All about Google's Enhanced Cloud Security Tools

By Enterprise Security Magazine | Friday, November 30, 2018

Google’s announcement of a new set of tools and capabilities for its Google Cloud Platform (GCP) paired with the availability of several new products and features within was aimed at enhancing its cloud security environment.

Security teams believe the implementing new controls and processes might help lock down the security in virtual machine instances and containers both internally and in the cloud. This is a long-standing issue in the cloud because of the dearth of cloud-native tools and all-around access to the environment.

Let’s have a look at the tech giant’s bevy of new security features for GCP that will help customers improve Google cloud security for virtual machines and containers.

Cloud Armor

A Distributed Denial of Service (DDoS) and application defense service, Cloud Armor employs the same infrastructure and technologies utilized by Google to support its popular services that include YouTube, Gmail, and Search.

VPC Service Controls

Google considers its new VPC Service Controls to be the first to deliver virtual security perimeters for API-based services with flexibility, simplicity, and speed. They create a security perimeter around user data stored in API-based GCP services such as Bigtable, BigQuery, and Google Cloud Storage, working as an extra wall of protection for users’ data.

Access Transparency

To help users keep an eye on all the activity surrounding their data, the Access Transparency tool provides users with an audit log of every authorized administrative access from Google Support and Engineering.

Cloud Identity

A self-proclaimed Identity-as-a-Service platform, Cloud Identity’s used to be a built-in security service that organizations used for managing the users and groups that require access to their GCP resources. They offer that now as a standalone product.

Cloud Security Command Center

Currently, in alpha testing, the new Cloud Security Command Center tool equips users with the ability to view and monitor a full inventory of their cloud assets. Simultaneously, the tool delivers important security tasks such as storage systems for sensitive data, review access rights to users’ critical resources, and detect common web vulnerabilities.


Cloud Data Loss Prevention (DLP) API is a managed service meant to help organizations with better management of sensitive and personal identity data. After its update, the enhanced service is available for all users to help them classify and cover up sensitive elements in structured and unstructured data.

Weekly Brief