We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Today, at the Google Cloud Security Summit, VP and GM of Google Cloud, Sunil Potti, unveiled the organization’s next step on its Invisible Security journeyl in helping enterprises to secure their software supply chain and accelerate the adoption of zero trust architectures.
As part of this drive, Potti announced that Google Cloud is launching a new offering called the Assured Open Source Software service, which enables enterprises and public sector organizations to view what OSS packages Google approves and uses within their own developer workflows.
These packages are regularly scanned for vulnerabilities and verifiably signed by Google to certify that they’re secure for enterprises to use.
Securing the open source supply chain
The launch of this new open source service comes shortly after Google participated in the White House Summit on Open Source Security alongside the Open Source Security Foundation (OpenSSF), and the Linux Foundation to commit to mitigating threats in open source software, as Microsoft, Google, Intel, Ericsson, Amazon, and VMware pledged $30 million collectively to increase the security of open source software.
Google’s support in helping to secure open source software comes as a recognition that traditional approaches to mitigating vulnerabilities in the software supply chain have proved ineffective.
“Patching security vulnerabilities in open source software often feels like a high-stakes game of whack-a-mole: fix one, and two more pop up. This helps explain research that shows that there’s a 650% year-over-year increase in cyberattacks aimed at open source software (OSS) suppliers,” said Potti in the announcement blog post.
The organization’s new solution is designed to reduce some of the complexity around managing open source vulnerabilities by providing them with an external source they can call on.
“Assured OSS helps organizations reduce the need to develop, maintain, and operate a complex process for securely managing their open source dependencies,” Potti said.
Advancing zero-trust access
Another significant announcement made during the summit was the launch of BeyondCorp Enterprise Essentials, Google’s new zero trust access solution, that’s intended to help organizations take the first step on their zero-trust journey.
BeyondCorp Enterprise Essentials launches in Q3 of 2022 and offers enterprises context-aware access controls for applications via SAML alongside security features like data loss prevention, malware, phishing protection, and URL filtering integrated within the Chrome browser.
The solution also enables administrators to monitor users through the Chrome dashboard, so that they can ensure users in BYOD, remote, or hybrid working environments aren’t at risk.
Google Cloud’s attempts to support zero trust access come as more organizations are implementing it, with research showing that 78% of companies saying that zero trust has increased in priority and nearly 90% working on a zero trust initiative.