Google Cloud is significantly expanding its so-called ‘invisible security’ portfolio. The solutions allow customers to better secure their software supply chains, embrace zero trust architectures and improve cloud governance in general.

According to the public cloud giant, the new security solutions and capabilities help customers secure their open-source software. The security of open-source software is often neglected. Vulnerabilities pop up more often than can be patched, and hackers eagerly take advantage of that fact. In 2021, the number of attacks on open-source software increased by no less than 650 percent.

Google Cloud is taking the initiative to better secure open-software solutions and applications. To this end, it recently introduced the Assured Open Source Software (OSS) service. Customers who rely heavily on open-source software are provided with the open-source packages that Google itself uses. These packages are regularly analysed and tested for vulnerabilities that have been verified by Google. In addition, these packages are distributed from an artifact registry that is secured by the cloud giant.

Zero trust architectures

Google Cloud also wants to help customers embrace zero trust architectures. To this end, its existing BeyondCorp Enterprise solution will be expanded with BeyondCorp Enterprise Essentials. This solution should make it easier to apply zero trust. It provides enterprises with context-aware control capabilities for SaaS applications, threat and data protection and URL filtering. All functionality can be integrated directly into the Chrome browser.

Furthermore, customers will soon be able to use the client connector. The client connector is a new tool that applies zero trust connectivity to applications hosted in other cloud environments, such as AWS. The release is planned for the third quarter of this year.

Cloud Governance

In the field of cloud governance, Google Cloud introduced the Security Foundation service. This should enable customers to more easily use the public cloud giant’s various security services. It also allows customers to use the expertise of Google Cloud’s Cybersecurity Action Team and a special Security Foundations Blueprint. The latter blueprint gives users access to specific control tools for data protection, network security and security monitoring.

Other security solutions

Other introductions include extensions to the Security Command Center solution, the introduction of the Google Autonomic Security Operations platform for data monitoring and a new version of Google Siemplify. Siemplify is a security orchestration, automation and response platform.

Finally, the public cloud giant presented the public preview of Apigee Advanced API Security. This solution mainly focuses on preventing and discovering misconfigured APIs and so-called ‘bad bots’, which send malicious API calls.

Tip: Google Cloud introduces PostgreSQL database AlloyDB