Security in the Cloud: Google Cloud Platform

Before Amazon entered the public cloud sphere in 2006 with AWS, the idea of cloud service providers (CSPs) and the cloud market becoming a multi-billion dollar industry was virtually unheard of. However, just a little more than a decade later companies that were once just an online book store, a software provider and leading search engine are now leading the charge in public cloud computing and continuing to grow the market quickly. In fact, Gartner estimates that the total cloud market is expected to grow from $182.5 billion in 2018 to $331.2 billion by 2022.

As we wrap up our series on security in the public cloud, this blog will dive into the unique features of Google Cloud Platform (GCP), its core services, and how it stacks up against Amazon and Microsoft.

What is GCP?

Following shortly behind AWS and Azure in terms of revenue, GCP is the third leading public cloud platform hosted by, you guessed it, Google. Born from Google App Engine, which was announced in 2008 and launched in 2011, Google eventually added more cloud-based tools and services that eventually became GCP in 2013.

Just like Azure and AWS, thanks to its scalability and competitive pricing model and myriad of reliable services, GCP is employed by businesses of all sizes. However, SMBs may find Google’s cloud offering most appealing, seeing as they are the audience the platform was initially geared toward.

GCP offers a variety of hosted services for compute, storage, and application development ran on Google hardware. However, some core cloud computing products offered by GCP include:

Google Compute Engine (GCE) is an infrastructure-as-a-service (IaaS) offering that provides a scalable number of virtual machines for clients to run workloads on Google’s physical hardware. GCE currently has three regions in the United States, Europe, and Asia with two availability zones per region. Administrators can select the region and zone where their data can be stored and used. GCE also offers a host of tools for administrators to create advanced networks on the regional level.

Google App Engine (GAE) is a platform-as-a-service (PaaS) offering that gives software developers access to Google’s scalable hosting and tier 1 internet service. Although GAE requires that apps are written in specific languages (Java or Python), and use certain Google services, software developer kits (SDKs) are available for developers to create software products that run on GAE. Non-compliance apps need to be modified to use App Engine. To further alleviate the task of writing scalable applications, GAE eliminates some system administration and developmental responsibilities.

Google Cloud Storage (GCS) is a cloud storage platform designed to store large, unstructured data sets. Customers are able to choose where their data—live or archived—is geographically stored. GCS offers four storage classes:

  • Multi-regional: this is for organizations storing frequently accessed objects, such as website content or mobile application data, in multiple data centers worldwide. The multi-regional storage class offers improved availability and access of data.
  • Regional: conversely, this is for companies storing data in one geographical location. Data is easily accessible when compute resources are in the same region. Regional storage offerings are best for compute, analytics, and machine learning workloads.
  • Nearline: this storage class is best used for backed up, archived and disaster recovery (DR) data, as this is for customers needing long-term storage for data accessed less than once a month.
  • Coldline: similarly, this offering is for those looking to store archived and DR files that are accessed less than once a year.

Ups and Downs of GCP

Although GCPs offerings are similar to the services provided by competitors like AWS and Azure, Google shines brightest when it comes to data. Are you surprised by that?

For companies looking to handle, store, and thoroughly analyze the data they’re collecting from customers, GCP is the ideal choice. Google offers a number of services that integrate with GCP to help organizations make sense of their data, including Google’s BigQuery, Dataflow and Cloud Machine Learning Engine.

Another benefit to using GCP is the company’s overall approach to security. All products, services, applications, etc. at Google, including GCP, are built with security as a core design and development feature. This concept of baked-in-security is a core principle we subscribe to at Armor as well. Applications, platforms, etc., are most secure when security is considered up front and built in to the product or service, as opposed to tacked-on at the end.

A few of Google’s platform-wide security capabilities include: authenticated access, logging, encryption, scanning, intrusion detection, and compliance certifications—just to name a few. Of course, as we’ve touched on in nearly every blog this series—and in many others—just because Google offers state-of-the-art security for its platforms does not mean the buck stops there. GCP is upholding its end of the shared responsibility model, and your organization needs to do so as well. At the end of the day, it’s your data you’re protecting.

Similar to Microsoft’s Azure, one of Google’s biggest pros is its name recognition. Google is the dominant search engine, and one of the largest networks in the world with a variety of applications and services customers can choose from. GCP is only one of them.

Perhaps Google’s biggest downfall is its lack of market share. Granted, AWS and Azure have a few years of growth and expansion on GCP, though the newest member of the big three cloud providers shot to its rank quickly. GCP also doesn’t have as many global data centers or offer the same variety of services that AWS and Azure do. However, the company is quickly expanding the number of data centers globally and continues to innovate.

According to Gartner, “clients typically choose GCP as a secondary provider rather than a strategic provider, though GCP is increasingly chosen as a strategic alternative to AWS by customers whose businesses compete with Amazon, and that are more open-source-centric or DevOps-centric, and thus are less well-aligned to Microsoft Azure.”

Growth of GCP

As mentioned above, Google Cloud Platform is continuing to grow and maintain its status as a major CSP. In fact, more than 122 announcements about new capabilities were announced at this year’s Google Cloud Next conference, including two new infrastructure regions in Seoul, South Korea and Salt Lake City, Utah. Google also unveiled its new name for GCP, Anthos, and that it will soon extend its flexibility to integrate with other CSPs including AWS and Azure—a big move for any CSP.

The Google Next ’19 event also announced the company’s commitment to security, DevOps, networking, data management, and much more. GCP may lag behind AWS and Amazon for market share, but the company is taking strides to keep up.

Throughout this series we’ve only scratched the surface of the different ways AWS, Azure and GCP can benefit your organizations cloud needs. Each platform brings its own set of unique capabilities, benefits, and even disadvantages. Armor experts are available to help you explore which platform is best for your environment and walk you through a secure cloud migration. Contact us today to learn more and get started.

Resource Center

More security resources at your fingertips.

Practical Content for Security, DevOps, & IT Professionals