Google Cloud is holding its annual Security Summit this week and unsurprisingly, the company used the event to launch a few new security features. This year, the announcements focus on software supply chain security, Zero Trust and tools for making it easier for enterprises to adopt Google Cloud’s security capabilities.
It’s no surprise that software supply chain security makes an appearance at this year’s event. Thanks to recent high-profile attacks, it’s been the focus of White House summits and, just last week, an industry group that includes Google, Amazon, Ericsson, Intel, Microsoft and VMware pledged $30 million to work with the Linux Foundation and Open Source Security Foundation to improve the security of open-source software.
At today’s Summit, Google Cloud announced the launch of its Assured Open Source Software service, which gives enterprises and government users access to the same vetted open source packages that Google itself uses in its projects. According to the company, these packages are regularly scanned, analyzed and fuzz-tested for vulnerabilities and built with Google Cloud’s Cloud Build service with evidence of SLSA-compliance (that’s “Supply-chain Levels for Software Artifacts,” a framework for safeguarding artifact integrity across software supply chains). These packages are also signed by Google and distributed from Google’s secured registry. “Assured OSS helps organizations reduce the need to develop, maintain and operate a complex process for securely managing their open source dependencies,” Google explains in its announcement today.
Also new today is BeyondCorp Enterprise Essentials, a new edition of Google Cloud’s BeyondCorp Enterpirse Zero Trust solution that promises to “help organizations quickly and easily take the first steps toward Zero Trust implementation.” The company says it includes features like context-aware access controls for SaaS applications and other SAML-connected services, as well as threat and data protection capabilities, in addition to data loss prevention, malware and phishing protection in Chrome.
Finally, Google is also launched a new Security Foundation solution for enterprises that aims to make it easier for them to adopt Google Cloud’s security capabilities. It joins Google’s other ready-made solutions, which so far have focused on specific industries (retail, media and entertainment, financial services, etc.) as opposed to this more general security-centric package. “This solution is aligned to the prescriptive guidance from our Google Cloud Cybersecurity Action Team, and codified in our Security Foundations Blueprint, so that you get the controls you need for data protection, network security, security monitoring and more to help make your deployments secure from day one — and to do it more cost-effectively,” Google explains.