UPDATED 13:06 EDT / APRIL 11 2019


Security stakes rise for cloud providers as Google rolls out new protection tools

Whether it’s in response to concerns from large enterprise customers or from their own global threat intelligence, security is very much on the minds of top executives for the leading cloud providers these days.

At the Amazon Web Services Summit in March, Amazon.com Inc Chief Technology Officer Werner Vogels devoted a significant amount of time in his keynote address to security while wearing a t-shirt with the slogan “Encrypt Everything.” In early April, Microsoft Corp. released a set of new security features for Azure Cloud. And on Wednesday, Google Cloud unveiled new security products and services of its own, wrapped in a number of statements from executives about the need for protection and privacy of customer data.

“Security is really something that we’ve built in from the start,” Urs Hölzle, Google’s senior vice president of technical infrastructure, said in his keynote address on Wednesday. “It’s not something that’s bolted on later. We start with the principle that your data is only your data.”

It’s also possible that news of cloud vulnerabilities within the past two years may be driving the three largest cloud providers to focus more attention on security. More than 540 million Facebook records were recently found to be exposed on AWS servers. Staff emails at Deloitte have been compromised in a breach of Microsoft Azure.

And security researchers have documented how recent waves of hijacking attacks on consumer routers have been linked to abuse of the Google Cloud Platform.

Visibility and control

Google Cloud rolled out an estimated 30 new security products and services this week, which ran the gamut from using the Android 7+ smartphone platform as a free security key for cloud accounts to implementing enterprise tools for improving data visibility and control.

One of the announcements involved general availability of the Cloud Security Command Center, a management and data risk platform. A new Command Center feature includes Security Health Analytics which automatically scans a customer’s Google Cloud infrastructure for configuration problems with out-of-date encryption keys or public storage.

“The challenge is complexity and scale,” Andy Chang, senior product manager at Google Cloud, explained in an interview with SiliconANGLE. “You don’t address that with humans. You address that with automation.”

Alert logs for Google’s access

Also announced on Wednesday was general availability of Access Transparency in G Suite Enterprise. The transparency tool creates alert logs whenever a Google employee touches customer data. Accessibility can be further limited through Access Approval, which allows customers to specifically dictate whether specific data can be handled by Google staff at all.

“We’re the only cloud provider that offers access transparency,” Chang said. “Your data is yours. It’s in the contract.”

Protecting user control over data is a simmering issue as policies of the U.S. government and other nations are running into conflict with the tech industry. Governmental calls for “backdoors” or ways that enforcement agencies can access sensitive encrypted user data have raised the stakes for Google Cloud and other providers.

The “Five Eyes” global alliance involving the U.S., Australia, Canada, the U.K. and New Zealand has publicly called for tech companies to establish backdoor access without requiring permission. In November, U.S. Assistant Attorney General Rod Rosenstein renewed the government’s call for law enforcement access.

“There is nothing virtuous about refusing to help develop responsible encryption,” Rosenstein said last year.

Rejection of backdoors

If government authorities want to see backdoors implemented for cloud accounts, they are apparently unlikely to get much support from Google. In his keynote remarks on Wednesday, Google Cloud Chief Executive Officer Thomas Kurian carefully stated his company’s approach to data privacy.

“We do not have a backdoor to allow any agency to access your data without your permission,” Kurian said. “No one at Google will access your data without your permission.”

How important is this policy to Google’s cloud customers? At Next, Google made several of its cloud customers available to the media, and they were asked about Kurian’s comments regarding data privacy and backdoors.

“We’re the custodians of that data and it’s our job to protect it,” said Tim Prendergast, chief cloud officer at Palo Alto Networks Inc. “The commitments that Google is making in this sense are important to us. It’s an increasingly meaningful statement.”

Google’s cloud security announcements this week highlight the growing importance of securing the cloud infrastructure to prevent breaches as attacks increase. One study evaluated 316 million real-world attacks on AWS and Azure, and Microsoft has reported a 300 percent increase in attacks on its cloud-based user accounts.

This trend is changing the game for cloud providers who must now become not only experts in data management and storage but security gurus as well.

“A lot of analysts have predicted that the public cloud providers are becoming more like security providers,” Rob Sadowski, Google’s trust and security marketing lead, said Wednesday. “They’re actually right.”

Photo: Mark Albertson/SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One-click below supports our mission to provide free, deep and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy