Security scenarios & solutions
Google Cloud solutions helps organizations address the most challenging security scenarios, drawing on what we've learned from protecting eight global businesses with more than one billion customers.
Protect
Phishing
Phishing is an attempt to obtain sensitive information by sending email from spoofed addresses.
-
Email filtering with Gmail
99.9% of spam and malicious email gets filtered out and never makes it to your employees' inboxes.
Watch demo -
Two-Step Verification (2SV) and Security Keys
Even if an employee's security credentials are compromised, 2SV helps prevent hackers from accessing the account without a physical Security Key.
Watch demo -
Safe Browsing
Chrome Browser displays warnings to deter your employees from visiting sites suspected of phishing or hosting malware.
Watch demo -
Cloud Identity-Aware Proxy (Cloud IAP)
Limit an attacker's ability to access applications with granular identity-based controls.
Ransomware
Ransomware is malware that encrypts data on a user's computer. Criminals demand payment to decrypt the data and restore access.
-
Safe Browsing
Chrome Browser displays warnings to deter your employees from visiting sites suspected of hosting malware.
-
Google Drive
Drive's desktop client, Drive File Stream, backs up local files, so "clean" versions of any infected files can be easily restored.
-
Sandboxing
Chrome Browser prevents malware like ransomware from spreading across a user's system by isolating the threat to one tab.
-
Security Partners
Google partners with endpoint protection leaders like CrowdStrike and TrendMicro to provide additional layers of protection.
-
Chrome OS
With each reboot, Chrome's Verified Boot makes sure the OS hasn't been compromised. If malware is detected, it will revert back to the most recent version of the operating system.
Denial-of-service
A Denial-of-service (DoS) attack is an attempt to render your service or application unavailable — for example, by flooding your application with an overwhelming volume of traffic.
-
Cloud Load Balancing
Google Cloud Platform's robust, global infrastructure mitigates infrastructure DDoS attacks, such as SYN floods, IP fragment floods, and port exhaustion.
-
Cloud CDN
In the event of DDoS attacks on cacheable content, requests are sent to POPs all over the globe to help absorb the attack.
-
Cloud Armor
Provides scalable defense against application-aware and multi-vector attacks using IP blacklists and whitelists, geo-based access control, SQL injection and XSS defense, and custom rules.
-
Scaling to absorb attacks
Multi-region application instances increase surface area to absorb attacks. Auto scaling handles traffic spikes seamlessly.
-
Third-party DDoS defense and WAF solutions
Partner solutions available on GCP Marketplace integrate seamlessly into deployments and add specialized protection.
Control
Data exfiltration
Data exfiltration is the unauthorized transfer of sensitive information from your organization by an external attacker or a malicious insider.
-
Cloud Data Loss Prevention (DLP) API
Cloud DLP discovers, classifies and protects sensitive data such as financial records and Personally identifiable information (PII) across your organization.
-
VPC Service Controls
Isolate GCP resources from one another with fine-grained network policies.
-
Cloud Identity & Access Management (IAM)
-
Forseti Security + Cloud Security Command Center (beta)
Forseti scans GCP resources to ensure that appropriate access controls are in place. Cloud Security Command Center provides centralized reporting of security events to spot potential threats to your data and applications.
Smart access from anywhere
Context-aware access combines information about users and data sensitivity to make intelligent access control decisions.
-
Cloud Identity
Manage user accounts, authenticate users, enable single-sign on, and manage devices.
-
Cloud Identity-Aware Proxy (Cloud IAP)
Control access to applications and resources based on user's identity and contextual attributes like location, network, and device status.
-
Access Context Manager
Create granular access control policies based on attributes like user location, IP address, and endpoint security status.
Security monitoring
Organizations need to see vulnerabilities, threats, and incidents in order to assess risks and prioritize corrective action.
-
Cloud Security Command Center (beta)
Gather, integrate, analyze, and act on unified security information (e.g., scans, notifications, and third-party feeds) from a single dashboard. Integrate with leading third-party solutions from Cavirin, Cloudflare, and Redlock to enhance security assessment and detection.
-
Cloud Security Scanner
Find security vulnerabilities in your web applications during development before they're deployed.
-
G Suite Security Center
Monitor your G Suite domain for security threats. View security analytics and act on best practice recommendations.
-
Cloud Audit Logs
Trust the immutable trail of audit events empowering your organization with "Who did what, when, and where?"
Comply
Independent Verification
Google regularly undergoes audits of our security, privacy, and compliance controls.
Security resources
New research: How to evolve your security for the cloud
Google Cloud's approach to security: An overview
Google Cloud security whitepapers
Security at scale with cloud computing: A minute in the life of Google
Google Cloud and the General Data Protection Regulation
G Suite security & trust
Get started
Work with Google
Tell us about your business, and our experts will help you build the right solution for your needs.
Work with a partner
Choose one of our global partners to integrate our services with your current security operations, add functionality and specific expertise in data protection, identity and user protection, infrastructure security, scanning, monitoring, logging, and more.
Interested in becoming a partner? Apply here.
