
Google Cloud took the wraps off new data encryption, network security, security analytics and user protection capabilities today in London for the kickoff of its Next ’19 UK conference expected to draw 7,000 attendees as its largest customer event in Europe.
The cloud provider’s announcements come on the heels of the adoption of the General Data Protection Regulation (GDPR), a law regulating data protection and privacy in the Europe Union that was implemented last year.
Google Cloud also announced the general availability of Migrate for Anthos, Apigee hybrid and Cloud Code.
Google Cloud, which launched in Europe in 2012, has cloud regions in Belgium, Finland, Frankfurt, London, the Netherlands and Zurich, where it went live in March. In September, it announced plans for a seventh region in Warsaw, Poland.
“Our cloud is designed to fully empower European organizations’ strict data security and privacy requirements and preferences,” Chris Ciauri, vice president for Google Cloud in Europe, the Middle East and Africa, said in a blog post today. “Where data resides, who has access to customers’ data, and protections for the privacy and security of customers’ data is central to our offering.”
Google Cloud customers can store data in a European region, ensure it’s not moved outside of Europe and prevent users and administrators outside of Europe from accessing their data, according to Ciauri. Customers can manage their own encryption keys and ensure they are stored in a European region.
“And with capabilities we’re introducing today, customers can store their encryption keys outside Google Cloud’s infrastructure, receive a detailed justification each time a key is requested to decrypt data and deny Google the ability to decrypt their data for any reason,” Ciauri said.
External Key Manager
External Key Manager, which will soon be in beta, will allow customers to store and manage encryption keys outside of Google Cloud.
It works with Cloud KMS and lets customers encrypt data in BigQuery and Google Compute Engine with encryption keys that are stored and managed in a third-party key management system outside of Google’s infrastructure.
“External Key Manager provides an audit trail of key access, use and location, so you can document crypto operations for auditors to support your governance and compliance processes,” said Sunil Potti, vice president of engineering for Google Cloud Security.
Key Access Justifications
Key Access Justifications, which let customers decide when and why their data can be decrypted, works with External Key Manager and is coming soon to alpha for BigQuery, Google Compute Engine and at-rest Google Persistent Disk.
“It provides a detailed justification each time one of your keys is requested to decrypt data, along with a mechanism for you to explicitly approve or deny providing the key using an automated policy that you set,” Potti said. “Using External Key Manager and Key Access Justifications together, you can deny Google the ability to decrypt your data for any reason.”
New Google Cloud Armor Web Application Firewall
Google Cloud unveiled new application firewall capabilities for Google Cloud Armor, its distributed-denial-of-service and application defense service.
“You can now configure Cloud Armor policies with geo-based access controls, pre-configured WAF application protection rules to mitigate OWASP Top 10 risks and a custom rules language to create custom Layer-7 filtering policies,” Potti said.
Protecting G Suite and Cloud Identity Users
Google also has opened its Advanced Protection Program – it’s strongest protection for users at risk of targeted attacks -- to G Suite and Cloud Identity customers.
“With the Advanced Protection Program for the enterprise, we’ll enforce a specific set of policies for enrolled users, including security key enforcement, blocking access to untrusted apps and enhanced scanning for email threats,” Potti said.
“We’re also introducing app access control, helping you reduce the risk of data loss by limiting access to G Suite APIs to third-party apps you trust,” he said. “You can also more easily manage and restrict which Google APIs are available for use by third-party and customer-owned apps, and see which apps are verified by Google.
General Availability Of Migrate For Anthos
Google Cloud announced the general availability of Migrate for Anthos, which helps customers to migrate to the cloud and modernize with containers simultaneously. It’s available at no additional cost and can be used with or without an Anthos subscription.
Migrate for Anthos provides a quick, low-friction pathway to move and convert physical servers or virtual machines from sources including on-premise, Amazon Web Services, Microsoft Azure or Google Compute Engine directly into containers in Google Kubernetes Engine, , according to Google Cloud product management vice president Jennifer Lin and Pali Bhat, vice president of product and design.
“Migrate for Anthos makes it easy to modernize your applications without a lot of manual effort or specialized training.,” Lin and Bhat said in a blog post today. “After upgrading your on-prem systems to containers with Migrate for Anthos, you’ll benefit from a reduction in OS-level management and maintenance, more efficient resource utilization and easy integration with Google Cloud services for data analytics, AI and ML and more.”
General Availability Of Apigee Hybrid
Apigee hybrid, which lets users manage application programming interfaces (APIs) on-premises, on Google Cloud Platform or a mix of both, is now generally available.
“To drive modernization and innovation, enterprises are increasingly adopting API-first approaches to connecting services across hybrid and multi-cloud environments,” Lin and Bhat said, noting Apigee hybrid provides for flexibility to deploy API runtimes in a hybrid environment, while using cloud-based Apigee capabilities including developer portals, API monitoring and analytics.
“Apigee hybrid can be deployed as a workload on Anthos, giving you the benefits of an integrated Google Cloud stack, with Anthos’ automation and security benefits,” they said in their blog post.
General Availability Of Cloud Code
Cloud Code, now generally available, allows for easier Kubernetes development, letting developers write, debug and deploy code to Google Cloud or any Kubernetes cluster through extensions to popular integrated developer environments (IDEs) such as Visual Studio Code and IntelliJ.
“Developers are most productive while working in their favorite IDE,” Lin and Bhat said. “By embracing developers’ existing workflow and tools, Cloud Code makes working with Kubernetes feel like you are working with a local application, while preserving the investment you’ve made to configure your tools to your own specific needs. Cloud Code dramatically simplifies the creation and maintenance of Kubernetes applications.”
Cloud Code also speeds up development against Kubernetes by extending the edit-debug-review “inner loop” to the cloud.
“You get rapid feedback on your changes, ensuring that they’re of high quality,” Lin and Bhat said. “And when it comes to moving code to the production environment, Cloud Code supports popular continuous integration and delivery tools like Cloud Build. “
And Cloud Code’s connected debuggers and cluster-wide logging help users diagnose and address issues using their favorite tool, without the need for a deep understanding of Kubernetes, they said.
related stories
trending stories
Video
sponsored resources

Cloud PPG Showcase

100 People You Should Know Showcase

APC by Schneider Electric
IoT Platforms 360

Vertiv
Edge Computing 360

Best of Breed Showcase

Annual Report Card Showcase

NexGen Showcase

Symantec
Symantec Business Security Learning Center

ConnectWise
ConnectWise

RSA
RSA

NPD
Industry Trends 360

AT&T Cybersecurity
Cloud Security 360

Comcast
Comcast Business Learning Center

NetApp
NetApp Data Driven Learning Center

Silver Peak
Silver Peak Learning Center

BlackBerry Cylance
BlackBerry Cylance Learning Center

ID Agent
Managed Security 360

Wasabi
Wasabi

HP Inc.
HP Toner and Ink

Sophos
Sophos Cybersecurity Learning Center

Storagecraft
Disaster Recovery Learning Center

Eaton
Eaton Learning Center

Lenovo
Lenovo Learning Center

Scale Computing
Scale Computing Learning Center

SonicWall
Network Security 360

Cohesity
Cohesity Learning Center

Sherweb
Cloud Partner Programs 360

Dell EMC
Software-defined Data Center 360

Carbonite
Cloud Storage 360
Women of the Channel Showcase
