Published in Digital transformation content on August 2019. 5 minute read

How Google Cloud secures modern end-user computing

The rise of the cloud worker means today's end-user experience looks very different from just a few years ago. Now, users are working on devices that:

  • support always-on connectivity
  • come in a variety of convenient form factors
  • provide access to corporate tools through the browser or lightweight mobile apps
  • increasingly access data that's not sitting in the company's own data centre

While this modern end-user computing environment delivers increased productivity, greater collaboration, lower overheads and improved employee engagement, it also creates new security challenges. In a Cisco survey, cybersecurity professionals rated mobile devices as the hardest enterprise asset to defend. And almost three quarters of IT leaders report their organisation has experienced a data breach due to a mobile security issue.

To address these security challenges, Google takes a layered, defence-in-depth approach:

  • Build on a strong foundation with secure cloud infrastructure. Google's 700-strong team of security experts use numerous methods to secure its infrastructure — from designing custom, tamper-proof hardware for its data centres to building the world's largest private global network and encrypting data at rest as well as in transit. Proprietary controls protect users from spam, phishing and DDoS attacks, while partnerships with other security providers let you continue to apply your existing security solutions like identity management and key management. Google Cloud's security measures are regularly validated against a range of rigorous global security and privacy standards.
  • Deploy apps that are secure by design. Google applies four guiding security principles when developing apps and tools. Apps should be:
    • proactive — automatically blocking threats that target cloud workers, such as spam and phishing attempts in email
    • intelligent — flagging up potential issues before they turn into damaging incidents, and identifying which users are affected
    • compliant — meeting stringent privacy and security standards based on industry best practices.
    • simple to secure — with security features that are quick and easy to deploy and manage, and provide the most secure configurations by default

Google also applies this approach to one of the most important elements in the cloud app layer, but one that's often forgotten: the browser. Chrome Browser is safe by design, with features like safe browsing, instant updates and sandboxing to isolate apps and prevent data leaks.

  • Grant users context-aware access. Your users are no longer just your own employees working from your own premises. You may need to give access to suppliers, partners, contractors and customers, while your own people want to work from anywhere on any device. 

    Google’s BeyondCorp security model moves access controls away from their traditional place at the perimeter of your operations and at the network layer. Instead, BeyondCorp makes decisions about whether to grant access to resources based on a wealth of inputs about the user and their device, their IP address and location, the time of day and how long they’ve been connected. You can decide, for example, that contractors can access specific systems only when they are at your premises, but that your own staff can access those systems from anywhere.

This is all powered by Google’s Cloud Identity solution, which provides a single place to manage the rules governing users, apps and devices. It also:

    • supports two-factor authentication
    • uses machine learning to identify suspicious activities
    • provides a dashboard that lets your security experts focus on the key risks
    • can be integrated with your existing enterprise management and security solutions.
  • Give users devices that are convenient but secure. Google's Chrome and Android devices, which come in a range of form factors from numerous leading manufacturers, are designed to be hard to compromise.

    A verified boot process checks that the operating system looks right every time you boot up Chrome OS. Chrome OS also automatically updates every 6 weeks, with no downtime or intervention from your IT team. Installed apps and extensions can’t modify Chrome OS, while apps on Chrome and Android are strictly sandboxed to limit the extent of any attack.

    Chrome Enterprise also allows you to set more than 200 device policies to ensure user compliance — and you can disable or lock down devices remotely if they're lost or stolen. In addition, you can control which apps users can install in your enterprise Play store, while Google Play Protect, Google’s built-in anti-malware, constantly scans for suspicious activity. No surprise that in a recent Gartner review of mobile security features, Android outscored every other platform across nearly 30 factors.

To find out more about how Google Cloud lets you adopt modern end-user computing without compromising security, read about 5 ways Google Cloud keeps your business data safe or come and talk to the security experts in our Digital Transformation team.

Delivering digital transformation success - four key ingredients


Free resources

Please download any of our resources to help with your research and project specifications