Un-structured Data Security — GCP is ‘The Highest Rated’ Leader as of now

As per ‘The Forrester Wave: Un-structured Data Security Platforms — Q2 2021" research, Google Cloud is offering a First-class cloud data security platform that enables customers to balance security controls and business needs

The Reports notes that “Today, there is a steady march toward truly integrated single platform offering”

As I came across this report as part of my self exploration about the ‘Cloud Security’, this drew my attention. As this is not only interesting but a good brainer, I really wanted to understand the reasons behind that big and bold research statement — And as I started reading and making some of my own notes, thought it’s a good idea to capture it over a blog for a wider audience readability and sharing. Here I’m with another small contribution to the community from my end

For this research, ‘The Forrester Wave’ looked in to 26 different criteria's to evaluate the Unstructured Data Security of the different platform providers and identified 11 most significant ones as — Broadcom, Digital Guardian, Forcepoint, Google, GTB Technologies, McAfee, Micro Focus, Microsoft, Proofpoint and Varonis — researched, analysed and scored them. The overall report shows how each provider measures up and helps security and risk professionals select the right one for their needs

Most of the organisations across the globe are expanding [or in the phase of expansion strategies] their use of the cloud services and as they are expanding, most of their sensitive data [unavoidably] moves to and lives in the cloud. These organisations use AI-driven business insights with the help of this data as it powers/helps the organisations to move ahead. Much of this sensitive data is in unstructured format and this is very challenging in most of the cases to manage and secure. We are already discussing too much about the unstructured data, Let’s understand it first:

What is Un-structured Data ? — I tried to dissect to illustrate the difference between ‘The Structured Data’ and The ‘Un-structured Data’ in the below Fig-1. I believe this is simple and self-explanatory as well

Fig-1: Structured vs Un-structured Data in a nut-shell

A Data Security Platform — To deliver on to this strategy, Google Cloud is offering comprehensive data security features engineered in to the platform. Strong security defaults are complemented by tools and capabilities that enable customers to manage security for structured and un-structured data:

• Discovery and Governance tools which help customers manage and protect sensitive data flows across the organisation
• Controls enable policies to be implemented and enforced, including customer-managed and external key management, data masking and tokenisation, and confidential computing for data in-use
• Analytics enable customers to review data usage and identify potential malicious activity
• Comprehensive audit logging
• All of the services are fully managed solutions available for Console UI and full-featured APIs

Focus On Discovery, Classification and Obfuscation — One of the critical thing for protecting the unstructured data is to identify [discovery] of the sensitive data then to Classify it and Finally Obfuscate the same

• DLP platform enables the discovery and classification of the data in real-time, on-demand, continuously and also in event-driven workloads
• Obfuscation can help protect the sensitive data like PII [Personal Identifiable Information] which is critical to many enterprise workflows. Cloud DLP helps to inspect and mast this data with techniques like redaction, bucketing, and tokenisation, which help to strike the balance between the risk and utility — this is especially crucial when dealing with the unstructured or free-text workloads. Google Cloud supports 150+ detectors to mask which can be deployed in data migrations and business workloads like real-time data collection and processing

Innovating For The Future — Google Cloud’s approach to innovation in data security is productisation of capabilities developed are successfully used for Google’s own use as well as customer control requirements. Some of the Uniqueness is highlighted below

• Encryption-at-rest — Google was the very first cloud provider to make this as default and a Global Key Management services with customer control
• Encryption protection for data-in-use — Huge research and investment focused on critical areas that further enhance the data security such as Confidential Computing. Many more such like VPC Service Controls [which provide perimeter controls to prevent data exfiltration]
• Access Transparency — First of it’s kind cloud service which allows cloud users to audit provider [CSP’s] access to their [Cloud User’s] data just as they do on-premises
• The BeyondCorp security model — A new approach to Enterprise Security to access control based on a user’s identity and context rather than a Perimeter based security — protected profile for ‘Zero Trust Access’

After researching, analyzing, and scoring “the providers that matter most” Forrester Research named Google Cloud a Leader in The Forrester Wave™ Unstructured Data Security Platforms, Q2 2021 report, and rated Google Cloud highest overall in the current offering category among the providers evaluated.

The evaluation outcome looks like below as on Q2 2021

In summary, this is what is captured about Google:

• Google offers breadth and depth with built-in data security in the cloud.
• Google Cloud Platform, Google Workspace, and BeyondCorp Enterprise have underlying data security products and features for protecting customer data.
• Google productises capabilities originally developed to secure its own business and brings a disciplined approach to product enhancements for enterprise requirements. It serves a wide range of enterprise and mid-market clients, with a focus on emphasising data protection needs by industry.
• Google further enables a Zero Trust approach with third-party integrations through its BeyondCorp Alliance of partners in device management, endpoint security, and gateways.
• It takes a broad view of DLP, which includes in-line redaction of sensitive elements in unstructured data and DLP APIs that extend support to additional data types like images or other media.
• Customer references noted Google’s ease of use, despite the multiple user interfaces and consoles to navigate.
• Customers identified its data security capabilities as feeling siloed and desired more integration across the Google ecosystem; they also wanted greater insights into where data security concerns exist and risk analysis capabilities.
• Security buyers whose organisations use Google should strongly consider looking at the variety of built-in capabilities available to them

References used:

Google Cloud Platform — Documentation

BeyondCorp — Documentation

Each topic in a nut-shell mentioned in this blog can be a big subject to explore and elaborate which is not the intention behind this blog. Hence, leaving the context limiting to the topic highlighted. If you are motivated to know more, feel free to refer to the links provided and drill to the deepest level possible.

That’s all for now — Stay safe and Thanks for taking time to read!