Google Cloud is holding its annual safety event, Google Cloud Security Summitfocused this time on the development of its invisible security offer for users, which means that it will focus its efforts on increasing security in the tools and services that are used most by business customers. An example of this is the news that it has just presented, focused on the securitization of open source software and the acceleration of the adoption of Zero Trust architectures.
The first one is Assured Open Source Software (Assured OSS), whose function is to make it easier for companies to secure the management of their open source dependencies. That is, in giving facilities to companies to secure their open source supply chain. As they assure from Google Cloud, through Assured OSS, companies that use open source software will be able to incorporate the same OSS packages that Google uses in their own environments.
Packages curated by Google are regularly scanned for security issues and flaws. They are also analyzed and tested for vulnerabilities. They are distributed from the Artifact Registry manager, which is protected and secured by Google. Currently, there are about 500 open source software packages available through GitHub. If all goes according to Google’s plans, Assured OSS will be available in a trial version throughout the third quarter of 2022.
Regarding the adoption of Zero Trust, Google has presented BeyondCorp Enterprise Essentials, a package designed to help companies start deploying Zero Trust environments. This solution offers environment-aware access controls for SaaS applications, or for any connected app through Security Assertions Markup Language (SAML), an XML-based protocol that supports real-time authentication as well as authorization through federated web service environments.
In addition, it incorporates threat and data protection features such as data loss prevention, malware and phishing protection, as well as URL filtering. All built into the Chrome browser.
BeyondCorp Enterprise includes an application-client connector, which can simplify connections to apps running in other clouds, such as AWS or Azure, without the need to open firewalls or set up VPN connections from one site to another. The client connector allows Zero Trust access to “non-http” and “thick client” apps (fully functional computers that connect to a server) that are stored both locally and in other clouds.
In addition, Google Cloud has introduced several more security tools and services. Among them is Security Foundationdesigned to make it easier for businesses to adopt Google Cloud security features, and gives customers access to Google’s guidance on setting up data protection, network security, and network monitoring, among other features.
The company has also announced new custom screening features for Google’s risk management platform, Security Command Center. With them, customers can add their own detection rules, and perform configuration checks based on specific needs.
