GCP Cloud Next 22

GCP Cloud Next 22

GCP Cloud Next 22

GCP Cloud Next 22

Google’s yearly “Cloud Next” event wrapped up last week with a slew of exciting announcements. In the security space, two general themes emerged: maintaining a secure software supply chain and evolving the cloud security perimeter alongside core cloud offerings. A number of product updates and initiatives are relevant to us as security practitioners.

Software Supply Chain Security

Software Supply Chain Security

Software Supply Chain Security

Software supply chain security has been a hot topic for quite some time and has continued to rise in the zeitgeist following various high profile incidents in recent years. As the complexity of software and the environments that run it continues to grow, it is only natural for vendors to create offerings that assist in wrangling the responsibilities of inventory, dependency management, provenance, secure deployment and software verifiability. Google’s Software Delivery Shield aims to tackle software supply chain security in GCP. Software Delivery Shield is a combination of new and existing products wired together as a managed service based on Google’s previously announced SLSA supply chain security framework.

Starting with newly announced (in preview) Cloud Workstations, Dev/Ops/Admin teams can customize and deploy browser accessible development environments shifting the data attack surface from a remote workstation or mobile laptop to a tightly controlled and highly scalable GCP project. Code and data never leave the cloud perimeter while the developer maintains access to familiar tools and gains the full power and elasticity of GCP services. Further down the chain, Software Delivery Shield integrates with Artifact Registry, Cloud Build and Deploy for SLSA Level 3 builds, and the availability (in preview) of security posture management for GKE compliments the existing binary authorization feature to help maintain a verifiable Software Bill of Materials.

Strengthening the Evolving Cloud Security Perimeter

GCP is moving the network perimeter to protect users and data proactively where they are. Multiple updates were announced to the Cloud Firewalls offering that make it more accessible and easier to tune. Cloud Armor gets finer-grained tuning for preconfigured WAF rules, general availability of preconfigured rules for the OWASP Top 10 vulnerabilities, and automatic deployment of proposed rules via machine learning.

Private Service Connect now supports hybrid environments and private interconnect, enabling secure communications between services either on-premise or in the cloud behind a consistent IP address. Network Intelligence Center also gains the GA release of Analyzer for automatically detecting misconfigurations, Performance dashboard for enhanced visualization of your entire Google Cloud network environment, and integration with the Recommender API for ongoing right-sizing.

Read: A Layperson's Guide to GCP Network Firewalling

Read: A Layperson's Guide to GCP Network Firewalling

Conclusion

As the cloud, and the threats to it, continue to evolve, we are committed to staying on the leading edge of sound architecture, proactive detection and effective response. Software provenance and an evolving network perimeter should be top of mind for all security professionals, especially those operating in the cloud. These new tools should prove indispensable in the battle to secure GCP workloads.


The information presented in this article is accurate as of 10/19/2022. Follow the ScaleSec blog for new articles and updates.

About ScaleSec

ScaleSec is a service-disabled, veteran-owned small business (SDVOSB) for cloud security and compliance that helps innovators meet the requirements of their most scrutinizing customers. We specialize in cloud security engineering and cloud compliance. Our team of experts guides customers through complex cloud security challenges, from foundations to implementation, audit preparation and beyond.

Get in touch!


6 Keys to Securing User Uploads to Amazon S3

Architecting AWS applications to securely enable user uploaded content, using pre-signed post URLs.

Next article

ScaleSec is a Cloud Security Alliance Member.
ScaleSec is a Cloud Security Alliance Trusted Cloud Consultant.
ScaleSec is a Better Business Bureau® Accredited Business.
ScaleSec is a PCI Security Standards Council Participating Organization.
ScaleSec is a service-disabled, veteran-owned small business (SDVOSB) for cloud security.
ScaleSec is a certified Veteran’s Business Enterprise™ (VBE) from the National Veteran Owned Business Association.

Here for you

Have questions? Leverage our expertise to help you meet your business goals with a strong security posture.

Join us

ScaleSec is a well-connected, fully remote team. We thrive in the great undocumented beyond. We’re hiring in most US metros.

Get in touch

Considering cloud? Want to optimize and transform your existing digital portfolio?
Reach out to us.

Gap Assessment

Get perspective. Address security comprehensively.

Prepare for compliance.

ScaleSec
San Diego, CA 92120, United States

619-SCALE15

© 2022 ScaleSec. All rights reserved. | Privacy Policy