How Google Cloud secures modern end-user computing

By: Ancoris says
Tag(s): Workplace
Published: Aug 13, 2019
How Google Cloud secures modern end-user computing

The rise of the cloud worker means today's end-user experience looks very different from just a few years ago.

What's changed when it comes to new ways of working?

Now, users are working on devices that:

  • support always-on connectivity
  • come in a variety of convenient form factors
  • provide access to corporate tools through the browser or lightweight mobile apps
  • increasingly access data that's not sitting in the company's own data centre

While this modern end-user computing environment delivers increased productivity, greater collaboration, lower overheads and improved employee engagement, it also creates new security challenges. In a Cisco survey, cybersecurity professionals rated mobile devices as the hardest enterprise asset to defend. And almost three quarters of IT leaders report their organisation has experienced a data breach due to a mobile security issue.

To address these security challenges, Google takes a layered, defence-in-depth approach.

Build on a strong foundation with secure cloud infrastructure

Google's 700-strong team of security experts use numerous methods to secure its infrastructure — from designing custom, tamper-proof hardware for its data centres to building the world's largest private global network and encrypting data at rest as well as in transit. Proprietary controls protect users from spam, phishing and DDoS attacks, while partnerships with other security providers let you continue to apply your existing security solutions like identity management and key management. Google Cloud's security measures are regularly validated against a range of rigorous global security and privacy standards.

Deploy apps that are secure by design

Google applies four guiding security principles when developing apps and tools. Apps should be:

    • proactive — automatically blocking threats that target cloud workers, such as spam and phishing attempts in email
    • intelligent — flagging up potential issues before they turn into damaging incidents, and identifying which users are affected
    • compliant — meeting stringent privacy and security standards based on industry best practices.
    • simple to secure — with security features that are quick and easy to deploy and manage, and provide the most secure configurations by default

Google also applies this approach to one of the most important elements in the cloud app layer, but one that's often forgotten: the browser. Chrome Browser is safe by design, with features like safe browsing, instant updates and sandboxing to isolate apps and prevent data leaks.

Grant users context-aware access

Your users are no longer just your own employees working from your own premises. You may need to give access to suppliers, partners, contractors and customers, while your own people want to work from anywhere on any device.

Google’s BeyondCorp security model moves access controls away from their traditional place at the perimeter of your operations and at the network layer. Instead, BeyondCorp makes decisions about whether to grant access to resources based on a wealth of inputs about the user and their device, their IP address and location, the time of day and how long they’ve been connected. You can decide, for example, that contractors can access specific systems only when they are at your premises, but that your own staff can access those systems from anywhere.

This is all powered by Google’s Cloud Identity solution, which provides a single place to manage the rules governing users, apps and devices. It also:

  • supports two-factor authentication
  • uses machine learning to identify suspicious activities
  • provides a dashboard that lets your security experts focus on the key risks
  • can be integrated with your existing enterprise management and security solutions

Give users devices that are convenient but secure

Google's Chrome and Android devices, which come in a range of form factors from numerous leading manufacturers, are designed to be hard to compromise.

A verified boot process checks that the operating system looks right every time you boot up Chrome OS. Chrome OS also automatically updates every 6 weeks, with no downtime or intervention from your IT team. Installed apps and extensions can’t modify Chrome OS, while apps on Chrome and Android are strictly sandboxed to limit the extent of any attack.

Chrome Enterprise also allows you to set more than 200 device policies to ensure user compliance — and you can disable or lock down devices remotely if they're lost or stolen. In addition, you can control which apps users can install in your enterprise Play store, while Google Play Protect, Google’s built-in anti-malware, constantly scans for suspicious activity. No surprise that in a recent Gartner review of mobile security features, Android outscored every other platform across nearly 30 factors.

Working with our digital transformation specialists

If you're involved in the busy day to day and your teams have been working with a process a certain way for years, it can be hard to step back to imagine doing it in a totally different way.

Got an idea to transform your business and want help bringing it to life? We’re all ears. We design, build and manage customised mobile and cloud apps to meet your specific needs – either alongside your team or for you. Our early prowess in mastering APIs led to Google itself becoming a customer and us building their Exam Platform. So not only do we know our onions but you can trust us to deliver innovation and edge in spades.

If you’d like to find out more about how we can help you with your own digital transformation journey, why not take a look at some of our customer success stories or talk to our Digital Transformation Specialists.

Delivering digital transformation success - four key ingredients


< Back to resources

Think big. Start now.

We don’t believe in Innovation, we live it. Innovation combined with pragmatism is what runs through our veins. We ask ourselves the same question over and over again: Does it deliver value? And how quickly? Your big ambitions can start now.