Google is once again shoring up its security credentials with a new tool that tackles vulnerabilities in the software supply chain. The recently launched Software Delivery Shield (SDS) is an end-to-end security solution that gives developers the tools they need to lock down their cloud applications.
Created in response to growing awareness of supply chain vulnerabilities in the face of ever-more sophisticated cyberattacks, the Shield was developed in partnership with developers and public sector organizations to meet real-world challenges at every stage of the software pipeline.
Securing the software supply chain
The Software Delivery Shield focuses on five key areas:
- Application Development
- Software Supply
- Continuous Integration and Continuous Delivery
- Production Environments
- Policies
Tackling different stages of development, the various components of the SDS can be implemented and customized as needed so companies can build a security framework tailored to their own goals and capacity.
Application development
The Shield provides a secure playground for developers to test-drive their newly created software. Known as Cloud Workstations, these testing environments are fully managed and protected via integrated security controls to enhance privacy and protect code.
Software supply
Given the risks around open-source software, Google has made this a crucial part of its security program.
One of the first components of the SDS, Assured Open Source Software (OSS) was launched in May. Designed to give developers more peace of mind when using OSS, this new tool strengthens Google’s vetting and screening processes, so users know they’re accessing software that’s been thoroughly assessed and cleared beforehand.
Pipeline & production
Google’s new Cloud Build and Cloud Deploy heighten security during the production process, while Cloud Run protects applications that are already up and running.
The latter now offers Binary Authorization, which gives developers the ability to verify container images during the development process and reinforce that authorization with signature validation once deployed.
The benefits to business
Google’s SDS is ideal for companies that work with external partners across the cloud but not necessarily within the same infrastructure. It harmonizes security protocols so businesses can significantly reduce their risk and work together confidently, knowing they’re more protected from malware, viruses, and other cyber threats.
The toolkit seamlessly integrates for protection across the entire software supply chain. Still, it remains flexible enough to allow companies to adopt it piece by piece, introducing the various apps as and when needed.
“Software supply chain security is a complicated challenge,” said Michael McGrath, Google’s VP of Engineering, Application Ecosystem. “With this collection of tools across many of our cloud services, organizations can get started today and incrementally adopt better security measures, big or small, based on existing environment and security priorities, towards holistic software supply chain security.”
Our Google-certified technicians, trainers, and consultants have helped hundreds of companies integrate Google Cloud tools to streamline their workflows and enhance their security. We leverage our skills and expertise to help you find the best solutions for your business, your staff, and your clients. Get in touch today to see how we can transform the way you work.
Contact Us to Learn More about Transforming Your Business