Tag Archives: Connected Workspaces

Must-see sessions on Android Enterprise at Next ’18

Android continues to see success this year in enterprise, with several initiatives to help organizations enhance their mobility efforts. Android Enterprise Recommended, the improved work experience in Android P, and increased protections from Android security efforts are among the many investments we’ve made to enrich and strengthen the ecosystem.

At Google Cloud Next, July 24-26 in San Francisco, CA, we’ll be taking to the stage with key partners and customers to discuss the latest in Android’s solutions, best practices, and what they mean for enterprise mobility.

You can learn more about these sessions and register at the Google Cloud Next site. For those unable to attend the conference, you’ll be able to check out sessions on YouTube at a later date.

Android Enterprise Recommended accelerates with more devices, new partners

Recently we launched Android Enterprise Recommended, which gives customers confidence to select, deploy and manage devices that meet elevated enterprise requirements. The program empowers organizations to choose the right devices for their organization, knowing they will receive regular security updates and at least one major operating system update, work with zero-touch enrollment, and be available unlocked.

We started with devices from seven OEMs—including Sony, Huawei, LG, Motorola, BlackBerry, Nokia and Google. We’re now expanding the program with new devices and OEM partners:

  • The Huawei M5 8.4 and 10.8 are the first tablets validated as Android Enterprise Recommended.

  • Two new OEMs have joined the program: Sharp, with the AQUOS SH 10-K, and Sonim with the XP8.

  • Existing Android Enterprise Recommended partners have added more devices as well: Sony’s Xperia XZ2 and XZ2 Compact; Motorola’s Moto G6, Moto G6 Plus and Z3 Play; Huawei’s P20 and P20 Pro; BlackBerry’s Key2; and the Nokia 3.1, Nokia 5.1, Nokia 6, Nokia 7 Plus, and Nokia 8 Sirocco from HMD.

With these additions, we now have 39 devices from nine OEMs across a number of price points, from flagship devices to fleet phones to tablets that can be used to make global workers productive.

Companies worldwide have begun updating their device programs around the Android Enterprise Recommended requirements. HSBC, one of the world’s largest banking and financial institutions, is using Android Enterprise Recommended to offer their teams a range of devices that meet enterprise-level requirements.

“We are only going to consider supporting Android Enterprise Recommended devices within our ecosystem.” says John Burton, head of product management for client services with HSBC. “For us, that means we can set a baseline for the manageability of the device, the way it's enrolled, level of security patching it gets, and the consistency of the device.”

Analytics firm SAS has also turned to Android Enterprise Recommended program to guide its teams to choose devices that are secure and easy to manage.

“We typically have stayed pretty close to certain OEMs because they tended to do security patches and updates in a timely manner,” says Jay Robinson, the company’s information systems engineer for mobile. “But now Android Enterprise Recommended is essentially doing that for us. We can say, ‘Hey, these are the devices that we recommend for a good management experience.’”

In a recent customer survey conducted by Google, 75 percent of respondents stated that the Android Enterprise Recommended program would play a key role in their future device decisions. The overall response to this program has been outstanding and we look forward to continuing to raise the bar across the Android ecosystem.


Making SAP experiences on Android extraordinary with the SAP Cloud Platform SDK for Android

Mobile applications are changing how businesses of all shapes and sizes get work done. And we want to help more enterprises develop native Android applications that make employees more productive than ever.

That’s why SAP is launching the new SAP Cloud Platform SDK for Android, which allows developers to create native Android apps, based on SAP services, directly in Android Studio. This SDK builds on our existing SAP partnership and delivers more features and a superior user experience than SAP’s previous offerings for Android.

The best of Android and SAP together

“By working closely with Google to combine the powerful capabilities of SAP Cloud Platform together with the global reach of the Android operating system, as well as allowing users to build native Fiori apps on Android, mobile workers everywhere will benefit from the new SDK for Android,” says Bjoern Goerke, President SAP Cloud Platform and Chief Technology Officer of SAP SE. “We see a great opportunity to extend the partnership between SAP and Google to help developers build rich, native Android apps, based on SAP Cloud Platform, SAP’s enterprise Platform as a Service."

As a part of this effort, we collaborated closely with SAP to align design patterns from Fiori, SAP’s user experience for enterprise software, with Material Design. The result is SAP Fiori for Android and the Fiori Design Language for Android, which provide a look and feel that combines the familiarity SAP users find in Fiori with design patterns familiar to Android users.

This collaboration also ensures key Android enterprise features—like managed configurations (app restrictions), Android management features like work profile, and security tools like SafetyNet—work well with Android apps built with the SAP Cloud Platform SDK.


Android SAP app

The SAP Cloud Platform SDK for Android empowers developers to build powerful applications for enterprises.

Enterprise-ready apps

The new SDK also streamlines the process for developers to start building apps that take advantage of SAP’s enterprise services. In addition to pre-defined UX tools, it incorporates key features like wiring to SAP platforms, push notifications, offline storage, diagnostics, and security tools directly in the SDK. The first app to use the new SDK is SAP Asset Manager for Android, which is being previewed at the SAPPHIRE NOW conference this week.
SAP Android studio

Developers can use the SDK right in Android Studio.

The release of the SDK is another example of SAP’s deeper investment in Android. In April, SAP released Android support for its micro app development feature SAP Mobile Cards, which makes it easy for users to find information at a glance and perform key tasks on the go.

How to learn more

The Android SDK is one of several collaborations we're working on with SAP. You can check out the full list of SAP services available on Google Cloud, along with new services launched this week at SAPPHIRE NOW in Orlando.

Google and SAP will be at the show to share more on this collaboration. If you want to hear directly from our team, you can find us at the SAP Leonardo Campus Design Experience area in booth LE 504, the Google Cloud booth in booth 370, and presenting at several conference sessions.

You can also catch us at Droidcon Berlin on June 26 and 27. In the meantime, learn more about the SDK at SAP’s blog.

Android P: More power for enterprises

We recently unveiled the beta version of Android P, which adds more intelligence and simplicity to your mobile experience. Many of the new features in Android P are specifically aimed at the enterprise, bringing additional security for corporate devices, a seamless transition between work and personal use, and flexibility for organizations using devices in dedicated-use scenarios.

Simplifying the work profile experience

Android P improves the look and performance of the work profile. Work apps now have a dedicated tab in the app launcher, making them more visible and eliminating duplication and clutter. Work apps also have an updated blue briefcase badge that better matches Android’s modern design patterns.

While we want to make it easier to get to your work apps, we also think it’s important for your phone to help you disconnect when you’re away from work. So in Android P, we added a switch to turn off work mode right inside the work tab. This disables the work profile apps, notifications and data usage.


new work profile

Work apps are now in a separate tab inside the launcher.

Many productivity applications are used with both a work and personal account. In Android P, app developers can enable seamless switching between work and personal accounts within their apps, removing the need to return to the app launcher. A quick transition zips you from one account to another in apps that you have installed for both work and personal profiles. Google Tasks supports this feature today, with support in other Google apps coming soon.

Tasks Android P

Switch from your personal Google account to a work profile from within the same application.

Also new in Android P is support for devices shared by multiple users. Now, shift workers who hand off a device at the end of their day can simply sign out, and the new team member can login and use the device right away.

More flexibility in kiosk mode

Businesses use Android devices as payment terminals, digital signs, informational kiosks, and in other creative ways to support their customers. This can be done by locking an app to the screen through kiosk mode.

Before, IT admins were restricted to locking only one app to a device. Now in Android P, admins can lock multiple apps and quickly switch between them with a dedicated launcher. A restaurant could take your order from a menu, and then switch over to a payment terminal app to complete the transaction.

Kiosk mode

Support multiple apps in kiosk mode.

This mode also lets enterprises limit access to device options, such as mobile connectivity or the settings menu, while still allowing users to get notifications and interact with a defined set of apps.

Any Android app can be used in kiosk mode, and developers don’t have to build their own custom launchers anymore to switch between apps. Administrators have full flexibility in customizing the user interface with the ability to hide status bar icons, the power menu and navigation buttons, as well as disable notifications.

Key security enhancements

Android P also introduces a number of features that address enterprise security needs:

  • The ability for IT administrators to require different PINs and timeout rules for the personal and work profiles.

  • Additional policies that can prevent data sharing across work and personal profiles.

  • New APIs that work with keys and certificates to securely identify devices accessing corporate resources.

While these are some of the key highlights, there are many other security-focused APIs and features that will benefit those using Android as a company-issued device or personal device with the work profile. View more details on the full set of security enhancements at the Android developers site.

Take it for a test drive

Thanks to the work of Project Treble, an effort to make OS upgrades easier for our partners, the Android P Beta is available for testing on several devices.

IT admins who want to experience P can install the beta on Google Pixel, Sony Xperia XZ2, Xiaomi Mi Mix 2S, Nokia 7 Plus, Oppo R15 Pro, Vivo X21, OnePlus 6, and Essential PH‑1.

Simplifying apps, desktops and devices with Citrix and Chrome Enterprise

As cloud adoption continues to accelerate, many organizations have found they need an ever-expanding fleet of mobile devices so that employees can work wherever and whenever they need. And research shows that when employees can work from anywhere, they can do more. According to Forbes, employee mobility leads to 30 percent better processes and 23 percent more productivity.

But as the demand for mobility grows, many organizations have also found themselves challenged by the need to provide secure mobile endpoints with access to certain legacy line-of-business or Windows apps. To help, last year we announced our partnership with Citrix to bring XenApp and XenDesktop to Chrome Enterprise.

Since bringing XenApp and XenDesktop to Chrome Enterprise, we’ve worked extensively with Citrix to help more businesses embrace the cloud. Last month, we announced that admins can now manage Chromebooks through several popular enterprise mobility management (EMM) tools, including Citrix XenMobile. And this year at HIMSS we showed how the combination of Citrix and HealthCast on Chrome Enterprise helps healthcare workers access electronic health records and virtualized apps securely on Chrome OS using their proximity badge.

All of this is the topic of an IDG webinar we’re co-sponsoring with Citrix. The webinar “Chrome OS & Citrix: Simplify endpoint management and VDI strategy” includes IDG CSO SVP/Publisher Bob Bragdon, Chrome Enterprise Group Product Manager Eve Phillips, and Citrix Chief Security Strategist Kurt Roemer as speakers, and addresses how Citrix and Chrome enable access to mission-critical business apps and create a productive workforce inside or outside corporate infrastructure.

Here’s what the webinar will cover:

  • How Chrome and Citrix can ensure secure access to critical enterprise apps.
  • How employees can be more productive through access to legacy apps in VDI. 
  • How Citrix XenApp (XA) and XenDesktop (XD) integrate with Chrome OS.
  • How Citrix’s upcoming product launches and enhancements with Chrome, GCP and G Suite can help enterprise IT teams and end users.

In March, Citrix’s Todd Terbeek shared his experiences transitioning to Chrome Enterprise, and this week Chief Security Strategist Kurt Roemer discussed how combining Citrix with Chrome can deliver expanded value across security, privacy and compliance. Our work with Citrix continues to evolve, and we’re looking forward to finding new ways to collaborate in the future.

To learn more, sign up for the webinar.

Source: Google Cloud


5 things you can do with Chrome Browser to increase employee productivity

Whether it’s accessing business apps, collaborating on projects or just checking email, the web browser is increasingly becoming the place where employees get their jobs done. In fact, 76 percent of companies employ browser-based email, and 70 percent have adopted browser-based office applications, according to a recent Forrester study.

Since employees spend a lot of time in their browsers at work, we wanted to share some ways you can customize Chrome Browser to help employees stay focused. Chrome Browser has many built-in capabilities that IT admins can use to pre-install bookmarks, apps, and extensions,centrally manage policies, and provide an optimal web browsing experience.

Here are five things IT admins can do with Chrome Browser to help teams work more efficiently.

1. Use Chrome Sync to get fast and easy access across devices.

With Chrome Sync, an employee’s browser history, bookmarks, apps, extensions and even open tabs can follow them from device to device throughout the day—even as they switch across Windows, Mac and Chrome OS platforms. IT can also manage bookmarks centrally through policy, pushing out links to important sites and web apps that users can access from any device when logged into the browser.

chrome-productivity-4

2. Help users stay secure through Safe Browsing.

With Safe Browsing, Chrome Browser automatically notifies users when a site may be malicious, so they can avoid it. This means employees can avoid threats that might result in spending hours recovering from an infected device instead of getting things done. IT can allow users to decide if they want Safe Browsing turned on, or they can set a policy centrally to enable or disable it.

chrome-productivity-1

3. Block intrusive ads so employees can stay focused.

Intrusive ads can be a drain on anyone’s peace of mind. By enabling Chrome Browser’s automatic pop-up blocker through set policies, IT teams can help employees stay on task without being distracted. Chrome Browser now automatically filters links to third-party websites disguised as play buttons or other site controls, or transparent overlays on websites that capture clicks and open new tabs or windows.

chrome-productivity-3

4. Use a standardized homepage for employees.

IT admins can set employees’ homepages to internal sites so they have the latest tools and most up-to-date information. And with Group Policy or Cloud Policy, IT can easily set different homepages for different groups in the organization.

chrome-productivity-2

5. Pre-install apps and extensions for easy access and security.

IT admins can make it easy for employees to access the apps and extensions they need to be productive while maintaining the right security policies. They can deploy selected apps and extensions tailored to an employee’s department or role, whether they're internally built or public, like productivity or CRM apps, giving them easy access to the tools needed to do their work as soon as they open their browser. Visit Device management > Chrome > User Settings in the Admin Console or check out these instructions.

These are just a few ways IT admins can manage Chrome Browser to support user productivity. To get started with managing Chrome Browser for businesses, visit our website. And for information on how to set up, manage and configure Chrome Browser for your enterprise, check out our help center.

How Topcoder crowdsources solutions to tough coding challenges with Chrome Browser

Editor’s note: Today’s post is from Kyle Bowerman, Community Architect for Topcoder, a crowdsourcing marketplace that connects businesses with designers, developers and data scientists to build technology solutions. Topcoder uses Chrome Browser as its development environment, creating extensions to GitHub and simulating various device environments.

Companies need developers who can create apps that solve complex problems. Developers want to show off their coding skills. That's where Topcoder comes in—we connect the talents of a global community of 1 million developers to companies with coding issues to solve.

The process is simple: companies come to us with programming requests, and we create crowdsourcing challenges that let our community of developers demonstrate what they can do. The size and scope of these challenges can vary—some are exploratory and open-ended, like choosing the best grid library for JavaScript; others are very task-based and specific, like building a new screen for a mobile app. When developers from our community create a solution, they win prize money, and our enterprise customers get the apps and technology solutions they need.

Since our community develops on browser, our choice of browser as a development environment is very important. When we started Topcoder in 2001, we used Firefox’s development tools. However, we switched to Chrome Browser when it was launched in 2008 because, from our perspective as coders, it’s the best environment for development. The development tools in Chrome Browser remove roadblocks to fast delivery of projects—like the need to test apps on physical devices, or worrying if the solution will work on every browser. Because of this, we develop for Chrome Browser first, then test to be sure our apps work just the same on other browsers.

Without the development tools, like the plug-in library, built into Chrome Browser, there’d be no way developers could work at the speed our customers need. Let’s say the challenge is to fix a problem with an app’s “submit” button on a particular phone model. With Device Mode in Chrome Browser, our developers can simulate all kinds of devices instantly—even screen sizes and resolutions—without needing to test on the actual physical device. This can be a critical time-saver—we don’t have to go back to the customer and say, “sorry, we’ll get back to you in a few weeks after we find that device and test the code.” We trust Chrome Browser will help our developers create solutions that will work no matter which device they're accessed on.

Extensions are another tool we use to connect developers to challenges faster, so companies get quality coding work done fast. We created an extension that takes GitHub issue tickets and quickly turns them into Topcoder challenges. The extension exposes our challenges to the coding community in just a few seconds, instead of days. We also created an extension that lets developers search GitHub for Topcoder challenges by keyword, and look up other Topcoder developers.

With Chrome Browser, our developers get a better development environment, our enterprise customers get the apps they need, and all of us get a great browser experience in the process. That’s a winning solution for everyone.


We’ve been busy! 20+ Google Cloud security announcements from March

As Urs said last week, security is one of the biggest issues of our time, and with the cloud, we are able to tackle it together. At Google Cloud, we’re always working to help organizations keep up with evolving threats, protect their sensitive data, and empower innovation—all while giving them control and visibility. That’s why over the past several days we’ve announced a broad range of security products and enhancements. With so much to share, we thought it would be helpful to put all the news in one handy location.

Here’s a recap of our security announcements in March.


Chrome Enterprise

1. New enterprise mobility management (EMM) partnerships

We announced four new partnerships with EMM providers to help IT admins manage and implement security policies across their full fleet of devices from a single place. Cisco Meraki, Citrix XenMobile, IBM MaaS360 with Watson, and ManageEngine Mobile Device Manager Plus now support Chrome Enterprise.


2. Chrome OS Active Directory enhancements

Building on our initial integration with Active Directory last August, we’ve added a number of enhancements to help admins manage Chrome OS alongside legacy infrastructure. These include the ability to authenticate to Kerberos and NTLMv2 endpoints on local networks directly from Chrome OS, support for common enterprise Active Directory setups like multiple domain scenarios, and improved existing certificate enrollment flows.


3. Expanded management capabilities in Chrome Browser and Chrome OS

Chrome Enterprise lets admins fine tune more than 200 security policies and grant secure, authorized employee access to online resources. This month, we added even more controls, including per-permission extension blacklisting, disabled sign-ins, and device-wide certificates.



Cloud Identity

4. Cloud Identity

Cloud Identity is a new, standalone Identity as a Service (IDaaS) solution that offers premium features such as account security, application management and device management in one place. With Cloud Identity, employees get simple, secure access to their business-critical apps and devices, while administrators get the tools they need to manage it all in one integrated console.



Google Cloud Platform

5. Access Transparency

Trust is paramount when choosing a cloud provider, and we want to be as open and transparent as possible. Access Transparency gives you near real-time logs when Google Cloud Platform administrators access your content, offering an audit trail of actions taken by Google engineers and support whenever they interact with your content on GCP.


6. Cloud Armor

Cloud Armor, our new Distributed Denial of Service (DDoS) and application defense service, is based on the same technologies and global infrastructure that we use to protect services like Search, Gmail and YouTube. Global HTTP(S) load balancing provides built-in defense against infrastructure DDoS attacks. Cloud Armor works in conjunction with global HTTP(S) load balancing and enables you to customize defenses for your internet-facing applications. Its capabilities include IP blacklisting/whitelisting, geo-based access control, custom rules via a rules language and defense against application-aware attacks like SQL Injection.


7. Cloud Security Command Center (alpha)

The new Cloud Security Command Center (Cloud SCC) is a security and data risk platform that lets you view, analyze, and monitor an inventory of your cloud assets, scan storage systems for sensitive data, detect common web vulnerabilities and review access rights to your critical resources—all from a single, centralized dashboard. Detect threats and suspicious activity with Google anomaly detection as well as security partners such as Cloudflare, CrowdStrike, Dome9, Palo Alto Networks, Qualys and RedLock.


8. The Cloud Data Loss Prevention (DLP) API

Discover, classify and redact sensitive data at rest and in real-time with the DLP API, now generally available. And because it’s an API, you can use it on virtually any data source or business application, whether it’s on GCP services like Cloud Storage or BigQuery, a third-party cloud, or in your on-premises data center.


9. FedRAMP Authorization

GCP, and Google’s underlying common infrastructure, have received the FedRAMP Rev. 4 Provisional Authorization to Operate (P-ATO) at the Moderate Impact level from the FedRAMP Joint Authorization Board (JAB). Now, both G Suite and GCP have FedRAMP Moderate authorizations. Agencies and federal contractors can request access to our FedRAMP package by submitting a FedRAMP Package Access Request Form.


10. VPC Service Controls (alpha)

Currently in alpha, VPC Service Controls help enterprises keep their sensitive data private while using GCP’s fully managed storage and data processing capabilities. VPC Service Controls create a security perimeter around data stored in API-based GCP services such as Cloud Storage, BigQuery and Bigtable. This helps mitigate data exfiltration risks stemming from stolen identities, IAM policy misconfigurations, malicious insiders and compromised virtual machines.



G Suite

11. New advanced anti-phishing capabilities

Updated phishing security controls can be configured to automatically switch on the latest Google-recommended defenses. New default-on protections can:

  • Automatically flag emails from untrusted senders that have encrypted attachments or embedded scripts.

  • Warn against email that tries to spoof employee names or that comes from a domain that looks similar to your own domain.

  • Offer enhanced protections against spear phishing attacks by flagging unauthenticated email.

  • Scan images for phishing indicators and expand shortened URLs to uncover malicious links.


12. Default-on mobile management

Basic device management is automatically enabled for your mobile devices that access G Suite. Employees won’t need to install profiles on iOS and Android devices, and admins get added security management controls including the ability to enforce pass codes, erase confidential data, and see which devices access corporate data.


13. New additions to the security center for G Suite

We introduced the security center for G Suite earlier this year. Security center brings together security analytics, actionable insights and best practice recommendations from Google to help you protect your organization, data and users. Last week we introduced new additions, including:

  • New security charts to show OAuth activity and Business Email Compromise (BEC) scam threats specifically focused on phishing emails that may not have links.

  • New mobile management charts to help IT admins examine activity analytics and detect when devices have been hijacked, rooted or jailbroken.

  • Ways to reorganize the dashboard to focus on what is most important to your organization.

  • Ways to analyze your organization’s security health and get custom advice on security key deployment and protection against phishing scams.


14. Built-in protections and controls for Team Drives

New enhancements to Team Drives provide additional security controls, including the ability to limit file access privileges and add IRM controls to prevent users from printing, downloading and copying files. These new security features will roll out in the coming weeks.



Partnerships

15-25. New and expanded security partnerships

We announced several new security partnerships, including:

  • Dome9, which has developed a compliance test suite for the Payment Card Industry Data Security Standard (PCI DSS) in the Dome9 Compliance Engine.

  • Rackspace Managed Security, which provides businesses with fully managed security on top of GCP.

  • RedLock’s Cloud 360 Platform, a cloud threat defense security and compliance solution that provides additional visibility and control for Google Cloud environments.


As we said last week, we believe a more secure business landscape is better for everyone, and we’re committed to finding new ways to help businesses be more secure. For more information, check out our security webpage.

Related Article

Security in the cloud

Security is one of the biggest issues of our time. Countless companies and governments have lost data because of security incidents. And ...

Read Article

Related Article

New ways to secure businesses in the cloud

Today we announce more than 20 enhancements aimed to deepen and expand the control businesses have over their security environment. These...

Read Article

The Android Security 2017 Year in Review has good news for enterprises

Device security is of paramount importance to enterprises. It’s why the Android Security team (and many other teams at Google) continuously work to improve protections across more than 2 billion active Android devices.

To ensure customers, partners, and Android users are up to date on our ongoing work, we recently published the fourth annual Android Security Year in Review. This document details improvements to Google’s security offerings in Android, updated platform features, and key metrics that inform our initiatives.

While the report provides a broad view of the breadth of the security work across the ecosystem, there are important highlights for our enterprise users.

Enterprise-grade security in Android

In 2017 we launched Google Play Protect, Android’s built-in device, data, and apps security scanning technology. Google Play Protect protects users from potentially harmful apps (PHAs) in real-time and uses cloud-based services for analyzing device and app data to identify possible security concerns.

Every day, Google Play Protect automatically reviews more than 50 billion apps, other potential sources of PHAs, and checks devices, warning users about potential harm. These automatic reviews enabled us to remove nearly 39 million PHAs last year.

PGA install rates
The installation of potentially harmful apps (PHAs) from outside the Google Play store saw a significant drop in 2016.

Enterprises can leverage Google Play Protect with managed Google Play, a curated Google Play Store for enterprise customers. By using managed Google Play, an organization can ensure that team members are selecting prescribed apps for work that are secured through Google Play Protect. Last year, the number of 30-day active devices running managed Google Play increased by 2,000 percent.

We also introduced a bundle of new security features in Android Oreo, making it safer to get apps, dropping insecure network protocols, providing more user control over identifiers, and hardening the kernel.

In its second year, the Android Security Rewards program paid researchers $1.28 million in 2017 for work identifying potential vulnerabilities in Android. We also introduced the Google Play Security Rewards Program for developers that discover and disclose select critical vulnerabilities in apps hosted on Play.

Additionally we launched zero-touch enrollment, a fast and secure method for simplified provisioning of corporate-distributed devices. Our focus on security starts from the moment a device is powered on, through deployment, and during daily interaction with apps and services.

Looking ahead

Our efforts continue into 2018. We recently launched the Android Enterprise Recommended program for OEMs, which addresses the pain point that many organizations face when choosing devices for large deployments. Our program features a curated selection of devices that meet common requirements for security (including which devices are getting regular security patches), and supported features, all validated by Google.

For a more detailed look at all of the Android security improvements during the last year, see the dedicated Security Blog or read the full security report at g.co/AndroidSecurityReport2017.

New ways to secure businesses in the cloud

From collaboration tools that accelerate productivity, to platforms that spur innovation, to AI-powered tools that drive better customer insights, the cloud is increasingly where we turn to transform businesses. It’s also where an increasing number of enterprises are turning to help protect their data and stay secure.

As Urs shared earlier this week, it’s been our belief from the beginning that if you put security first, everything else will follow. We continue to develop new ways to give our customers the capabilities they need to keep up with today’s ever-evolving security challenges. That’s why today we’re announcing more than 20 enhancements aimed to deepen and expand the control businesses have over their security environment. You can read all of our announcements in more detail on our posts covering Google Cloud Platform, G Suite and Chrome Enterprise updates. Here, we’d like to highlight three unique examples of our security functionality.

Unprecedented control to better protect your data

Google Cloud was designed, built, and is operated with security top of mind—from our custom hardware like our Titan chip, to data encryption both at rest and in transit by default. On top of this foundation, our customers have the freedom to deploy their own security controls based on their unique needs and the level of assurance they require. Today, we’re announcing VPC Service Controls to add to our broad set of protections.

Currently in alpha, VPC Service Controls help enterprises keep their sensitive data private while using GCP’s fully managed storage and data processing capabilities. Imagine constructing an invisible border around everything in an app that prevents its data from escaping, and having the power to set up, reconfigure and tear down these virtual perimeters at will. You can think of it like a firewall for API-based services on GCP. Well-defined VPC service controls can give admins a greater level of control to prevent data exfiltration from cloud services as a result of breaches or insider threats.

With this managed service, enterprises can configure private communication between cloud resources and hybrid VPC networks. By expanding perimeter security from on-premise networks to data stored in GCP services, enterprises can feel confident running sensitive data workloads in the cloud.

VPC Service Controls give admins even more precise control over which users can access GCP resources with Access Context Manager. Enterprises can create policies to grant access based on contextual attributes like user location, IP address and endpoint security status. These policies help ensure the appropriate level of protection is in place when allowing access to data in cloud resources from the internet.

Google Cloud is the first cloud provider to offer virtual security perimeters for API-based services with simplicity, speed and flexibility that far exceeds what organizations can achieve in a physical, on-premises environment.


Visibility into data risks, with actionable security insights


As use of cloud services continues to grow, clear visibility into an organization’s cloud footprint and the security status of its infrastructure is more important than ever. Businesses need the right data and actionable insights to stop threats before security incidents turn into damaging breaches. To that end, we’re announcing Cloud Security Command Center, currently in alpha.

Cloud Security Command Center is a security and data risk platform for GCP that helps enterprises gather data, identify threats and act on them before they result in business damage or loss. First, Cloud Security Command Center gives enterprises consolidated visibility into their cloud assets across App Engine, Compute Engine, Cloud Storage and Cloud Datastore. People can quickly understand the number of projects they have, what resources are deployed, where sensitive data is located, and how firewall rules are configured. With ongoing discovery scans, enterprises can view the history of their cloud assets to understand exactly what changed in their environment and act on unauthorized modifications.

Cloud Security Command Center also provides powerful security insights into cloud resources. For example, security teams can determine things like whether a cloud storage bucket is open to the internet or contains personally identifiable information, or whether cloud applications are vulnerable to cross-site scripting (XSS) vulnerabilities—to name just a few.

Finally, Cloud Security Command Center helps enterprises leverage and act on intelligence from Google and other leading security vendors. Administrators can identify threats like botnets, cryptocurrency mining and suspicious network traffic with built-in anomaly detection developed by the Google Security team, as well as integrate insights from vendors such as Cloudflare, CrowdStrike, Dome9, RedLock, Palo Alto Networks, and Qualys to help detect DDoS attacks, compromised endpoints, compliance policy violations, network intrusions and instance vulnerabilities and threats. With ongoing security analytics and threat intelligence, enterprises can better assess their overall security health in a central dashboard or through APIs, and immediately act on risks.

This is just one example of how we’re providing enterprises more visibility. Earlier this year, we announced the security center for G Suite, which provides security analytics and recommendations for our G Suite customers. Today we’re introducing additions to security center, including new charts which highlight phishing threats and suspicious device activity. You can read more about these improvements in our G Suite and GCP posts.

Transparency into how we interact with your data

Trust is paramount when choosing a cloud provider. We want to be as open and transparent as possible, allowing customers to see everything that happens to their data. Cloud Audit Logging helps answer the question of which administrators did what, where, when and why on your GCP projects.

And now, Access Transparency offers an immutable audit trail of actions taken by Google engineers and support whenever they interact with your content on GCP. Access Transparency builds on our already robust controls that restrict Google administrator activity to actions only with valid business justifications, such as responding to a specific ticket our customers have initiated or recovering from an outage.

Together, Cloud Audit Logs and Access Transparency Logs provide a more comprehensive view of admin activity in your cloud environment. We believe that trust is created through transparency, which is why we’re proud that GCP is the first to offer this level of visibility into cloud provider administrative activity.

What cloud security means for businesses

Today’s updates are just a few examples of how we’re making it easier and more secure for businesses to build and grow in the cloud—with many more still to come.

“Businesses’ path to cloud adoption relies heavily on trust; CEOs and CIOs need to feel comfortable that they are gaining significant benefit from the cloud without giving up control,” says Doug Cahill, Senior Analyst, ESG. “With these announcements, Google Cloud is continuing to provide more control and insight to customers—and commendable visibility into administrative activity within their cloud environments through Access Transparency—while offering them the peace of mind that many of the fundamental aspects of security are taken care of and constantly evolving along with the threat landscape.”

Customers like Credit Karma, Lahey Health, and Sanmina Manufacturing are working with Google Cloud to help secure their data.

“A strong security posture plays a critical role in helping us fulfill our mission of helping our members navigate the complex personal finance landscape through a predictive, data-driven recommendation system,” says Credit Karma Chief Technology Officer Ryan Graciano. “User trust is crucial to our business so security was hugely important when selecting a cloud provider. Google Cloud’s end-to-end approach met our high standards. This enables us to spend more time focusing on building the best products for our customers.”

We believe a more secure business landscape is better for everyone, and we’ll continue to develop ways to help businesses be more secure. For a closer look at all our security-related announcements today, read our in-depth posts on GCP, G Suite and Chrome Enterprise.

Source: Google Cloud