Sunil Potti, the vice president and general manager of Cloud Security for Google, introduced the next step on their Invisible Security journey in helping companies to secure their software supply chain and accelerate the adoption of zero trust structures.
Potti has announced that Google Cloud is launching a new program called the Assured Open Source Software service. The new program will enable businesses and public sector organizations to view Google''s OSS packages and use them in developer workflows.
These packages are regularly reviewed for vulnerabilities and have been verified by Google to verify that they are functional.
Securing the open-source supply chain
The introduction of this new open-source service comes shortly after Google participated in the White House Summit on Open Source Security alongside the OpenSSF Foundation (OpenSSF) and the Linux Foundation to mitigate threats in open-source software, which included $30 million together to increase the security of open-source software.
The support from Google in assisting in obtaining open source software comes as a recognition that traditional approaches to reducing vulnerability in the software supply chain have remained ineffective.
According to Potti in the announcement blog post, patching security issues in open-source software often feels like a high-stakes game of whack-a-mole. This helps explain research that shows that there is a 650% year-over-year increase in cyberattacks aimed at open-source software (OSS).
The organization''s new solution is designed to alleviate some of the difficulties involved in managing open-source vulnerabilities by providing them with an external source they can call on.
Potti claims that a certified OSS aids organizations in reducing the need to develop, maintain, and operate a complex process for safe managing their open-source dependencies.
Advancing zero-trust access
BeyondCorp Enterprise Essentials, Google''s new zero trust access tool, was also announced during the summit, which was intended to assist organizations make the first move.
BeyondCorp Enterprise Essentials will launch in the third quarter of 2022 and provides context-aware access controls for applications via SAML, as well as security features such as data loss prevention, malware, phishing protection, and URL filtering.
Administrators may also monitor users through the Chrome dashboard so that they can ensure users in BYOD, remote, or hybrid working environments are not in danger.
Google Clouds is attempting to facilitate zero trust access as more organizations begin developing it, according to research showing that 78 percent of companies claim zero trust has increased as a priority, and nearly 90% is working on a zero trust initiative.