Bolstering security across Google Cloud

San Francisco — Today at Google Cloud Next ‘17, we launched the following new features for Google Cloud Platform (GCP) and G Suite that are designed to help safeguard your company’s assets and prevent disruption to your business:

  • Identity-Aware Proxy (IAP) for GCP (now in beta) allows you to manage granular access to applications running on GCP based on risk, rather than the “all-or-nothing” approach of VPN access. It provides more secure application access from anywhere, with access determined by user, identity and group. IAP is easy to deploy, and can be integrated with phishing-resistant security keys.

  • Data Loss Prevention (DLP) API for GCP (now in beta) lets you scan for more than 40 sensitive data types so you can identify and redact sensitive data. DLP does deep content analysis to help ensure that no matter what you want to keep safe, from credit cards to account numbers, you know where it is, and that it's protected at the level you want. DLP API for GCP joins DLP for Gmail and Drive, allowing admins to write policies that manage sensitive data in ways that aren’t possible on any other cloud.

  • Key Management Service for GCP (now generally available) allows you to generate, use, rotate and destroy symmetric encryption keys for use in the cloud. It gives customers the ability to manage their encryption keys in a multi-tenant cloud service, without the need to maintain an on-premise key management system or hardware security module.

  • Security Key Enforcement (SKE) for GCP and G Suite (now generally available) allows you to require security keys be used as the two-step verification factor for stronger authentication whenever a user signs into G Suite or accesses a GCP resource. SKE is easy on admins, easy on users and hard on phishers.

  • Google Vault for Google Drive, Team Drives and Google Groups (now generally available), is the eDiscovery and compliance solution for G Suite. Vault allows customers to set retention policies, place legal holds, perform searches across Drive, Gmail, Hangouts and Groups and export search results to support your legal and compliance requirements

  • Titan is Google's purpose-built chip to establish hardware root of trust for both machines and peripherals on cloud infrastructure, allowing us to more securely identify and authenticate legitimate access at the hardware level. Purpose-built hardware such as Titan is a part of Google’s layered security architecture, spanning the physical security of data centers to secure boot across hardware and software to operational security.


By baking security into everything we do and offering innovative capabilities that build upon this secure foundation, we create many different layers to prevent and defend against attacks and implement enterprise security policies so that our customers can feel confident partnering with us to achieve their business goals.