My Takeaway from Google Next '19 - Powerful Shielded VMs

This spring, I went to Google Next '19 for the newest tips and trends in cloud security.

istock 1128252197
Laurence Dutton

This spring, I went to Google Next '19 for the newest tips and trends in cloud security. Thousands of cybersecurity experts and cloud management professionals gathered in San Francisco to discuss innovative ways to protect modern computing infrastructure. I was pleased to participate in one breakout session where Google Cloud announced general availability of its Shielded VMs. Google Shielded VMs are hardened by a set of security controls that help defend against rootkits and bootkits. CIS provides multiple secure Operating Systems via Shielded VMs on Google Cloud Platform. Catch the full breakout session recording below, or keep reading to learn more about this powerful security option for the cloud. 

Watch the full session from #GoogleNext19

Why Cloud Security Matters

Out-of-the-box, many cloud images are no more secure than their physical counterparts. Configuration and patch management are key to avoiding cyber-attacks. Your organization should implement cybersecurity best practices such as the CIS Benchmarks to ensure secure configurations. The CIS Benchmarks provide consensus-developed security recommendations for securing more than 140 technologies.  For organizations using Google Cloud Platform, CIS has also developed a benchmark to securely configure the virtual environment. This CIS Benchmark provides prescriptive guidance to harden your infrastructure on Google Cloud Platform. 

Download CIS Google Cloud Platform Foundations Benchmark 

What are Shielded VMs?

If your organization prefers security that's baked in from the start, you may want to consider Shielded VMs. A Shielded VM is a virtual base machine securely configured using Google Cloud Platform. Shielded VMs are pre-hardened by a set of security controls that help defend against rootkits and bootkits. Your organization can enable Shielded VMs on Google Cloud to:

  • Protect VMs against advanced threats
  • Ensure workloads are trusted and verifiable
  • Protect secrets against exfiltration and replay
  • Enable live migration and patching

There is no additional cost for using a Shielded VM on Google Cloud and bring your own (BYO) image licensing is supported. Shielded VMs offer a powerful cybersecurity solution for organizations looking to quickly implement cybersecurity best practices. 

CIS Hardened Images on Shielded VMs

CIS Hardened Images, built on Shielded VM base images by Google Cloud, make working on GCP more secure than ever.

CIS Hardened Images are virtual machine images that have been preconfigured according to the security guidelines of the CIS Benchmarks. A CIS Hardened Image incorporates all of the security recommendations outlined in the CIS Benchmark applicable to the operating system. Each CIS Hardened Image includes a conformance report showing each CIS Benchmark recommendation which was applied, as well as any which couldn't be applied due to cloud restrictions. 

cis imag 1 CIS

CIS Hardened Images on Google Cloud Platform are now built on Google Cloud’s Shielded VM base images. Using Shielded VMs limits mistakes and ensures your organization is only using supported images. Google Cloud Platform will have a “trusted image” section so you can be sure you’re using images on Shielded VMs. CIS Hardened images are included and a part of these “trusted images.”

CIS Hardened Images available on Shielded VMs include:

  • Windows Server 2012 R2 Datacenter – Level 1 and Level 2
  • Windows Server 2016 Datacenter – Level 1 and Level 2
  • CentOS 7 – Level 1
  • Ubuntu 18.04 LTS – Level 1
  • Red Hat Enterprise Linux 7 – Level 1

Whether your organization is new to working in the cloud or experienced in cloud infrastructure, it's never been more convenient to start secure and stay secure with CIS Hardened Images. 

 View all CIS Hardened Images on Google Cloud Platform

steve goldSteve Gold VP, Cybersecurity Solutions

Steve Gold is Vice President of Cybersecurity Solutions at CIS® (Center for Internet Security®). Steve joined CIS in April of 2018 from Varonis Systems, where he established the company’s State, Local and Education (SLED) business. In his current position at CIS, Steve leads the organization’s efforts to promote the CIS portfolio of low-cost and no-cost cybersecurity products and services that help private and public organizations stay protected in the connected world. During his more than 20-year career, Steve has led teams responsible for developing and implementing technology solutions at some of the industry’s most recognized companies, including Dell and VMWare. His expertise includes Cloud Computing, Channel Development, Territory Management and government sales.