News

Google Trials 'Command Center' To Monitor Cloud Security

• By Gladys Rama
• 03/21/2018

As part of a wider effort to bolster the security of its cloud platform, Google this week unveiled a new dashboard-type solution to help organizations monitor their cloud environments.

The new Cloud Security Command Center (Cloud SCC) is now in the "alpha" stage, announced Google's privacy and security chief Gerhard Eschelbeck in a blog post Wednesday.

The alpha designation means the product is available only in limited preview and for limited use cases. A publicly accessible beta test program will follow at some point. In the meantime, companies interested in testing Cloud SCC can apply to participate in the alpha program here.

Eschelbeck described the Cloud SCC as "a security and data risk platform for GCP [Google Cloud Platform] that helps enterprises gather data, identify threats and act on them before they result in business damage or loss."

The Cloud SCC is part of Google's effort to stem the tide of cloud data leaks that are caused as much by misconfigured security settings (i.e., user error) as they are by targeted malicious attacks.

Cloud market leader Amazon Web Services (AWS), for example, has been buffetted by a months-long string of high-profile data leaks, many of them compromising critical, personally identifiable and classified information. In most of these cases, the leaks were the result of AWS users implementing the wrong security controls on their AWS Simple Storage Service (S3) buckets.

To help protect GCP users from such errors, as well as ease their management of their cloud assets in general, the Cloud SCC performs three functions:

1. Provides a central hub to monitor an organization's entire GCP environment, including data stored in Google Cloud Storage, Compute Engine, App Engine and Cloud Datastore. It also keeps a "history of [users'] cloud assets," which is useful for catching any changes to their settings, authorized or not.
2. Gives users insight into important security information such as which storage buckets are publicly accessible, which resources are vulnerable to attacks, or which contain "personally identifiable information."
3. Lets users access information on known security threats from third-party security vendors, as well as Google's own security research team.

The Cloud SCC is free to use while in alpha, though Google's pricing documentation notes that "traffic and compute cycles generated in your deployment by Cloud SCC and associated scanners will count towards standard billing and quotas."