Skip to main content

Increasing trust in Google Cloud: visibility, control and automation

At Google Cloud, every data center we bring online, network cable we lay, and service we deploy is designed through the prism of security. And we are explicit in our commitment to our Cloud customers: you own your data, and we put you in control.

    Today, we are announcing a variety of security tools to further bolster your trust in Google Cloud: to gain increased visibility into your environments, to detect threats, to speed response and remediation, to mitigate data exfiltration risks, to ensure a secure software supply chain, and to strengthen policy compliance. These will help you:

    • Gain meaningful oversight over provider operations: Access Transparency (new GA and beta services, GA for G Suite) and Access Approval (beta)

    • Prevent data exfiltration and risk: Data Loss Prevention (DLP) user interface (beta) and VPC Service Controls (GA)

    • Centralize security management: Cloud Security Command Center (GA) with new Event Threat Detection (beta), Security Health Analytics (alpha), Cloud Security Scanner (new beta integrations) and Stackdriver Incident Response and Management (coming soon to beta)

    • View the security status of your APIs: Apigee security reporting (alpha)

    • Help secure the software supply chain: Container Registry vulnerability scanning (GA); Binary Authorization (GA); GKE Sandbox (beta); Managed SSL Certificates for GKE (beta); and Shielded VMs (GA)

    • Control and protect G Suite data: G Suite data regions enhancements (GA); enhanced advanced phishing and malware protections (beta); Security sandbox (beta); security center and alert center admin collaboration and automation (beta)

    • Gain insights with ML: Policy Intelligence (alpha)

    • Stay safe on the web: Phishing Protection (beta) and reCAPTCHA Enterprise (beta)

    Read on for a whirlwind tour of all the new and improved features and capabilities to help you simplify and streamline your security operations.
    Trust through transparency Running your business in the cloud shouldn’t mean taking a leap of faith. Last year, we announced Access Transparency for GCP, a first-of-its-kind service that creates logs in near-real-time when GCP administrators interact with your data for support. Access Transparency for G Suite is now generally available in G Suite Enterprise, providing visibility into access to covered G Suite data by Google Cloud employees. Within the G Suite Admin Console, we document each access and the reason why, including references to relevant support tickets. As a result, you can verify that Google is accessing your data only for valid business reasons, and you can use this information in support of audits as needed.
    Building on Access Transparency, we announced Access Approval for GCP in December, which allows you to explicitly approve access to your data or configurations on GCP before it happens. Access Approval is now available in beta for Google Compute Engine, Google App Engine, Google Cloud Storage, and many other services. This marks the first time a cloud provider has offered controls of this nature that cover all of our employees.

    Discover sensitive data and mitigate exfiltration and exposure risks The first step to protecting sensitive data in the cloud is knowing where it resides. Today, we’re excited to offer enterprises a new way to discover and monitor sensitive data at cloud scale with the Data Loss Prevention (DLP) user interface, now available in beta. Through this new interface, you can run DLP scans with just a few clicks—no code required, and no hardware or VMs to manage. Get started today in the GCP console.
    Your first line of defense for cloud deployments is your virtual private cloud (VPC). VPC Service Controls, now generally available, go beyond your VPC and let you define a security perimeter around specific GCP resources such as Cloud Storage buckets, Bigtable instances, and BigQuery datasets to help mitigate data exfiltration risks.
    Surface threats to your GCP workloads all in one place As you move workloads to the cloud, you need visibility into the security state of your GCP resources. You also need to be able to identify threats and vulnerabilities so you can respond quickly.
    Last year, we introduced Cloud Security Command Center (Cloud SCC), a comprehensive security management and data risk platform for GCP. Cloud SCC is now generally available, offering a single pane of glass to help prevent, detect, and respond to threats across a broad swath of GCP services (App Engine, BigQuery, Cloud Storage, Compute Engine, Google Kubernetes Engine, and more).
    As part of GA, we’re excited to announce the first set of prevention, detection, and response services that can help you uncover risky misconfigurations and malicious activity:

    • Event Threat Detection leverages Google-proprietary intelligence models to quickly detect damaging threats such as malware, crypto mining, and outgoing DDoS attacks. It scans Stackdriver logs for suspicious activity in your GCP environment, distills findings, and flags them for remediation. Sign up for the beta program.

    • Security Health Analytics automatically scans your GCP infrastructure to help surface configuration issues with public storage buckets, open firewall ports, stale encryption keys, deactivated security logging, and much more. Sign up for the alpha program.

    • Cloud Security Scanner detects vulnerabilities such as cross-site-scripting (XSS), use of clear-text passwords, and outdated libraries in your GCP applications and displays results in Cloud SCC. Cloud Security Scanner is GA for App Engine and now available in beta for Google Kubernetes Engine (GKE) and Compute Engine.

    • Security partner integrations with Capsule8, Cavirin, Chef, McAfee, Redlock, Stackrox,, and Twistlock consolidate findings and speed up response. Get started by viewing our partners on GCP Marketplace.
    Cloud SCC also helps you respond to threats. You can work to remediate findings by exporting incidents to the SIEM of your choice or open and track an incident in the new Stackdriver Incident Response and Management tool, coming soon to beta.

    Gain insights into the security status of your APIs APIs exposed to developers inside and outside your organization are another target for attackers. Apigee, Google Cloud’s API management platform, includes new security reporting to help you gain a holistic view of the health and security status of your API programs. You can identify APIs that do not adhere to security protocols and user groups that are publishing the most sensitive APIs. Findings are accessible in the Apigee console and via API for integration with SIEM tools. Apigee API security reporting is in alpha. Learn more
    Security throughout the software supply chain With containers, you need to trust the images you are running. Today, we’re announcing the availability of several GKE services to help build confidence in your containerized software supply chain.
    Finding vulnerabilities early in the deployment cycle avoids patching fire drills later on. Container Registry, our secure, private Docker registry, includes vulnerability scanning, a native integration for GKE that identifies package vulnerabilities for Ubuntu, Debian, and Alpine Linux, so you can find vulnerabilities before your containers are deployed. Originally announced in September, Container Registry vulnerability scanning will soon be generally available.
    Before a container is deployed to a GKE cluster, you want to make sure it meets your organization’s deployment requirements. Binary Authorization is a deploy-time security control that integrates with your CI/CD system, gating images that do not meet your requirements from being deployed. In the forthcoming GA release, Binary Authorization can be integrated with Cloud Key Management Service and Cloud SCC, delivering deploy-time control that you can view from the same console that you use to manage other security operations.
    Even when you’re working off a known-good foundation, sometimes you want an extra level of security. Coming soon to beta is GKE Sandbox, based on the open-source gVisor project. GKE Sandbox provides additional isolation for multi-tenant workloads, helping to prevent container escapes, and increasing workload security.
    GKE also now offers Managed SSL certificates, giving you full lifecycle management (provisioning, deployment, renewal and deletion) of your GKE ingress certificates. Now in beta, Managed SSL certificates make it easier to deploy, manage and operate secure GKE-based applications at scale.
    Finally, to harden VM-based workloads, Google Cloud offers Shielded VM, which provides verifiable integrity of your Compute Engine VM instances so you can be confident they haven't been compromised. Already, more than 21,000 Shielded VM instances are deployed on GCP, and starting today, Shielded VM is generally available, giving you a simple way to reduce the likelihood that anyone can tamper with your VMs.
    Controlling and protecting G Suite data We're also announcing new ways to help you protect, control, and remediate threats to the business data you create and store in G Suite.
    Some organizations require their data to be stored in specific locations, and we’re committed to meeting that need. G Suite Business and Enterprise customers can designate the region in which covered data at rest is stored—globally, in the US, or in Europe. We’re enhancing data regions with coverage for backups.
    We’re introducing new (beta) controls for advanced phishing and malware protection. These controls can help admins protect against anomalous attachments and inbound emails spoofing your domain in Google Groups. The security sandbox (available in beta for G Suite enterprise customers) helps provide better protection against ransomware, sophisticated malware and zero-day threats by executing email attachments in a sandbox environment to find out if they are malicious.
    Security center and alert center for G Suite provide organizations with best practice recommendations, unified notifications and integrated remediation that help admins take action against threats. We want to help admins work collaboratively to assess their organization’s exposure to security issues. New beta functionality allows admins to save and share their investigations in the security investigation tool. Within the alert center beta, admins can now indicate alert status and severity and assign alerts to other admins. Admins can also create rules within the security center that perform automated actions or send notifications to the alert center, where teams of admins and analysts can work together to take ownership and update status as they work through security investigations. Sign up for the security center beta here and alert center beta here.
    Putting it all together with ML Keeping configurations in-step with your security policies can be a challenge. There are a lot of levers to pull and settings to tweak to get security right, and you may wonder if you’ve done everything you can to reduce your exposure. To help, today we’re unveiling Policy Intelligence. Initially available for Cloud IAM, Policy Intelligence offers three new tools to help you understand and manage your policies and reduce risk:
    • IAM Recommender helps admins remove unwanted access to GCP resources using machine learning to make smart access control recommendations.

    • Access Troubleshooter enables security administrators to understand why requests were denied and helps modify policies to grant the appropriate access.

    • Validator lets admins set up governance and security guardrails that prevent them from granting overly-permissive access.
    New services to keep your users safe on the webTo protect your business, you need to protect your users. Last month at RSA Conference, we announced the beta of our Web Risk API and now we’re excited to introduce two brand new Google Cloud user protection services:
    • Phishing protection. Phishing websites that use things like your name and logo put your users at risk and damage your business. With the Phishing Protection service, you can quickly report unsafe URLs to Google Safe Browsing and view status in Cloud SCC. Once URLs are populated into Safe Browsing lists, users on more than three billion devices will be warned before they click on infected links. Sign up for the beta.

    • reCAPTCHA Enterprise. Security teams need to keep bad actors out of their websites, and ensure that their customers can always get in. reCAPTCHA has been defending millions of sites for almost a decade, and our new reCAPTCHA Enterprise service builds on this technology with capabilities designed specifically to address enterprise security needs. You can defend your website against fraudulent activity like scraping, credential stuffing, and automated account creation and help prevent costly exploits from automated software. Sign up for the beta.
    Creating environments that are secure—and keeping them that way—is job number one for organizations that run in the cloud. At Google Cloud, we’re committed to ensuring advanced security is an enabler for businesses who need greater agility with improved governance. Visit Google Cloud Security for a complete overview of Google Cloud infrastructure, products, and transparency and trust policies. And be sure to read our identity and access management blog post about new ways to help you improve IT, developer, and end-user efficiency.


    What's Popular ?

    Use Vault for Gmail Confidential Messages and Jamboard Files

    Google vault will be supporting two new formats in the future, Gmail confidential mode emails & Jamboard files stored in Google Drive. Google Vault gives you a chance to retain, hold, search, and export data to support your organization’s retention and eDiscovery needs. This dispatch includes support for new information types with the goal that you can thoroughly oversee your association's information. What happens when individuals in your association sends confidential messages? Vault can hold, retain, search, and export all confidential mode messages sent by users in your association. Messages are constantly accessible to Vault, notwithstanding when the sender sets a termination date or denies access to private messages. Here’s an example of what will see in Vault when they search for and preview this email sent by . But It’ll not work vise versa. Admins can hold, retain, search and export message headers and s

    All you need to know about Cloud Storage

    Cloud Storage is a global, secure, and scalable object store for immutable data such as images, text, videos, and other file formats. You can add data to it or retrieve data from it as often as your application needs. The objects stored have an ID, metadata, attributes, and the actual data. The metadata can include all sorts of things,  including the security classification of the file, the applications that can access it, and similar information. The ID, metadata, and attributes make object storage an appealing storage choice for a large variety of applications ranging from web serving to data analytics.    Storage classes You store objects in buckets that are associated with a project, which are, in turn, grouped under an organization. There are four storage classes that are based on budget, availability, and access frequency.  Standard buckets for high-performance, frequent access, and highest availability - Regional or dual-regional locations for data accessed frequently or high-th

    Zoom’s Work Transformation Summit on Jan. 19: Fresh Approaches for Moving Forward

    These past two years have undoubtedly reshaped work. More specifically, these past two years — shuffling between remote, in-person, and hybrid work scenarios — reshaped what employees expect out of their jobs, how they want to work, and what the office means to them.  Organizations are challenged with making big decisions to meet those expectations, and those decisions will dramatically alter how they hire, manage their facilities, buy technology, and maintain productivity. Simply adjusting policies and retooling previous work models won’t do. It takes a comprehensive reimagining. To help organizations navigate this next phase of work, Zoom is hosting our  Work Transformation Summit  on Jan. 19, a free, half-day virtual event designed to provide you and your organization with meaningful strategies, creative approaches, and innovative solutions for redefining work.  Summit attendees will have the opportunity to hear from peers and industry experts on the importance of embracing technolo

    What’s new with Google Cloud

      Want to know the latest from Google Cloud? Find it here in one handy location. Check back regularly for our newest updates, announcements, resources, events, learning opportunities, and more.  Week of Mar 8-Mar 12 2021 Learn about the value of no-code hackathons —Google Cloud’s no-code application development platform, AppSheet, helps to facilitate hackathons for “non-technical” employees with no coding necessary to compete. Learn about Globe Telecom’s no-code hackathon as well as their winning AppSheet app  here . Introducing Cloud Code Secret Manager Integration — Secret Manager  provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud. Integrating  Cloud Code  with Secret Manager brings the powerful capabilities of both these tools together so you can create and manage your secrets right from within your preferred IDE, whether that be VS Code, IntelliJ, or Cloud Shell Editor.  Learn more . Flexible instance configurations in Clou

    New intelligent suggestions for formulas and functions in Google Sheets

      You’ll now see in-line, sequential, context-aware suggestions for formulas and functions when working with data in Google Sheets.  Formula suggestions will make it easier to write new formulas accurately and help make data analysis quicker and easier. Simply begin inserting a formula in Sheets—suggestions will be automatically displayed and as you continue to type. You can view additional incremental suggestions in the drop-down menu. We hope these formula suggestions make it easier and faster for you to work with and analyze your data. Admins: There is no admin control for this feature. End users: This feature will be available  by default and can be disabled by going to Tools > Enable formula suggestions or from the three-dot menu of the suggestion dialog box. Rapid Release and Scheduled Release domains: Gradual roll-out (up to 15 days for feature visibility) starting on August 25, 2021 Available to all Google Workspace customers, as well as G Suite Basic and Business customers

    Your support partner for Google Workspace / Microsoft 365

    Your Support Partner For Google Workspace / Microsoft 365     Remote work is here to stay. mentions the percentage of "remote-capable" professionals who expect to work part of their time in the office and part of their time elsewhere—even if it's just one day a week—has risen to 53%, with even more, 59%, indicating that this is their preference. Today, 42% of respondents indicate they work in a hybrid arrangement, and 53% believe they will continue to do so in the future. With this emerging yet consistent trend, it should always be backed up with responsive & effective system support for your Google Workspace - which also provides you with the top notch collaboration tools to connect, create & collaborate.  1. Support at your ease.  Our Google Workspace Service offering thrives to enable you the full potential to work from anywhere, anytime. We stand by you for any Google Wor
    Every sustainable business realizes that cloud migration is essential for long-term success. However, many people are hesitant to begin the migration process because they fear data loss and are hesitant to take such an enormous leap. Nevertheless, the reality is that  data will continue to grow, necessitating additional infrastructure to handle it, both in terms of data storage and processing power for effective use of data. Organizations that are hesitant to transition to the cloud sometimes miss out on the benefits that cloud-native capabilities can deliver, such as faster machine learning timelines and the potential to leverage artificial intelligence to harvest more insights from data. If at all your organization is hesitant to move to the cloud, we got you covered! Finetech offers end to end service in all aspects of Data Migration. This would not only from on-premises to the cloud, but also : Cloud (3rd party Cloud Email providers) to Google Cloud PST (local archives) to Google C
    Big announcement!  As a part of our growth, Finetech is pleased to announce the expansion of our business in Bangladesh. With 12 years of excellence in helping organizations to digitize and providing with all aspects to keep up with the relevant, and up-to-date technology required to create an efficient workplace, Finetech Pledges to do so for the years to come throughout South Asia. As an objective to bring about the best Cloud services to South Asia, we have now kick-off our venture in Bangladesh.  We have identified Bangladesh as a fast developing country, and the need for an efficient work environment has been in need ever since. We understand the urgent technology challenges organizations face with incessantly changing tortuous business requirements. We also understand that orthodox ways of seeking solutions for these problems are no longer valid in the present day. We at Finetech believe that Cloud is the next big wave in technology. Our purpose is to bring the best of Cloud solu

    Set start times and import reminders in Tasks

    Here comes one of the most awaited features. Tasks is one of the goals to follow what you have to do in G Suite. These new updates will help ensure the majority of your to-dos are in Tasks, and guarantee that you can monitor the due dates related with them. Moreover, importing reminders to Tasks can support your users if your association is at present changing from Inbox to Gmail. Set a date and time for your tasks and receive notifications - You’ll find a place to add date & time. Create repeating tasks - Also you can make an event recur. Import reminders into Tasks This import tool will pull your reminders (from Inbox/Gmail, Calendar, or the Assistant) into Tasks.When importing reminders into Tasks, we’ll copy over the title, date, time and recurrence of the reminder. Please note, reminders with locations associated will not be imported. Additionally, this is a one-time import and not a constant sync. - When you open Tasks on the web or your mobile app, you’ll se

    Live translated captions in Google Meet are now generally available

    What’s changing  In 2021, we announced a beta for live translated captions in Google Meet. We’re now making live translated captions generally available for select Google Workspace editions.  Meeting participants can translate English meetings to:  French  German  Portuguese  Spanish  Translated captions are available on Google Meet on web and mobile devices.  Who’s impacted  End users  Why it’s important  Translated captions help make Google Meet video calls more inclusive and collaborative by removing language proficiency barriers. When meeting participants consume content in their preferred language, this helps equalize information sharing, learning, and collaboration and ensures your meetings are as effective as possible for everyone. This feature can be particularly helpful for all-hands meetings or training meetings with globally distributed teams. Additionally, translated captions can be impactful in education settings, allowing educators to connect and interact with students, p