Google Cloud announced the launch of its Assured Open Source Software service at today's Summit, which provides enterprises and government users with access to the same vetted open-source packages that Google uses in its projects.
These packages, according to the company, are regularly scanned, analyzed, and fuzz-tested for vulnerabilities, and they are built with Google Cloud's Cloud Build service with evidence of SLSA compliance (SLSA stands for "Supply-chain Levels for Software Artifacts," a framework for safeguarding artifact integrity across software supply chains).
Google also signs and distributes these packages through its secure registry. According to Google's announcement today, "Assured OSS helps organizations reduce the need to develop, maintain, and operate a complex process for securely managing their open source dependencies."
BeyondCorp Enterprise Essentials, an updated version of Google Cloud's BeyondCorp Enterprise Zero Trust solution, is also now available. According to the company, it includes features such as context-aware access controls for SaaS applications and other SAML-connected services, threat and data protection capabilities, data loss prevention, malware, and phishing protection.
Finally, Google has introduced a new Security Foundation solution for enterprises, to make it easier for them to adopt Google Cloud's security capabilities. It joins Google's other ready-made solutions, which have previously focused on specific industries (retail, media, and entertainment, financial services, etc.) rather than this more general security-focused package.
"This solution is aligned to the prescriptive guidance from our Google Cloud Cybersecurity Action Team, and codified in our Security Foundations Blueprint, so you get the controls you need for data protection, network security, security monitoring, and more to help make your deployments secure from day one — and do it more cost-effectively," Google says.