Astrix is excited to announce our partnership with Google Cloud. This collaboration is all about providing protection for Google Workspace and Google Cloud services, tackling non-human access and minimizing risks like supply chain attacks, data breaches, and compliance violations.
With Astrix, organizations using Google services can now benefit from deep visibility and protection for all non-human access to core Google business platforms. This covers a range of Google platforms, from Google Workspace environments to GCP and other engineering platforms like BigQuery and Looker.
Service accounts and other non-human access credentials are the threat vector
While Google Workspace itself is innately secure, the more than 5,000 third-party integrations offered on the Google Marketplace and the vast ecosystem of non-public apps may not be.
This unmonitored non-human access to your Google Account via API keys, OAuth tokens and service accounts creates a new ecosystem of supply chain dependencies that expand your attack surface and expose your company to attacks, namely supply chain attacks. These risks also apply to your company’s Google Cloud Platform (GCP) environment which includes business critical platforms like BigQuery and Looker.
The security challenges presented in the 2023 GCAT Threat Horizon report highlight the need for a solution like Astrix in GCP environments. The report emphasizes the prevalence of leaked service account keys as a significant threat to organizations on Google Cloud.
Additionally, the Cloud Security Alliance’s 2022 “Top Threats to Cloud Computing – Pandemic Eleven” report further highlights the imperative need for key management, the principle of least privilege with scoped IAM policies, and continuous scanning and monitoring to prevent and mitigate risks – all problems Astrix tackles when it comes to non-human identities.
What makes service accounts a particularly attractive attack target?
Many service accounts require high exposure permissions, granting them access to read and modify sensitive data and oftentimes even changing configurations in your environment. These powerful credentials make these accounts a popular target of attacks; a single leaked service account can give a malicious actor access to vast resources, thus having catastrophic consequences for an organization.
While most companies tightly manage and secure user accounts, the increasing use of service accounts and other programmable access credentials introduces some unique challenges that security practitioners often struggle to cope with.
How Astrix helps secure your Google Workspace & GCP environments
With Astrix, organizations using GCP and Google Workspace services can:
- Get a full inventory of all non-human access to your Google Workspace environment, and understand the risks associated with them.
- See all domain-installed applications (apps that are installed across your entire organization) to ensure they are not risky or over-permissive and control your risk exposure.
- Get visibility and threat detection into third-party services that access specific Google Workspace services such as Drive, Gmail etc – to better remediate them.
- Identify cases of over-permissive, sensitive and redundant access of third-party OAuth apps.
- Detect anomalous activity for each token accessing your Google Workspace and remediate risks – Astrix’s behavioral analysis looks into the app’s access parameters such as geolocation, IP and user agent as well as advanced behavioral parameters such unusual usage, to detect misbehaving services and apps.
- Get alerts only on risks that expose you to supply chain attacks, data breaches, and compliance violations, and easily remediate them through automated workflows.