Jump to Content
Google Cloud Next

Security in the new normal: What happened week 4 at Google Cloud Next ’20: OnAir

August 7, 2020
https://storage.googleapis.com/gweb-cloudblog-publish/images/Next_OnAir_Week_4.max-2600x2600.jpg
Rob Sadowski

Trust & Security Lead, Google Cloud

It’s hard to believe, but Google Cloud Next ‘20: OnAir Week 4 is already in our rearview. Week 4 focused on security, and we had a lot to share, from solution announcements and roadmaps, to best practices and tips, to demos and customer stories. It would be impossible for any one person to have experienced everything, so let’s take a look back at some highlights from the week and some resources going forward. 

Key announcements from the week

Security is constantly evolving. When you add in all the ways work has changed due to the coronavirus pandemic, the rate of evolution has increased and priorities have shifted for many organizations. Protecting a remote workforce and strengthening security for online transactions are even more important in today’s new normal

First, we want to highlight a new offering, sold through our partner Tanium, to help enterprises detect, investigate, and scope advanced, long-lived attacks (APTs). It includes an integration between Tanium’s Threat Response and our security analytics platform, Chronicle. This collaboration should help organizations as they continue to move towards distributed business operations. 

At Google, we’ve also made the technologies we use to secure our workforce available to you. In Tuesday’s keynote, we highlighted BeyondCorp Remote Access and Chronicle. Both can help simplify your security operations while protecting your remote workforce in a number of ways. 

Of course, you also need to make sure your customers can interact with you safely. With so many transactions and interactions happening online, we created solutions like WebRisk API and reCAPTCHA Enterprise to help you mitigate the potential risks by stopping bots, fraud, and malware links, helping keep your online channels safe. 

On Tuesday, we also announced the beta availability of Certificate Authority Service (CAS). This highly scalable and available service simplifies and automates the management and deployment of private CAs while meeting the modern needs of developers and applications.

We recently announced a Premium tier for Security Command Center, and on Tuesday we announced some new capabilities for Security Command Center Premium that let you spot threats using Google intelligence for events in GCP logs and containers, surface large sets of misconfigurations, and perform automated compliance scanning and reporting. 

Speaking of compliance and regulations, we also highlighted some new offerings to help you with your efforts. First, Assured Workloads for Government (private beta) lets those of you in regulated industries like the public sector configure and deploy sensitive workloads according to your security and compliance requirements, all in just a few clicks—removing the tradeoff between regulatory compliance and having the latest capabilities in your cloud. 

We also discussed the first product in our Confidential Computing portfolio: Confidential VMs (beta). Confidential Computing is a breakthrough technology that encrypts data in-use—while it is being processed—and Confidential VMs helps protect your sensitive data in the cloud with memory encryption so that you can further isolate your workloads in the cloud. We are excited to offer this level of security and isolation while giving customers a simple, easy-to-use option that doesn't compromise on performance.  

For a full list of announcements from security week, check out our roll-up blog

New security resources

Last, but by no means least, we announced a couple exciting new security resources. Can a security resource be “exciting”? You’ll be the ultimate judge, of course, but we think these new features can help security professionals. 

First is our Google Cloud security best practices center. We’ll be updating it consistently with the latest security best practices and blueprints, so it can become a “one stop shop” for your security needs. Bookmark it and check it out whenever you have security questions—and don’t hesitate to make suggestions on content you’d like to see. 

Next is the Google Cloud Security Showcase, a video resource that’s focused on solving security problems and helping you create a safer cloud deployment. It currently has almost 50 videos (here are some examples) with step-by-step information to help you solve specific security issues, so there’s sure to be something for every security professional.

Video Thumbnail

Security for everyone at every level

At Next OnAir we delivered sessions with real-life, actionable information for every level of security practitioner, from introductory sessions for those just getting started in the cloud to advanced-level workshops for those looking to improve their current setup. We know everyone has a unique path to the cloud, and to wrap up Security Week, we wanted to highlight one potential path and how the information from Next can help.

If you’re just getting started with your cloud journey, security and compliance are no doubt top of mind. Master Security and Compliance in the Public Cloud discusses how customers and Google work together to deploy workloads that have to meet regulatory and compliance requirements. 

There were 10 sessions that qualified as intermediate this year, and you can see them all here. For this cloud journey, we wanted to highlight one of the offerings we think can help organizations increase their security posture in this “new normal” security environment: Getting Started With BeyondCorp: A Deeper Look into IAP. As we mentioned above, we’ve been using BeyondCorp and zero-trust methods for our own security for a decade, and now it’s available to you. Why might this model be right for your company? Who else is using it? How do you get started? This session answers these questions and more.

Now we’re in the cloud, we’re compliant, and we’ve got our zero-trust security model going. A good next step is scaling up our security telemetry to be better prepared for whatever threats come on to your network. This advanced session shows you firsthand how to utilize a cloud-native security analytics system that’s built on core Google infrastructure and is fed by a massive threat database. 

Don’t stop with this journey, though. Check out all the security sessions from our session guide. There’s no doubt something there for securing your environment. 

Looking ahead: Data Analytics

Next week, Next OnAir moves on to Data Analytics. You can browse the complete session catalog here. Be sure to check out the keynote where Debanjan Saha, GM and VP of Engineering for Google Cloud, will detail what’s new and what’s next in smart analytics. He’ll be joined by Vittorio Cretella, CIO of The Proctor and Gamble Company, to discuss how P&G is accelerating their data-driven digital transformation with Google Cloud.

In fact, Data Analytics week will feature a lot of cool stories about how Google Cloud is helping organizations make data-driven decisions. Be sure to watch sessions with Major League Baseball, Waze, Bluecore, CARTO, Geotab, and others to see how organizations of all shapes and sizes are innovating with the help of Google Cloud.  

If you haven’t registered for Google Cloud ‘20 Next: OnAir yet, there’s still time. Head over to g.co/cloudnext to get started, and we’ll see you next week.

Posted in