Google released Software Delivery Shield this week, adding a new set of capabilities to Google Cloud that ensures developers can focus on writing code while adhering to security policies across the delivery pipeline.
Recent attacks such as Log4j, SolarWinds and Mimecast have cemented the importance of software supply chain security beyond the coding environment. Complicating the matter, however, is the ubiquity of open source and its dependencies, said Thomas DeMeo, director of product management for platform development tools at Google Cloud at this week’s Google Cloud Next 2022.
To tackle this issue, a new modular set of capabilities called Software Delivery Shield (SDS) addresses security concerns across five major areas: application development, software supply, CI/CD, production environments and policies.
SDS tools include Cloud Workstations, a fully managed development environment with built-in security measures such as forced image updates; Artifact Registry to manage and secure artifacts; and Cloud Build and Cloud Deploy to help to secure the CI/CD pipeline.
SDS takes risk out of development, said Holger Mueller, an analyst at Constellation Research.
“Nobody likes and wants nighttime or weekend fire drills because some library someone put in years ago broke something,” Mueller said. “SolarWinds is a prominent example of that.”
Scott Beeker, a self-employed full stack software engineer and conference attendee, said SDS features such as binary authorization, which ensures deployment of only trusted container images, should become the new standard across teams.
The additional added security across the software supply chain, especially when dealing with open source software dependencies across organizations, is a necessity in today’s world. Scott BeekerFounder, Self-employed
“The additional added security across the software supply chain, especially when dealing with open source software dependencies across organizations, is a necessity in today’s world,” he said.
Managing the environment with Cloud Workstations
Cloud Workstations, which is in public preview, adds a managed development environment to the Google Cloud Platform. This gives developers a preconfigured yet customizable cloud environment, DeMeo said.
Cloud Workstations, which manages the developer environment with enforced security measures, is a standout feature of SDS, said Larry Carvalho, a consultant at Robust Cloud LLC.
“Configuring a workstation increases the possibility of any developer bringing their favorite tools but needing to be thoroughly vetted,” he said.
While more vetting may not be popular with developers, locking this environment with SDS reduces the likelihood of vulnerabilities at the beginning of a software development lifecycle, Carvalho said
SDS will work alongside other Google Cloud services such as Cloud Deploy, a fully managed CD platform, and Cloud Code, a family of IDE plugins. It will also be integrated with Cloud Run, a runtime platform for containerized applications. This means developers can connect to Google Cloud services faster. For example, developers can configure domains with a load balancer or connect to a Redis cache in a single click, DeMeo said.
The result is increased developer productivity. “Serverless platforms like Cloud Run allow developers to focus more on code and less on ‘plumbing,'” Constellation Research’s Mueller said.
Overall, SDS will be worth using with one caution, said Leonid Ivankin, an Android developer at MTS Group, a mobile telesystems company. Enterprises that adopt the tool lock into Google as a vendor, he said.
“Do not forget that now Google itself controls your development process,” he said.
SDS is included in a Google Cloud subscription, the cost of which varies depending on usage. A free tier is available but comes with restrictions such as 120 cloud-build minutes per day.
However, Google’s SDS isn’t the only option for securing the supply chain. Startups that target multi-cloud environments include Endor Labs, Chainguard and Valence.
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
