Google has announced a series of additions to its Cloud Platform infrastructure. These aim to boost overall security and ensure that a user or company's assets are protected.
First off, there is the beta version of IAP (Identity-Aware Proxy), which allows you to manage access of an application running on Google Cloud Platform (GCP) in a much more granular way as opposed to say, a VPN. It can be integrated with phishing-resistant security keys, and access can be determined by user, identity or group.
Next up is the beta version of the DLP (Data Loss Prevention) API, which allows admins to write and manage policies to scan and redact over 40 types of sensitive data. Alongside GCP, DLP is also available for Gmail and Google Drive.
Beyond these two, there is also the Key Management System for GCP, which is now generally available and allows you to "generate, use, rotate and destroy symmetric encryption keys for use in the cloud". This capability eschews the need for an on-premise key management system or hardware security module. Also generally available is Security Key Enforcement for GCP and G Suite apps, which allows you to use security keys for two-factor authentication.
Another announced security capability is Google Vault for Google Drive (and the recently-announced Team Drives), as well as Google Groups. This is an "eDiscovery and compliance solution for G Suite", which allows you to set retention policies, place legal holds and search across Drive, Gmail, Hangouts and Groups as well as export search results to "support your legal and compliance requirements".
Last, but not least is Titan, Google's purpose-built network micro-controller, which allows for more secure identification and authentication of access at hardware level.