Google knows that if enterprises are going to move their critical services to its cloud, then it has to offer something that AWS doesn’t. At Google Cloud Next, the company’s leadership made the case that Google Cloud was the most secure cloud.
At the conference this week, Google unveiled tools that would let IT teams provide granular access to applications, better manage encryption keys, and enforce stronger authentication mechanisms for applications running on Google Cloud. While Google is just playing catch-up to Amazon with the Key Management System for GCP, it is stepping into uncharted territory with Data Leak Prevention API by giving administrators tools that go beyond the infrastructure to protect individual applications. Google is tackling the identity access management challenge differently from Amazon, and it will be up to enterprises to decide which approach they prefer.
Google is clearly looking at security as the way to differentiate itself from other cloud infrastructure providers. It isn’t protecting only the underlying hardware and virtual machines; it will protect the applications running on them, too.
Protecting sensitive data everywhere
The DLP API, now in beta, will let IT teams identify and redact any piece of sensitive information that may be in applications running on GCP. The DLP technology performs deep content analysis to find matches against the list of more than 40 sensitive data types, such as credit card and account numbers or contact information, and it lets administrators decide how best to protect that information. The screenshot in the blog post announcing the new security features shows how DLP API redacts information in a document, such as a person’s name, email address, and mobile phone, Social Security, and credit card numbers.
Administrators can decide the level of protection applicable for each data type. With OCR, administrators can also manage content stored in images and text.
The key differentiator for Google is the fact that DLP API for GCP is an extension of DLP for Gmail, originally launched in 2015, and DLP for Drive, announced back in January. The combination of the three tools gives IT administrators the ability to write policies that can consistently manage sensitive data across all the platforms: applications running on the cloud infrastructure, messages stored in Gmail, and documents stored in Drive.
Google is providing enterprises with security tools to protect the data on applications running within its cloud. Amazon, while it has invested in data protection, has focused on the server and block storage level.
Control who can access the applications
Right now, IT teams that want to control access to applications rely on VPNs, but that tends to be an all-or-nothing approach. Users who have valid VPN credentials get access to all the applications. Applying more granular access controls has always been a challenge, and when employees are always moving and working on untrusted networks, the VPN becomes an inefficient method to manage access.
Sign up for Computerworld eNewsletters.