Google has just announced several updates to its enterprise cloud platform with an aim to improve users, data, and app security. The new enhancements were unveiled at Google Cloud Next ’19 conference in Tokyo this week.
First off, Google has expanded the scope of Advanced Protection Program (APP) to G Suite, Google Cloud Platform (GCP), and Cloud Identity customers.
The central idea of APP is that it safeguards personal Google Accounts from a variety of targeted attacks by making using of a FIDO-compliant hardware security key like Google’s Titan Security Key or Yubico’s YubiKey.
It limits third-party apps that aren’t approved and trusted, and enables scanning of incoming email for phishing attempts, viruses, and attachments for harmful content.
Enterprise customers, especially those with sensitive accounts, may end up accidentally clicking a malicious link, thereby compromising the security of the entire company.
Google, therefore, is making it possible for IT administrators, senior executives, and employees working in sensitive verticals such as finance and government to enroll for APP.
To make this feasible on a broader scale, the internet giant is bringing Titan Security Keys to new markets such as Japan, Canada, France, and the UK via the Google Store. This marks the first international expansion of the hardware keys, which were only available in the US.
The security key leverages the FIDO2 standard to provide a second layer of authentication to your login credentials. So, when you register a hardware key with an online service for the first time, it creates a public key-private key pair using asymmetric encryption.
During authentication — using a PIN or biometrics — your identity is confirmed by encrypting a secret message with the private key and transmitting it to the online service, which decrypts the message with the public key earlier generated.
Although Google has had a security scare with Titan keys, they are a secure alternative to receiving authentication codes via SMS. Google has also made it cross-platform, allowing your Android phone to act as a security key when signing in to Google accounts from iPhones and iPads.
Among other updates, the company has rolled out a refreshed G Suite Alert center which notifies admins of any security risks, including file sharing violations and password leaks.
In addition, it’s also bringing support for password vaulted apps — legacy apps that require a username and password to authenticate — to Cloud Identity customers.
The new features come at a time when cloud adoption is accelerating at a rapid pace, with security and privacy emerging a top priority for major service providers. Furthermore, risks from data loss and leakage remains a huge barrier to wider cloud adoption.
Cybersecurity firm Check Point’s 2019 Cloud Security Report last month cited unauthorized cloud access and account hijacking as some of the major cloud vulnerabilities, while stressing the need for stronger authentication mechanisms to safeguard users against such stealth attacks.
With passwordless authentication gaining momentum in recent years, it’s not surprising to see Google investing in IDaaS (Identity as a Service) infrastructure that makes it easy for enterprises to focus on their core business.
“Creating environments that are secure — and keeping them that way — is critical for organizations that run in the cloud,” wrote director of product management Karthik Lakshminarayanan and group product manager Vidya Nagarajan. “These new features will help strengthen protection and securely enable cloud workloads and business processes.”
The story has been updated on Aug 2, 9:15 AM IST for more clarity.