As organizations expand their use of cloud computing services, more of their sensitive data inevitably moves to and lives in the cloud. Much of this sensitive data is unstructured and can be challenging to secure. Despite this potential challenge, the usefulness of cloud for data storage and processing is …

Google Cloud's industry-leading controls, contractual commitments, and accountability tools have helped organizations across Europe meet stringent data protection regulatory requirements for years. This commitment to supporting the compliance efforts of European companies has earned us the trust of businesses like retailers, manufacturers and financial services providers. As part of …

Corporate firewalls typically include a massive number of rules, which accumulate over time as new workloads are added. When rules stack up piecemeal like this, misconfigurations occur that, at best, create headaches for security administrators, and at worst, create vulnerabilities that lead to security breaches. To address this, we …

Like everything we build at Google, we created Google Workspace with security at its core to defend against threats and combat abuse, helping all of our users stay safe. With these protections, we enable IT admins to defend against attackers who are always looking for new vectors to exploit …

Cloud Run makes developing and deploying containerized applications easier for developers. At the same time, Cloud Run services need to be secure. Today, we’re announcing several new ways for you to secure your Cloud Run environments: Mount secrets from Google Secret Manager Use Binary Authorization to ensure you …

May is a big month for the security industry. It's been over a year since we gathered for RSA in San Francisco for one of 2020’s last major in-person events. While we likely won’t be together in person this year, it's an important time for the security …

Modern enterprises rely on vast and complex networks of technologies and skillsets to accomplish their goals. Markets are global, workers are remote, and information needs to be accessible anywhere, while remaining secure. This increasing complexity has led many enterprises to adopt a zero trust approach to security and deploy …

Securing websites and applications is a constant challenge for most organizations. To make it easier, we have introduced new capabilities within Cloud Armor over the past year that can help protect your applications. Today, we are announcing the general availability of Google Cloud Armor Managed Protection Plus. Cloud Armor …

More people than ever have been conducting more of their lives online due to the COVID-19 pandemic. This creates a new landscape for fraudsters to create and release new attacks. Research commissioned by Forrester Consulting showed 84% of companies have seen an increase in bot attacks. 71% of organizations …

Google's BeyondCorp Enterprise recently launched, offering organizations a zero trust solution that enables secure access to applications and cloud resources with integrated threat and data protection. These threat and data protection capabilities are delivered directly through Chrome, so organizations can easily take advantage of our web-based protections. Due to …

Updated for 2021 : This post includes updated best practices including the latest from Google's Best Practices for Password Management whitepapers for both users and system designers. Account management, authentication and password management can be tricky. Often, account management is a dark corner that isn't a top priority for developers …

Join us for our second Google Cloud Security Talks of 2021, a live online event on May 12th where we’ll help you navigate the latest developments in cloud security. We’ll share expert insights into how we’re working to be your most trusted cloud by covering the …

Core to Google Cloud’s efforts to be the industry’s most Trusted Cloud is our belief in shared fate - taking an active stake to help customers achieve better security outcomes on our platforms. To make it easier to build security into deployments, we provide opinionated guidance for customers …

The ongoing shift toward cloud technologies has transformed industries and continues to accelerate. This has created new challenges and opportunities for Chief Risk Officers, Chief Compliance Officers, Heads of Internal Audit and their teams. As their organizations pursue newfound agility, quality improvements to their products and services, and relevance …

One of the core benefits of using cloud technology to help modernize your security program is the ever-growing set of provider capabilities that you can use to protect your users, applications, and data. As part of our commitment to be our customers’ most Trusted Cloud, we’re constantly adding …

A fundamental security premise is to verify the identity of a user before determining if they are permitted to access a resource or service. This process is known as authentication. But authentication is necessary for more than just human users. When one application needs to talk to another, we …

At Google, we’re committed to delivering the industry’s most trusted cloud. To earn customer trust, we strive to operate in a shared-fate model for risk management in conjunction with our customers. We believe that it's our responsibility to be active partners as our customers securely deploy on …

We want to help customers use Google Cloud while trusting us less. This is the philosophy behind a lot of our security work, as we’ve described before. It’s part of our vision for a trusted cloud, our plan to build technologies and strategies that earn greater trust …

With web applications and public APIs becoming increasingly important to how organizations interface with their customers and partners, many are turning to dedicated tools that can help protect these assets. As research firm Gartner notes in its 2020 report “Defining Cloud Web Application and API Protection Services,” “By 2023 …

At Google Cloud, we work closely with customers who want to assess and verify the security of our platform. Take as an example our recent collaboration with the Collaborative Cloud Audit Group (CCAG). As our customers increased their use of cloud services to meet the demands of teleworking and …

Since I joined Google Cloud as Chief Information Security Officer three short months ago, I’ve seen firsthand the unique point of view we have to improve security for our customers and society at large through the cloud. I started in this new role as the security industry was …

Certificate Authority Service (CAS) is a highly available, scalable Google Cloud service that enables you to simplify, automate, and customize the deployment, management, and security of private certificate authorities (CA). As it nears general availability, we want to provide guidance on how to deploy the service in real world …

Organizations often have applications that run on multiple platforms, on-premises or cloud. For such applications that call Google Cloud Platform (GCP) APIs, a common challenge admins face is securing long-lived service account keys used to authenticate to GCP. Examples of such applications might include: Analytics workloads running on AWS …

An explosion of SaaS applications over the last decade has fundamentally changed the security landscape of modern enterprises. According to the Cloud Security Threat Report 1, the average organization uses hundreds, possibly upwards of 1,000 of SaaS applications, many of these unsanctioned by IT departments, and this number …

Over the course of the COVID-19 pandemic, it’s proven more important than ever for public sector agencies to embrace digital services to transform how they work and serve their communities. Operating virtually has only heightened the importance of organizational security and compliance for public sector agencies around the …