Google Cloud is hosting its annual Security Summit this week, and unsurprisingly, the firm is launching a few new security features. This year’s announcements are focused on software supply chain security, Zero Trust, and tools to help organizations implement Google Cloud’s security capabilities. It comes as no surprise that software supply chain security will be discussed at this year’s gathering.
Because of recent high-profile attacks, it has been the focus of White House summits, and just last week, an industry group comprised of Google, Amazon, Ericsson, Intel, Microsoft, and VMware pledged $30 million to work with the Linux Foundation and Open Source Security Foundation to improve open-source software security.
Google Cloud announced the debut of its Assured Open Source Software service at today’s Summit, which provides companies and government users with access to the same validated open-source packages that Google uses in its projects.
According to the company, these packages are scanned, analyzed, and fuzz-tested for vulnerabilities on a regular basis, and they are built with Google Cloud’s Cloud Build service with evidence of SLSA compliance (SLSA stands for ‘Supply-chain Levels for Software Artifacts,’ a framework for safeguarding artefact integrity across software supply chains).
Google additionally signs and distributes these packages using its secure registry. “Assured OSS helps organizations reduce the need to develop, maintain, and operate a complex process for securely managing their open source dependencies,” Google explains in its announcement today.
Also new today is BeyondCorp Enterprise Essentials, a new edition of Google Cloud’s BeyondCorp Enterprise Zero Trust solution that promises to “help organizations quickly and easily take the first steps toward Zero Trust implementation.”
In addition to data loss prevention, malware and phishing protection in Chrome, the company claims it contains context-aware access controls for SaaS apps and other SAML-connected services, as well as threat and data protection capabilities.
Finally, Google has introduced a new Security Foundation solution for organizations, with the goal of making it easier for them to utilize Google Cloud’s security capabilities.
It joins Google’s existing ready-made solutions, which have previously focused on specific businesses (retail, media and entertainment, financial services, etc.) rather than this more generic security-oriented package. “This solution is aligned to the prescriptive guidance from our Google Cloud Cybersecurity Action Team and codified in our Security Foundations Blueprint, so you get the controls you need for data protection, network security, security monitoring, and more to help make your deployments secure from day one–and to do it more cost-effectively,” Google says.
To read our blog on “Google and Samsung have partnered to make it simpler to sync fitness data across applications,” click here