It may not happen every day – but it happens way too often – that we hear of massive security breaches that leave our personal data exposed to online thieves and hackers whose business it is to extort money, steal identities, generate chaos and make people's lives miserable.
RedLock, a Google Cloud Platform security partner (recently acquired by Palo Alto Networks), reported that in 2018 an average of 51 percent of organizations publicly exposed at least one cloud storage service. Data exposures caused by misconfigurations pose an equally serious risk to your business and your customers as targeted or deliberate external attacks.
Keeping information secure is a major part of online operations for all businesses, whatever the extent of your cloud management and storage. That is the impetus behind Google's new Cloud Security Command Center (Cloud SCC), launched last year to combat data leaks that can wreak havoc on companies and their customers. Here is the lowdown on the new security system, which is currently in beta.
What is it?
Cloud SCC is a security database and monitoring platform that works with Google Cloud Platform's (GCP) data products and services. It lets users discover, analyze, view, and access their assets to protect data across Google's App Engine, Cloud Datastore, Cloud DNS, Cloud Load Balancing, Cloud Spanner, Cloud Storage, Compute Engine, Container Registry, Kubernetes Engine, and Virtual Private Cloud.
Viewing all assets together on a single dashboard makes it easier to identify modified, new or deleted assets. Google's anomaly detection technology flags botnets, cryptocurrency mining, anomalous reboots and suspicious network traffic.
This comprehensive data system overview facilitates better asset control and gives teams an intuitive way to analyze and mitigate risk.
How does it work?
Cloud SCC creates a unified inventory of your GCP resources – organization, projects, instances and applications – with vulnerability and threat assessments from GCP, third-party partners, and other security detectors and sources. Cloud SCC helps you generate specific insights and views of threats and attacks to your assets.
The platform helps systems administrators target and mitigate security issues by providing visibility into infrastructure, configuration, application and data risk. You can set alerts for security anomalies and scan for sensitive data to detect vulnerabilities, and review access rights. You can see which cloud storage buckets are publicly accessible, determine which virtual machines have public addresses, detect lax firewall rules and get alerted to coin mining.
You can easily see if users outside of your designated domain or Google Cloud Platform organization have access to your resources. Cloud SCC's continuous discovery scans reveal asset history, helping organizations understand changes in their environment and act on unauthorized modifications. With the assets display, you can see new, deleted and total assets for a specified time period, generate notifications when changes occur, and trigger cloud functions from a Cloud SCC query.
Why do you need it?
Cloud SCC assists your admins in understanding the practical effects of their settings and get a line on the security status of your cloud applications and data, letting you make configuration changes before damaging incidents occur. Security breaches need not be deliberate or malicious – operator error often comes into play, with unsafe exposures resulting from setup mistakes.
Sometimes, private information gets misplaced or data was stored in a way that was easy to access without authentication controls, or a needed password change slipped through the cracks. Some misconfigurations originate from a bucket or system set for internal use but which was later changed for greater accessibility.
Users gain perspective on their projects, resources, the location of sensitive data, firewall rules and which service accounts were added or removed.
Does it integrate with other security systems?
Cloud SCC is interoperable with Google's own Data Loss Prevention (DLP) API, Forseti and Cloud Security Scanner. You can also integrate third-party tools, such as Cavirin, Chef, CrowdStrike, Cloudflare, Dome9, RedLock/Palo Alto Networks, and Qualys, into the Cloud SCC to detect security and compliance policy violations, vulnerabilities, and threats. A REST API lets you work with your current security systems and workflows.
What kind of businesses benefit from it?
This Google system is targeted to enterprise-oriented businesses of any size, especially those who store and control assets in the cloud. Google Cloud Platform users – and companies that employ App Engine, Cloud Datastore, Cloud DNS, Cloud Load Balancing, Cloud Spanner, Cloud Storage, Compute Engine, Container Registry, Kubernetes Engine, Virtual Private Cloud and other services – all benefit from Cloud SCC's unified approach into their assets.
How can it help my business?
Cloud SCC is designed to keep your assets safe and secure, protecting vital information for both your business and your customers. It helps your company ensure that appropriate access control policies are in place across your cloud resources and that you get notified when settings are misconfigured or change unexpectedly or without authorization. You can receive Cloud SCC alerts via Gmail, SMS and Jira with Pub/Sub notification integration.
What does it cost?
There's no charge from the Google Cloud Platform for using the Cloud Security Command Center during the beta period; however, you will pay more if you use the Cloud Security Scanner, as it can affect App Engine quota limits, bandwidth traffic charges and API calls to App Engine services. The Cloud DLP API detector is also priced according to usage.