Developers & Practitioners
Next Reaction: Security and zero-trust announcements
Trillions in Cybercrime?
Phishing, spam, malware and devious websites? Oh my!
I've talked a lot about Zero Trust security in the past, and the meme means many things to many people. For Google we want to make sure that security-across your cloud workloads, on-premises systems, collaboration tools and devices-is reliable and invisible. And today's announcements help with that as Google builds security into more of the systems people use every day. That means better protection AND less work for us all as we protect our hapless, err… 'focused' employees from attack.
One pretty cool example? Automatic Data Loss Prevention in BigQuery. So your sensitive data, such as phone numbers, credit card info, names, addresses, can be identified and protected from leaks, across your entire company.
I see this as an extension of our Zero Trust philosophy: every network, device, person, service is untrusted until it proves itself. And that means data moving around, or access to internal systems, needs to be validated before being allowed.
This year has also brought its share of high-profile cyberattack headlines, including ransomware at numerous big names and all manner of cryptomining or DDoS malware. I don't see any sign of it decreasing either, as more and more companies make themselves appealing targets as they gather data and shift services to the internet.
To help you protect yourself we're extending the Zero Trust philosophy to your software supply chain, so that you can know exactly what software you're building, deploying and shipping, with protection against unwanted changes that could compromise your data. I'm excited to see new helpful tools for creating and enforcing supply chain policy, as well as open source frameworks that can help you understand your software, like SLSA.
Obviously it's great to protect your key systems (and I hope you're with me on that) but what about the employees and their devices? Attackers can usually get some malware onto an endpoint more easily than they can onto your infrastructure, and from there they just travel across and up to 'explore' for anything juicy to steal. So we need to protect people: enter Chrome threat protection!
I love seeing innovation in this space: machine learning based URL checking to detect phishing sites in real-time, plus document detection, so we can help you do an in-depth scan of sketchy docs that might have malware but let benign attachments through quickly. On top of that new customized messages for malware and data loss prevention in the browser, so you can tune your communications to your employees or direct them to a good place to learn more about how you're protecting them.
As before: we want to make you more secure, but also make it easier at the same time. And these upgrades to WebProtect and BeyondCorp Enterprise help you do just that.I really enjoyed the Next '21 announcements, and look forward to helping you all take advantage of the newest features in our security suite. Stay safe out there, and keep your data yours!