Skip to main content

Cloud Security Command Center is now in beta and ready to use

Security hero

If you’re building applications or deploying infrastructure in the cloud, you need a central place to help understand your security posture, put it in a business context, and act on changes. In March, we announced Cloud Security Command Center in alpha, becoming the first major cloud provider to offer organization-level visibility into assets, vulnerabilities, and threats. Starting today, this security service is available to Google Cloud Platform (GCP) customers in beta.

This beta release comes with a number of new features, including:
  • Expanded coverage across GCP services including Cloud Datastore, Cloud DNS, Cloud Load Balancing, Cloud Spanner, Container Registry, Kubernetes Engine, and Virtual Private Cloud
  • 13 IAM roles added for fine grained access control across Cloud SCC
  • New examples of how to generate notifications when changes occur, or to trigger Cloud Functions from a Cloud SCC query
  • Ability to view and search for new, deleted, and total assets over a specified time period
  • Expanded client libraries including Java, Node, and Go
  • Expanded capabilities to manage asset discovery
  • Self-serve onboarding via GCP Marketplace
  • Self-serve partner security sources, such as Cavirin, Chef, and Redlock, via GCP Marketplace

Cloud Security Command Center (Cloud SCC) provides security teams with insight into infrastructure, configuration, application and data risk so that you can quickly address vulnerabilities, mitigate threats to your cloud resources and evaluate your overall security posture. With Cloud SCC, you can view and monitor an inventory of your cloud assets, be alerted to security anomalies, scan cloud storage to discover where you are storing sensitive data, detect common web vulnerabilities, and review access rights to your critical resources, all from a single, centralized data platform and dashboard.

Cloud Security Command Center gives us unprecedented visibility into the security posture of our VM instances and containerized workloads running within GCP. With this security service, we can quickly review and assess risks across all our GCP assets.Alexander Schuchman,
Director Information Security, Colgate-Palmolive

Cloud SCC is the best way to get started assessing and remediating security risks in your GCP environment. Here are three ways to use the service today:

1. Assess security risks and vulnerabilities
The Cloud SCC dashboard presents findings that help you quickly uncover security risks and potential vulnerabilities and threats. For example, you can view which Cloud Storage buckets are publicly accessible, identify VMs with public addresses, discover overly permissive firewall rules, and be alerted to instances that may have been compromised to perform coin mining. You can also easily see if users outside of your designated domain, or GCP organization, have access to your resources.

Use Cloud SCC to quickly discover non-org owners with access to GCP resources

With Cloud SCC, you can uncover VMs that are exposed to the internet

2. View and act on changes to your GCP assets
Cloud SCC gives you a comprehensive inventory of your cloud assets across numerous GCP services including App Engine, Cloud Datastore, Cloud DNS, Cloud Load Balancing, Cloud Spanner, Cloud Storage, Compute Engine, Container Registry, Kubernetes Engine, and Virtual Private Cloud. You can also view the inventory of your service accounts.
Using asset inventory, you can view resources for the entire GCP organization or just for particular projects. Cloud SCC performs ongoing discovery scans, allowing you to see asset history to understand exactly what’s changed in your environment and act on unauthorized modifications. With the assets display, you can see new, deleted, and total assets for a specified time period.
You can also generate notifications when changes occur and trigger Cloud Functions from a Cloud SCC query. For example, you can configure an action to automatically detect policy changes on a network firewall and then restore it back to a secure state, or detect when a Cloud Storage bucket becomes publicly accessible and then revert back to private access.

3. Integrate security findings from Google and other cloud security leaders
Cloud SCC is a flexible platform that integrates with Google Cloud security services such as Data Loss Prevention (DLP) API, Forseti, Cloud Security Scanner, and anomaly detection from Google as well as with third-party cloud security solutions from vendors such as Cavirin, Chef,  and Redlock. By integrating partner solutions with Cloud Security Command Center, you can get a comprehensive view of risks and threats all in one place without having to go to separate consoles. You can also jump from the Cloud SCC dashboard directly into these third-party tools to help speed remediation efforts.

Cloud SCC integrates with leading third-party cloud security vendors

Cloud SCC can help you get a better handle on the security of your GCP environment today.  Visit the Cloud SCC webpage for a product overview and documentation. You can start using Cloud SCC today, straight from GCP Marketplace.


Popular posts from this blog

People are going wild for a handy new shortcut that will change the way you use Google Docs

- Google has introduced new URLs that can open up blank Google Docs with the click of a button. - To try it out, simply point your browser to  or other Google URLs. - Here's an incomplete list of these new URLs, along with a way to take the shortcut to the next level. Last month, Google rolled out a new time-saving shortcut for anyone who spends a lot of time in Google Docs. To open a new, blank document — or spreadsheet, or presentation — all you have to do is go to one of Google's handy new URLs. So if you want to start a new document, you just have to type " " into your browser. Google Docs ✔ @googledocs Introducing a .new time-saving trick for users. Type any of these .new domains to instantly create Docs, Sheets, Slides, Sites or Forms ↓ 9:35 PM - Oct 25, 2018 4,550 2,812 people are talking about this Twitter Ads info and privacy Here&#

Set start times and import reminders in Tasks

Here comes one of the most awaited features. Tasks is one of the goals to follow what you have to do in G Suite. These new updates will help ensure the majority of your to-dos are in Tasks, and guarantee that you can monitor the due dates related with them. Moreover, importing reminders to Tasks can support your users if your association is at present changing from Inbox to Gmail. Set a date and time for your tasks and receive notifications - You’ll find a place to add date & time. Create repeating tasks - Also you can make an event recur. Import reminders into Tasks This import tool will pull your reminders (from Inbox/Gmail, Calendar, or the Assistant) into Tasks.When importing reminders into Tasks, we’ll copy over the title, date, time and recurrence of the reminder. Please note, reminders with locations associated will not be imported. Additionally, this is a one-time import and not a constant sync. - When you open Tasks on the web or your mobile app, you’ll se

Use Vault for Gmail Confidential Messages and Jamboard Files

Google vault will be supporting two new formats in the future, Gmail confidential mode emails & Jamboard files stored in Google Drive. Google Vault gives you a chance to retain, hold, search, and export data to support your organization’s retention and eDiscovery needs. This dispatch includes support for new information types with the goal that you can thoroughly oversee your association's information. What happens when individuals in your association sends confidential messages? Vault can hold, retain, search, and export all confidential mode messages sent by users in your association. Messages are constantly accessible to Vault, notwithstanding when the sender sets a termination date or denies access to private messages. Here’s an example of what will see in Vault when they search for and preview this email sent by . But It’ll not work vise versa. Admins can hold, retain, search and export message headers and s