Modernizing your security anywhere
As many organizations seek to adopt cloud-native architectures and deploy applications in heterogeneous environments, they demand consistent security best practices, regardless of where they're running their application. Anthos integrates security into each stage of the application life cycle, from develop to build to run, and automates security and policy management for all your deployments.
Centralized management at scale
Anthos offers one centralized point for enforcing policy across the fleet, whether that’s on-premises or across clouds. You can give your security teams the ability to implement security guardrails quickly and efficiently, while adhering to your organization’s governance and compliance requirements.
Evolve to zero trust security model
Define and enforce custom perimeters by segmenting networks and isolating workloads to harden your security posture. Easily separate trust and access to clusters and data by deploying fine-grained control from org level to container level. Anthos enables a defense-in-depth security strategy with far-reaching security controls across all of these deployment models.
Simplified patching and compliance
Anthos’s shared responsibility model means the burden of patching and vulnerability management is reduced for the end user. Leverage consistent compliant environment and security blueprints that provide a foundation to run compliant workloads in on-premises and multiple clouds. Anthos leverages open Kubernetes-style APIs, giving you the freedom to securely run your apps anywhere.
Anthos Config Management
Define and enforce policies across your hybrid and multi-cloud Kubernetes deployments at scale with Anthos Config Management, a central Git repository which manages access-control policies like RBAC, resource quotas, and namespaces, both on-premises and in the cloud.
Anthos Service Mesh
Implement and enforce a consistent service-to-service networking policy. With Anthos Service Mesh, you can better observe what’s happening with your services by implementing service level objectives (SLOs) and intelligently set policies to ensure that any and all communications to and from your services are encrypted, mutually authenticated, and authorized. And all of this is done without changes to your application code.
Deploy only trusted containers with Binary Authorization. By enforcing validation, you can gain tighter control over your container environment by ensuring that only verified images are integrated into the build-and-release process.
Integrated visibility and intelligence
Anthos gives you the tools you need to see and fix misconfigurations and get real-time security alerts. Anthos seamlessly works with the rest of the Google Cloud security and identity solutions, so you can gain centralized visibility into suspicious events such as traffic to known bad domains/IPs.
Config Connector includes Custom Resource Definitions (or CRDs) that provide a declarative, consistent way to configure many Google Cloud services and resources using Kubernetes tooling and APIs.
Meeting compliance at scale
Google Cloud has built infrastructure that meets many regulatory compliance requirements, including PCI, ISO/IEC 27001, HIPAA, SOC, and FedRAMP. We’re also making it easy for you to build compliant applications on top of our secured, managed Kubernetes service, both on Google Cloud and on-premises, by providing solution guides for PCI and other common compliance standards.
Support secure multi-tenancy with GKE Sandbox, based on open source gVisor, bringing defense-in-depth security principles to containers without application changes, new architecture models, or added complexity.
Policy Controller is a Kubernetes dynamic admission controller, based on the Open Policy Agent Gatekeeper project. It audits and enforces your clusters' compliance with policies related to security, regulations, or arbitrary business rules.
Monitor service-level performance
Anthos Service Mesh provides observability into the health and performance of your services by providing you critical, service-level metrics on three of the four golden signals of monitoring: latency, traffic, and errors.
We chose Google Cloud’s Anthos for its flexibility to modernize our existing application investments with ease, and to deliver AI/ML powered software faster while improving operational security and governance. Anthos gives us the ability to have a unified management view of our hybrid deployments, giving us a consistent platform to run our banking workloads across environments.Dilek Duman, Chief Operating Officer, DenizBank