How Google Cloud securely enables modern end-user computing
Trust & Security Lead, Google Cloud
Director, Android Security Strategy
The era where the majority of employees work solely from a gleaming corporate headquarters is giving way to the era of the cloud-based mobile worker. Enabling your workforce to get work done from anywhere increases productivity, improves collaboration, and strengthens employee engagement. But it also can create security and compliance challenges.
At Google Cloud Next ‘19 in April, we delivered a presentation on how Google Cloud securely enables modern end-user computing. It’s a timely, essential topic given the reality we now operate in.
Our ecosystem of end-user computing products is built on Google Cloud Platform (GCP). GCP delivers a foundation that prioritizes security by default, leverages purpose-built infrastructure, and offers powerful proprietary security controls. GCP allows users to integrate an extensive ecosystem of partner tools, and provides validation against some of the most rigorous global security standards such as the ISO 27000 series.
In addition to this infrastructure foundation, our multilayered approach to end-user computing embeds security at the application, user, and device layers. Let’s take a look at the Google Cloud end-user computing stack:
End users increasingly access apps through browsers, and Chrome Browser provides secure, trusted access to these cloud apps across platforms. We’re continuously working to improve the security of Chrome Browser, helping you safeguard customer and business data across your enterprise. For example, features such as Google Safe Browsing, regular security updates, sandboxing, and site isolation keep your enterprise and users one step ahead of potential threats.
In addition, we take a proactive and intelligent approach to security with all of our G Suite apps, including Gmail, Docs, Drive, and more, automatically blocking many threats that confront your users and automating protection. G Suite gives admins a simple, streamlined way to protect users, manage devices, ensure compliance, and keep your data secure. Transparency is core to Google’s DNA, and we want to be clear that you—not Google—own your own data. We do not sell your data to third parties, there is no advertising in G Suite, and we never collect or use data from G Suite services for any advertising purposes.
In the mobile enterprise, users expect to be able to work from anywhere, on any device, on any network. This new reality requires a new approach to user security.
We developed BeyondCorp, a “zero trust” enterprise security model to help ensure security in this mobile, cloud-based, perimeterless new world. BeyondCorp shifts controls from the network perimeter to individual users and devices, granting access based on identity, device state, and context. This gives IT more granular control and lets users work securely from any location, on any device.
Implementing Cloud Identity, our unified identity, access, and device management solution, is a great step towards enabling BeyondCorp in your organization. Cloud Identity provides enhanced account security with multi-factor authentication and works seamlessly with FIDO security keys, including Google’s Titan Security Key, to provide an extra layer of protection. Additionally, now your Android phone is also a FIDO security key, providing a strong and convenient defense against phishing and account takeovers.
Google offers a variety of Android and Chrome enterprise devices in multiple form factors and price points. Both Android and Chrome devices are secure by design and employ a defense-in-depth security model. Features like verified boot, application sandboxing, on-device encryption, and regular background security updates, help ensure rock-solid, always-on device security. For more details on our approach to Android and Chrome security, check out our recent blog post where we cover the findings from Gartner’s Mobile OSs and Device Security: A Comparison of Platforms report.
Devices are only as secure as the software tools that users run on them. Google Play Protect is the world’s most widely used anti-malware solution, with 50B apps verified daily and over 2 billion devices protected. With Managed Google Play, you can push, update, and remotely configure apps protected by Google Play Protect for your users on both Chrome and Android devices, protecting them from side-loading risks in third-party app stores.
Security from the data center to the device
With interlocking defenses—from infrastructure, to application, to user, to device—our goal is to deliver a multilayered security solution that works up and down the enterprise end user computing tech stack, so your organization can be more mobile and more productive, without sacrificing security. If you’re interested in learning more, please watch our Next session and reach out to us to keep the conversation going.