Today, at the Google Cloud Security Summit, Sunil Potti vice president and general manager of Cloud Security for Google, unveiled the organization’s next step on its Invisible Security journey in helping enterprises to secure their software supply chain and accelerate the adoption of zero trust architectures.
Google Cloud is launching a new offering called the Assured Open-Source Software service. The new tool will enable enterprises and public sector organizations to view the OSS packages Google approves and uses within developer workflows.
These packages are regularly scanned for vulnerabilities and verifiably signed by Google to certify that they’re secure for enterprises to use.
Securing the open-source supply chain
The launch of this new open-source service comes shortly after Google participated in the White House Summit on Open-Source Security alongside the Open-Source Security Foundation (OpenSSF) and the Linux Foundation to commit to mitigating threats in open-source software, as Microsoft, Google, Intel, Ericsson, Amazon, and VMware pledged $30 million collectively to increase the security of open-source software.
Google’s support in helping to secure open-source software comes as a recognition that traditional approaches to mitigating vulnerabilities in the software supply chain have proved ineffective.
Patching security vulnerabilities in open-source software often feels like a high-stakes game of whack-a-mole: fix one and two more pop up. This helps explain research that shows that there’s a 650% year-over-year increase in cyberattacks aimed at open-source software (OSS) suppliers,” Sunil Potti vice president and general manager of Cloud Security for Google
The organization’s new solution is designed to reduce some complexity around managing open-source vulnerabilities by providing them with an external source they can call on.
Assured OSS helps organizations reduce the need to develop, maintain and operate a complex process for securely managing their open-source dependencies,” Sunil Potti vice president and general manager of Cloud Security for Google
Advancing zero-trust access
Another significant announcement made during the summit was the launch of BeyondCorp Enterprise Essentials, Google’s new zero trust access solution, that’s intended to help organizations take the first step on their zero-trust journey.
BeyondCorp Enterprise Essentials launches in Q3 of 2022 and offers enterprises context-aware access controls for applications via SAML alongside security features like data loss prevention, malware, phishing protection, and URL filtering integrated within the Chrome browser.
The solution also enables administrators to monitor users through the Chrome dashboard so that they can ensure users in BYOD, remote, or hybrid working environments aren’t at risk.
Google Cloud’s attempts to support zero trust access come as more organizations are implementing it, with research showing that 78% of companies saying that zero trust has increased in priority and nearly 90% working on a zero-trust initiative.