One of the biggest problems when working with the cloud is that there are too many moving parts, and often users make mistakes that leave them open to security vulnerabilities. I can be as simple as leaving a port open because you are debugging, or granting yourself admin permissions, but forgetting to lock that down. These simple mistakes may lead to a customer data breach and expose you to major financial liability.
Luckily, Google recently launched its Cloud Security Command Center for Google Cloud (S.C.C.). When enabled, it ties into all of your Google Cloud assets. It monitors your infrastructure for vulnerabilities, threats, over-granted permissions, sensitive data discovery, anomaly detection, misconfiguration detection and more.
S.C.C. gives you a security view of your entire organization’s cloud assets. These assets include App Engine, BigQuery, Cloud SQL, Cloud Storage, Compute Engine, Cloud Identity and Access Management (I.A.M.) policies, Google Kubernetes Engine, and more.
If you are looking to seek compliance such as HIPAA or HITRUST, then S.C.C. is an even more significant asset. It provides an audit trail of all the threats found, when these issues were fixed, and who marked them as fixed. This gives you accountability and transparency into how each issue was managed.
Lastly, Google Security Command Center also supports third-party security tools such as Qualsys, CloudFlare, RedLock, Forsetti and more. These tie-in to the dashboard, giving you visibility into multiple results at once.
To enable S.C, it is a very quick process. First, you have to make sure your Google Cloud Project is part of an Organization. (Learn how to do that here: https://cloud.google.com/resource-manager/docs/creating-managing-organization)
Then, go to https://console.cloud.google.com/security/command-center/welcome and click enable!
Once enabled, S.C.C. will take some time depending on your environment size (typically under one hour) and return with its findings.
In the screenshot below, you can see an example where the solution found 374 events that could be considered threats, four crypto miners running, two brute force attacks and more.
This organization is having a terrible time. Hopefully, this is not what you see when you enable S.C.C.!
While S.C.C is easy to enable, you may need to dedicate time to review and resolve any detected issues. This may require building additional services to ensure your cloud is secure. In our experience, this has ranged from implementing end-to-end encryption for compliance in the Healthcare industry to de-anonymizing personal health information, develop Disaster Recovery with automatic failover, Infrastructure as Code (IaC), and automatic periodic testing.
One of the first things we do when we start helping our customers with Google Cloud is turn on S.C.C. No project is too big or small for this; security is an essential part of any workflow and we take it very seriously. Having worked with a range of organization sizes and industries, our team has the right intuition and experience to review and resolve security issues that matter to your business.
At Bitstrapped we are a team of experts in the advisory, implementation, and management of Cloud Computing and AI Solutions. Learn more about what we do at Bitstrapped.com.