As we advance toward the end of the first quarter of 2021, stories of the cyber attack (which was first deployed at the end of 2019) on SolarWinds are still prevalent in the news. IT professionals are wise to be concerned about attacks of this magnitude. Attacks like the one initiated against Solarwinds pose a severe threat to governments, companies, non-profits, and individuals alike.
Ensuring security begins with providing secure infrastructure and requires the right tools and processes to avoid predictable security mistakes. Google creates this environment through its trusted cloud computing initiative, including defense-in-depth at scale, shielded virtual machines, binary authorization, and change verification.
Secure Cloud Computing Begins by Being a Role Model
A cloud service provider doesn’t hold much credence if telling others how to manage security and not following its own best practices. Google knows this. They realize that developing software safely requires drinking their own Kool-Aid. In short, they believe in leading by example.
Using tools like BeyondCorp, Google can create a zero-trust network environment. If you’re not familiar with BeyondCorp, it’s the direct result of a series of cyberattacks in 2009 known as Operation Aurora. Not unlike the Solarwinds event, it targeted some of the biggest high-tech, security, and defense contractor companies. The goal: to gain access to and potentially modify source code repositories at these organizations. On the heels of the event, Google began to reimagine its security architecture. Specifically, it looked to re-shape how employees and devices access internal applications. BeyondCorp was born.
Access to services is just one area of focus for secure software development by Google. The company has also gone to lengths to implement security keys, which prevent phishing attacks. Even its native web browser, Chrome OS, was specially designed and built to resist malware. Not only do these changes provide Google employees with a secure environment to work from, but it also demonstrates the company’s commitment to safety.
Because of these practices and others, Google is succeeding. According to a recent Forrester report, Google scored the highest among cloud providers for its strategy for native security. Only Google Cloud automatically encrypts data at rest by default, with the ability to redact sensitive data with 90+ predefined detectors.