Google Cloud Next ’22 — Security Summary
Google Cloud Next ’22 wrapped up last week, and there was a whirlwind of announcements (123!) for new features and functionality across both GCP and Workspace. Below is a quick recap of some of my favorite announcements and sessions in the security space:
Google Cloud made a number of announcements involving key networking components — here are a few of the most interesting ones for me:
- GCP introduced a new tier of firewall offerings; Cloud Firewall Essentials, and Cloud Firewall Standard. It looks like Cloud Firewall Essentials is the firewalls today that we know and love, and the new Standard offering includes dynamic rules based on Google Threat Intelligence Objects for automatically blocking access to known malicious IPs and DNS entries (which can also be tied into Cloud Armor) — it’ll be interesting to see if this is tied into Mandiant’s TI as well in the near future!
- Enhanced tuning is now available for preconfigured WAF rules. Additionally, the OWASP Top 10 preconfigured rules are now GA.
- Cloud Armor with Adaptive Protection can now automatically deploy proposed rules determined by the ML model monitoring the traffic, removing an extra step in keeping your CA-protected assets secure
Network Intelligence Center
- Network Analyzer is now GA, scanning your VPC network configurations for common security vulnerabilities and misconfigurations.
- The Network Intelligence Center is now also integrated with the Recommender API — this should help with automating remediation tasks
Software Delivery Shield
Google announced Software Delivery Shield, which is a wonderful combination of new and old products and features, stitched together to provide a comprehensive secure development environment.
- Software Delivery Shield provides an end-to-end secure development environment for Google Cloud customers, starting with Cloud Workstations that have the ability to be pre-configured with common IDEs such as Code or JetBrains, in a cluster you control and that allows for automatic shutdown due to inactivity to save costs and resources.
- From there, developers have access to Cloud Code, with the newly announced Source Protect functionality that will warn developers in the IDE itself of vulnerable dependencies or potential licensing issues, while storing their code in Cloud Code Repository
- As developers build their containers, they can pull from the newly announced Assured Open Source repositories to ensure that the libraries and packages they’re bringing in have been vetted by Google’s own security teams.
- When ready, developers can then use Cloud Build to push the container to Artifact Registry. And now, Container Analysis has expanded capabilities for on-push scanning of Maven and Go containers, as well as generating a Software Bill of Materials (SBOM)
- Cloud Deploy then checks with Binary Authorization to make sure the container meets the defined policy (example: has been scanned for vulnerabilities and has been signed by the build process) and can push the container to GKE or Cloud Run
- Lastly, teams can use the new Security Posture Dashboard in GKE to check the security posture of GKE clusters across their fleet for misconfigurations, as well as find any containers with active vulnerabilities running in the environment that may need to be updated.
This solution enables teams to develop in an environment that’s protected by Google IAM (as well as optionally using VPC Service Controls) to establish a strong code provenance and greatly reduce the risk of software supply-chain based attacks.
Google announced a number of new products and features centered around cloud security. Bringing Siemplify into Chronicle, and clearing the runway for Mandiant Threat Intelligence to be used across the security product suite are some of the more exciting announcements.
- Chronicle Security Operations is the aforementioned combination of Google’s Siemplify acquisition into the Chronicle umbrella, adding SOAR capabilities to the Chronicle portfolio. This will provide a single-pane SIEM and SOAR solution that has the advantage of leveraging VirusTotal, Google Threat Intelligence, and shortly Mandiant Threat Intelligence, creating a pretty compelling offering for Google Cloud customers and their SOCs
- Google also announced the acquisition of Foreseeti (not to be confused with the open-source Forseti Security) with plans to integrate its attack simulation and risk quantification capabilities directly into Security Command Center Premium. This is a much-desired feature for SCCP customers; understanding attack paths to critical assets can help secure them before attackers can exploit them, greatly reducing organizational risk
- Confidential Space is a new approach to allowing collaboration across private data sets while ensuring the security and privacy of each dataset. This should have a large impact in the research space across industries, allowing organizations to share limited data sets and build machine learning models for things like fraud detection, pharmaceutical research, and academic studies without violating privacy laws or compromising customer/patient data
Workspace also made a few security-related announcements
- Client-Side Encryption (CSE) capabilities are being extended to Gmail and Calendar. Previously, CSE only covered Drive and Meet
- Data Loss Prevention (DLP) is now available for Chat, allowing admins to scan and redact sensitive data that may be shared in Chats. Previously DLP was only available in Drive
- Trust Rules are available for Drive, allowing admins finer-grained control over who can share what, both inside and outside the organization
There was a lot to cover, and I’m sure I missed some of the more security-focused ones in this list. The whole list includes some exciting announcements in the data and collaboration spaces that aren’t covered here, but will be covered by my peers in future posts.
What were some of your favorite announcements from Next ‘22? Let me know in the comments!