Managing and auditing data access can be very complex at scale, in particular, for a fleet of databases with a myriad of users. Today, we are introducing IAM group authentication for Cloud SQL. With this launch, you can take advantage of better security, simplify user management and database authentication …
Introduction Terraform Cloud (TFC) can help manage infrastructure as code (IaC) development for large enterprises. As the number of Google Cloud projects grows, managing access controls for Terraform Cloud projects and workspaces can become complex. Don't worry, we have a solution that is designed to be more secure than …
Workforce Identity Federation allows use of an external identity provider (IdP) to authenticate and authorize users (including employees, partners, and contractors) to Google Cloud resources without provisioning identities in Cloud Identity. Before its introduction, only identities existing within Cloud Identity could be used with Cloud Identity Access Management (IAM …
Join us as we build on the concept and use cases of Workload Identity Federation, showcasing the security benefits of "keyless authentication.” We will dive into how Workload Identity Federation can be used in the context of CI/CD pipelines and tools that are commonly found in enterprise environments …
More and more organizations are building applications on Cloud Run, a fully managed compute platform that lets you run containerized applications on top of Google’s infrastructure. Think web applications, real-time dashboards, APIs, microservices, batch data processing, testing and monitoring tools, data science inference models, and more. Today, we're …
Building your cybersecurity product’s data platform to automatically process massive volumes of data and deliver high-speed search, rich contextual insight, threat detection, and context-aware response automation can be difficult, even with modern day data lakes. One option to avoid the challenges of data lakes and enable your engineers …
Dev : "I need that library's functionality for the new feature!" Sec : "I can't approve it if I don't know that it's safe to deploy!" Dev : "And when will we know?" Sec : "My queue is 11 weeks long...." The most contentious conversations between security and development teams often involve the …
While technology organizations seem to be in agreement regarding the necessity of well-structured Identity and Access Management (IAM) for securing their cloud deployments, they’re often ill-prepared for the level of effort required. Putting your house in order is hard: think of IAM as the blueprint for building a …
Google Cloud offers a clever way of allowing Google Kubernetes Engine (GKE) workloads to safely and securely authenticate to Google APIs with minimal credentials exposure. I will illustrate this method using a tool called kaniko. What is kaniko? kaniko is an open source tool that allows you to build …
Cloud Audit logs serve a vital purpose in Google Cloud by helping customers meet their compliance and security requirements. Log Analytics, a recent feature addition to Cloud Logging, brings new capabilities to search, aggregate and transform logs at query time using the power of SQL. Together with predefined queries …
As more organizations adopt Kubernetes, they also embrace new paradigms for connecting and protecting their workloads. Relying on perimeter defense alone is no longer an effective strategy. With microservice architecture patterns continuing to evolve rapidly, it is imperative that organizations adopt a defense-in-depth strategy to keep their applications and …
With Cloud Run, developers can quickly deploy production web applications and APIs on a serverless environment that runs on top of Google’s scalable infrastructure. While development teams can leverage Cloud Run to improve development agility and iterate quickly, many overlook their infrastructure’s security posture. In particular, one …
Google Cloud Armor is a well known enterprise-grade DDoS defense and web application firewall service that provides additional security for your applications and websites running on Google Cloud, on-prem or on other platforms. Cloud Armor helps protect against broken access controls, security misconfigurations, cryptographic failures and more. Cloud Armor …
Today we are pleased to announce that Cloud Certificate Manager is now in general availability. Cloud Certificate Manager enables our users to acquire, manage, and deploy public Transport Layer Security (TLS) certificates at scale for use with your Google Cloud workloads. TLS certificates are required to secure browser connections …
Why are so many companies moving to the cloud? One reason we hear quite often is cost reduction. The elasticity of cloud services, or its ability to scale up or down as needed, means paying only for what you use. Right up there on the list of reasons is …
The security of the infrastructure that runs your applications is one of the most important considerations in choosing a cloud vendor. Google Cloud’s approach to infrastructure security is unique. Google doesn’t rely on any single technology to secure its infrastructure. Rather, it has built security through progressive …
The Google Cloud DORA team has been hard at work releasing our yearly Accelerate State of DevOps report. This research provides an independent view into the practices and capabilities that organizations, irrespective of their size, industry, and region, can employ to drive better performance. Year over year, the State …
The State of DevOps report by Google Cloud and the DORA research team is the largest and longest running research of its kind with inputs from over 32,000 professionals worldwide. It provides an independent view into the practices and capabilities that organizations, irrespective of their size, industry, and …
We’re excited to announce an enhancement of our preview of Certificate Manager which allows Google Cloud customers to acquire public certificates for their workloads that terminate TLS directly or for their cross-cloud and on-premise workloads. This is accomplished via the Automatic Certificate Management Environment ( ACME ) protocol which is …
We’re excited to announce the public preview of Certificate Manager and its integration with External HTTPS Load Balancing. Certificate Manager enables you to use External HTTPS Load Balancing with as many certificates or domains as you need. You can bring your own TLS certificates and keys if you …
We are pleased to announce the general availability of Customer Managed Encryption Keys (CMEK) integration for Cloud Data Fusion. CMEK enables encryption of both user data and metadata at rest with a key that you can control through Cloud Key Management Service (KMS). This capability will help meet the …
In our first episode of the Cloud Security Podcast, we had the pleasure to talk to Nelly Porter, Group Product Manager for the Cloud Security team. In this interview Anton, Tim, and Nelly examine a critical question about data security: how can we process extremely sensitive data in the …
When it comes to infrastructure security, every stakeholder has the same goal: maintain the confidentiality and integrity of their company’s data and systems. Period. Developing and operating in the Cloud provides the opportunity to achieve these goals by being more secure and having greater visibility and governance over …
In a zero trust environment, every device has to earn trust in order to be granted access. When determining whether access should be granted, the security system relies on device metadata, such as what software is running or when the OS was last updated, and checks to see if …
Storing secrets like database credentials and passwords in code is never secure. Wouldn't it be great if your IDE tool could help you write more secure code? That's why we’re excited to announce the new Cloud Code integration with Secret Manager! Today, many applications require credentials to connect …