Google Cloud: It’s All About Cloud Security
Written by Katarina on Jul 21, 2017
MSPs should evaluate numerous different factors when migrating your clients to the cloud. Whether the main drivers are cost savings, flexibility, hardware cost avoidance, or decreased service calls, security is one of the most important considerations.
With the steady flow of news about information leaks and cyber attacks these days, you may be concerned if it’s safe to have your clients in the cloud. The truth is that ransomware can hit a business with on-premises infrastructure as well as in the cloud. What makes the difference are the security measures and best practices in place to protect your clients’ business data and operational resiliency. A key consideration is who you select as your hyperscale cloud partner. How good are they in the security arena, what security measures have they taken, and what investments have been made for world-class security, privacy, and network defense.
Google has over 15 years experience keeping their customer data safe and ensuring security and reliability of their operations. The Google Cloud Platform takes advantage of the same advanced security models and practices as Gmail, Google Search and other apps. Their Information Security Team consists of more than 750 top experts in information and network security. In addition to big internal investments, Google undergoes independent third party audits regularly to provide assurance of their levels of security, privacy and compliance.
Google segregates its public cloud by “projects”. You can imagine a project as the single-tenant and logical compute environment for each client you migrate to the cloud. Each project has it’s own Cloud firewall and internal networks. You also have an option of creating IP based rules with built-in Google Cloud firewall IPS to customize your network security.
When it comes to encryption, you can rely on Google’s default encryption that encrypts the data before it’s written to disk. The encryption keys are encrypted by master encryption keys. The keys and encryption policies are managed the same way, in the same keystore, as for Google’s production services. Google also gives you an option of using your own keys and store them locally.
Even with the greatest network and security orchestration, we shouldn’t forget the best practices when managing clients on cloud. Your own security measures are equally as important as the infrastructure’s default security, firewall and encryption. When running Windows infrastructure in the cloud, you follow all the same Windows security best practices you leverage for on-premises deployments, including installing Windows patches as they become available or enabling automatic installation. A Remote Desktop Gateway will add an extra layer of security to help ensure a secure connection to your domain. The Gateway server works as a broker and receives all the incoming traffic first to encrypt the connection before letting users connect to the domain.
We have only scratched the surface here on security considerations when moving to the cloud. However, MSPs can make the cloud more secure than even on-premises deployments with partners like itopia and Google, combined with the best-practices for securing Windows deployments.