Google Cloud Touts New Security Services, Provides Future Roadmap


Google Cloud introduced new security services including a beta release of Web Risk API March 6 that it said were designed to “simplify enterprise threat detection and protection,” and it also provided a roadmap for the platform’s future themes and direction.

Pointing to the “rapid pace of innovation” that’s being seen in the industry, Rob Sadowski, Google Cloud Trust & Security marketing lead, pointed out during a Google Cloud Security Talks online conference that his company made more than 200 security-related announcements last year.

He singled out the three “security fundamentals” for Google Cloud: Protection, via a core infrastructure designed, built and operated to help secure and prevent threats; control, with security controls to help meet policy, regulatory and business objectives; and making compliance easier for customers to meet Google Cloud’s responsibilities.

Announcing the beta release of Web Risk API, the company said it’s a new Google Cloud service designed to keep users safe on the web. “With a simple API call, client applications can check URLs against Google’s lists of unsafe web resources, including social engineering sites such as phishing and deceptive sites, and sites that host malware or unwanted software,” Google Cloud said on its blog. It added: “With the Web Risk API, you can quickly identify known bad sites, warn users before they click links in your site that may lead to infected pages, and prevent users from posting links to known malicious pages (for example, adding a malicious URL into a comment) from your site.”

Web Risk API includes data on more than 1 million unsafe URLs that the company is keeping “up-to-date by examining billions of URLs each day, and is powered by the same technology that underpins Google Safe Browsing,” the company said, adding: “Safe Browsing protections work across Google products to help protect over three billion devices every day across the Internet. Our Safe Browsing engineering, product, and operations teams work at the forefront of security research and technology to build systems that protect people from harm, and now, the Web Risk API lets enterprises use this same technology to protect their users.”

Also new is Cloud Armor, a Distributed Denial of Service (DDoS) defense and Web Application Firewall (WAF) service for Google Cloud Platform (GCP), that’s based on the same technologies and global infrastructure that the company uses to protect services including Search, Gmail and YouTube, it said. Cloud Armor is now generally available.

Cloud Armor mitigates infrastructure DDoS attacks, according to Sadowski, adding it also defends against application level attacks, gives users the option to allow or block traffic with predefined and custom rules, and integrates with a “rich ecosystem” of security partners.

Noting that the protection of sensitive data is a huge priority for organizations, Google Cloud pointed out that encryption is a key way to help overcome that challenge. “Many security-sensitive organizations deploy hardware security modules (HSMs) to add extra layers of security to their crypto operations,” the company said, but noted that “deploying, configuring and running HSMs can be hard.”

To help, Google Cloud announced the general availability of Cloud HSM, its new managed cloud-hosted HSM service that it said enables users to protect encryption keys and perform cryptographic operations in FIPS 140-2 Level 3 certified HSMs. It’s already been available in several locations across the U.S. and is now available for GCP customers in multiple locations in Europe as well, Sadowski told viewers, adding more regions will get it over time.

Sadowski went on to provide the GCP roadmap, saying it plans: Additional data protection options and controls; increased visibility and transparency; Google-powered security products; and the deepening of its partner integrations.