Google Steps Up Insider Threat Protection

Mitch Wagner
10/3/2017

Google is making it easier for cloud security administrators to protect against insider threats and enhance user productivity, by granting users the permissions they need to do their jobs -- and only those permissions.

Google (Nasdaq: GOOG) has today introduced custom roles for Cloud Identity & Access Management (IAM), allowing enterprises to control 1,287 public permissions across Google Cloud Platform services.

"This helps administrators grant users the permissions they need to do their jobs -- and only those permissions," according to a post on the Google Cloud Platform blog scheduled to go live Tuesday. "Fine-grained access controls help enforce the principle of least privilege for resources and data on GCP. "

Photo by Tobias Haase from Hanover, Germany (Google, Mountain View, California) [CC BY 2.0], via Wikimedia Commons
Photo by Tobias Haase from Hanover, Germany (Google, Mountain View, California) [CC BY 2.0], via Wikimedia Commons

IAM offers the roles of Owner, Editor and Viewer for GCP users. Google calls those "primitive roles." Additionally, Google provides more than 100 "predefined roles" with sets of permissions needed to complete different tasks on GCP. "For example, the Cloud SQL Viewer predefined role combines 14 permissions necessary to allow users to browse and export databases."

"Custom roles complement the primitive and predefined roles when you need to be even more precise," according to the blog post, which is signed by Rohit Kare, GCP product manager. "For example, an auditor may only need to access a database to gather audit findings so they know what data is being collected, but not to read the actual data or perform any other operations."

Related posts:

— Mitch Wagner Follow me on Twitter Visit my LinkedIn profile Visit my blog Follow me on Facebook Editor, Enterprise Cloud News


Keep up with the latest enterprise cloud news and insights. Sign up for the weekly Enterprise Cloud News newsletter.


(4)  | 
Comment  | 
Print  | 
Related Stories
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
kq4ym
kq4ym
10/30/2017 | 5:25:02 PM
Re: Permissions have been around for... decades?
It does seem that if there's a will there's a way for finding those passwords no matter how complex we come up with preventative methods. I do wonder though if even longer PWs will even solve the problem over the long term. Eventually some breakthrough may come about that's simple but elegant to sove the problems.
mhhfive
mhhfive
10/3/2017 | 7:57:39 PM
Re: Permissions have been around for... decades?
It doesn't help, though, that password security has evolved over the last couple decades, too. It's not just about avoiding dictionary words anymore.... Brute force attacks have made even random characters a bit weak.

If only passwords systems were a bit more standardized on 16+ character password lengths, then at least brute force methods would have to search a much larger space. 

Maybe we should have a 140-char password requirement.. so everyone's password could also ba a tweet.... (and even Twitter is doubling its max char length!)
Mitch Wagner
Mitch Wagner
10/3/2017 | 5:36:59 PM
Re: Permissions have been around for... decades?
Permissions are a piece of the puzzle. But only a piece. 

User education goes only so far. We've been telling people about password security for 25 years. They don't listen. 
mhhfive
mhhfive
10/3/2017 | 12:57:11 PM
Permissions have been around for... decades?
So.. all sorts of systems have had user permissions for a while now, and security hasn't exactly been a "solved problem" just because some users have been prevented from unauthorized read/write/execute privileges.

I'm assuming there must also be some additional processes that go along with these permission settings that actually make things more secure? Perhaps some end user education about how to avoid phishing attacks or malware or not to rely on default password/permission settings? 
More Blogs from Wagner’s Ring
We're packing our bags for Dallas, for our cleverly named Network Virtualization and SDN Americas conference, but first we sat down to talk about NV, SDN and our favorite travel snack.
Will Apple's new iPhone 11 grow telco profits? Will Apple TV+ compete in a crowded OTT market? And why does everybody have fabulous hair in an Apple TV+ series where civilization has collapsed because everybody in the world is blind?
After years of defending itself against US spying accusations, Huawei claims the US government is spying on it.
The satellite network operator is looking to the Open Networking Automaton Platform (ONAP) to automate connecting its space-based network with terrestrial operators.
VMware's been shopping this summer, buying three cloud and networking startups that will bolster its telco strategy.
Featured Video
Upcoming Live Events
December 3-5, 2019, Vienna, Austria
December 3, 2019, New York, New York
March 16-18, 2020, Embassy Suites, Denver, Colorado
May 18-20, 2020, Irving Convention Center, Dallas, TX
All Upcoming Live Events