated open source packages that Google employs in its projects. These packages are scanned, analysed, and fuzz-tested for vulnerabilities on a regular basis, according to the company, and built with Google Cloud’s Cloud Build service with evidence of SLSA compliance (SLSA stands for “Supply-chain Levels for Software Artifacts,” a framework for safeguarding artefact integrity across software supply chains). Google additionally signs and distributes these packages using its secure registry. According to Google’s statement today, “Assured OSS helps organizations reduce the need to develop, maintain and operate a complex process for securely managing their open source dependencies.”
BeyondCorp Enterprise Essentials, a new edition of Google Cloud’s BeyondCorp Enterprise Zero Trust service, will “help organizations quickly and easily take the first steps toward Zero Trust implementation,” according to the company. It contains features such as context-aware access controls for SaaS apps and other SAML-connected services, threat and data security capabilities, and data loss prevention, malware, and phishing protection in Chrome, according to the company.
Finally, Google has developed a new Security Foundation solution for businesses, aimed at making it easier for them to utilise Google Cloud’s security features. It joins Google’s other pre-built solutions, which have previously focused on specific industries (retail, media and entertainment, financial services, etc.) rather than this more generic security-oriented package. “This solution is aligned to our Google Cloud Cybersecurity Action Team’s prescriptive guidance, which is codified in our Security Foundations Blueprint, so you get the controls you need for data protection, network security, security monitoring, and more to help make your deployments secure from day one — and to do so more cost-effectively,” Google explains.