Google has rolled out several new security features for its G Suite and Google Cloud Platform, including a DLP system that finds and redacts sensitive data, and a service that allows organizations to manage the lifecycle of encryption keys.
Users of Google’s hosted apps are reliant on the company for the security and privacy controls, and now that more enterprises and other organizations are using those systems for sensitive functions, Google is adding more features in those areas. One of the key new security controls the company introduced during its Cloud Next ’17 event is a DLP system for the Google Cloud Platform that enables customers to scan their companies’ data for sensitive content, such as Social Security numbers or financial information, and redact it automatically.
“The DLP API lets you understand and manage sensitive data. It provides fast, scalable classification and optional redaction for sensitive data elements like credit card numbers, names, social security numbers, passport numbers, US and selected international driver’s license numbers, phone numbers, and more. The API classifies this data using more than 40 predefined detectors to identify patterns, formats, and checksums, and even understands contextual clues. The API supports text and images – just send data to the API or specify data stored on your Google Cloud Storage and Datastore instances,” Google said in its description of the system.
Google already has a DLP system like this in place for both Gmail and Google Drive and it allows corporate administrators to control the types of data that are redacted in each app. The Key Management System gives a similar level of control over the encryption keys a given organization generates and uses. The system is hosted on Google Cloud Platform and customers can manage key generation and destruction, as well as dictating how often keys are rotated.
“You can generate, use, rotate and destroy AES256 encryption keys. Cloud KMS is integrated with IAM and Cloud Audit Logging so that you can manage permissions on individual keys, and monitor how these are used,” Google said.
Google also bolstered the authentication options available for users of G Suite and the GCP by giving them the ability to force the use of a hardware token for two-factor authentication. The system enables administrators to require the use of a token such as a Yubikey secure login rather than a short code sent via SMS. The hardware option is considered more secure and more difficult for attackers to circumvent.
Image: Blue Coat Photos, CC By-sa license.