Зарегистрируйтесь сейчас для лучшей персонализированной цитаты!

Google is trying to solve the software supply chain security problem

11 октября 2022 г Hi-network.com
Source: Google

Building software is challenging work that takes a range of different tools, libraries and other components referred to as the 'software supply chain'. Any weak link in that supply chain can lead to cyber breaches with major consequences -- such as the 2020 SolarWinds breach that targeted a wide range of entities, including parts of the US government. 

On Tuesday, Google Cloud shared how it's helping its customers take on the problem with a package of tools that help secure the software development process. The company unveiled the Software Delivery Shield during the Google Cloud Next conference. 

Google

  • Google Pixel 8 Pro review: This phone sold me on an AI-powered future
  • Pixel 8 Pro vs. Pixel 7 Pro: Is it worth the upgrade?
  • The best Android smartwatches you can buy (including the Pixel Watch 2)
  • 5 ways upgrading to Pixel 8 Pro made me happy I paid the higher price

Software Delivery Shield is a fully managed software toolkit designed for developers, DevOps teams and security teams. It includes services that cover five different parts of the software development process: application development, software "supply," continuous integration (CI) and continuous delivery (CD), production environments, and policies. Organizations don't have to sign onto using the entire package at once -- they can pick and choose the tools they need. 

Also:The scary future of the internet: How the tech of tomorrow will pose even bigger cybersecurity threats

As part of the whole package, Google is introducing in preview a new service called Cloud Workstations, which offer fully managed development environments. Developers can access the customizable environments via a browser, while IT and security administrators can provision, scale and manage them on Google Cloud infrastructure. The environments come with built-in security measures, such as VPC Service Controls, no local storage of source code, private ingress/egress, forced image updates, and IAM access policies.

Software Delivery Shield also includes Artifact Registry for DevOps teams to manage and secure build artifacts, platforms such as Cloud Build and Cloud Deploy for securing the CI/CD pipeline, as well as platforms like Google Kubernetes Engine (GKE) and Cloud Run for securing runtime environments. 

Google Cloud introduced other security tools on Tuesday, including Confidential Space -- an extension of its Confidential Computing portfolio. Google by default keeps all data encrypted when it's in transit and at rest. Confidential Computing keeps it encrypted while it is processed. 

Confidential Space gives data contributors control over how their data is used and which workloads are authorized to act on it. Workload operators and cloud providers are not able to influence the workload in any way. The tool can help organizations that want to share sensitive data without putting it at risk -- data such as protected health information, personally identifiable information or intellectual property. For instance, healthcare companies could use it to collaborate on the development of pharmaceuticals. 

Google is also introducing a new software suite called Chronicle Security Operations for detecting, investigating and responding to cyber threats. It brings together a range of capabilities, including incident management from Google's Mandiant acquisition, as well as the security orchestration, automation, and response (SOAR) tools from the company's recent Siemplify acquisition.

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Горячие метки: Технологии и оборудование Безопасность и охрана

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.