Google Next London started yesterday and runs through today, and while obviously on a much smaller scale than the main Google Cloud Next in July, Google still made some identity and security announcements worth looking at.
Identity gets the most attention
There were three new identity features at Google Next London: Cloud Identity for Customers and Partners (CICP), Secure LDAP in Cloud Identity, and context-aware access for Cloud Identity-Aware Proxy (IAP). Betas for all three will go live in the coming weeks.
Cloud Identity for Customers and Partners
CICP is a brand-new feature that happens to be aimed more at application developers than EUC admins, but either way, customer and partner ID is a strong segment for other IDaaS providers, so it makes sense as their next product.
CICP will allow developers to add IAM functionality into their apps and keep user accounts protected, with the ability to scale up that you would expect from Google. The platform can actually work with a range of identity providers, such as Google, Facebook, Twitter, SAML, and more generic access methods like email/password and phone. Two-factor authentication will also be added down the road.
Secure LDAP in Cloud Identity
This feature, coming to G Suite and Cloud Identity customers, drew my interest as it shows Google is continuing to go after traditional enterprise apps.
Secure LDAP allows Google Cloud Identity customers to securely access both SaaS apps and traditional apps with one set of credentials, with the ambition that they could eventually eliminate the need to have two identity management systems. Nearly any app able to support LDAP over SSL will work with Google’s secure LDAP. Some apps that already work include JAMF, Splunk, and OpenVPN.
This is yet another big step towards helping customers with their legacy requirements. In other words, GCP isn’t just about doing the shiny new thing—it’s about bringing your old stuff into the future, too.
Context aware access for Cloud Identity-Aware Proxy
The beta will only be for apps currently hosted on Google Cloud Platform, but Google said there are roadmap plans for integration with Cloud Identity, Cloud IAM, and VPC Service Controls. I mention this identity feature last because Google announced context aware access at Google Next and Jack covered it.
Context aware access allows organizations to define and enforce granular access to GCP workloads and G Suite based on a user’s identity and the context (location, device security status, etc.) of their request.
Getting granular with security
There were a couple smaller announcements regarding security from Google Cloud Next London: new GCP policies and Alert Control for G Suite.
With the new GCP policies, you can restrict geographical regions where IT can create GCP resources, as well as limit which domains have access to GCP resources. The policies will make easier companies that also work in heavily regulated countries like Germany.
Alert Control for G Suite, which will be in beta soon and come with G Suite, offers IT a dashboard that aggregates security alerts relating to G Suite. Some example alerts include increase in phishing activity and suspicious behavior on devices. G Suite Enterprise edition users can use the dashboard to fix some of the security issues.
Traditional enterprise getting love from Google
Like we said back at Google Next, Google is doing a lot to cater towards the more traditional enterprise side; so these ongoing refinements are worth highlighting.
Microsoft may get a lot of love any time it eases the transition to the cloud (for example, the recent Win32 app management announcements from Ignite were just on my mind) but Google is showing that they get this too, and they understand traditional apps aren’t going away anytime soon.