Google is making it easier for organizations to keep track of user and administrator activity across almost its entire stack of enterprise cloud applications and services.
The company this week announced beta availability of its Cloud Audit Logging technology on Google Compute Engine, Container Engine, Cloud DNS, Storage, Cloud Key Management Services and other cloud services.
The integration of the logging capability with these services will give organizations a way to keep tabs on who is accessing corporate data in the cloud and how, what they did with that access, where and when.
“Cloud Audit Logging offers enterprises a simple way to track activity in applications built on top of [Google Cloud Platform], and integrate logs with monitoring and logs analysis tools,” Google product manager Joe Corkery noted in an announcement on the company's Cloud Platform Blog.
Further reading
Google Cloud Audit Logging basically offers two log streams for each product with which it is integrated. One is an administrator activity log stream while the other is a data access log generated automatically by the Google cloud service.
The Admin Activity log contains entries for all actions that an administrator might take to modify the configuration of a service or to the metadata associated with the service. The log is enabled by default on all Google cloud services and is visible to others on the same service, according to a Google description of the feature.
The Data Access log meanwhile records Application Programming Interface (API) calls that read, create or modify all user-provided data in a database managed by the service. These logs have more limited visibility than Admin Activity logs and typically only a service administrator or project owners can view them according to Google.
Presently, only Google's BigQuery data analytics service generates data access logs, but soon other services will do so as well, Corkery said.
Google offers administrators a couple of options for interacting with audit logs. One way is to view them at a high level via the Cloud Console Activity page for a particular project or service while the other is use Google's Stackdriver Logs Viewer, Corkery said. The latter option allows administrators to conduct free text searches of activity and data access logs and to filter them by name or resource type or other characteristics.
This week's announcement significantly expands the number of Google cloud services that now support Cloud Audit Logging. It highlights the company’s ongoing efforts to make itself a more attractive cloud service option especially for enterprise buyers.
Analysts have long considered capabilities like audit logging, cloud encryption, key management and security capabilities such as access control and management critical must-haves for enterprise cloud service providers.
Google's cloud services business has been growing at a healthy clip over the past two or three years. According to market research firm Synergy Research Group, Google and Microsoft with its Azure had much higher growth rates than any other major cloud service provider through the third-quarter of 2016.
Still, Google's market share is considerably smaller than that of Amazon Web Servies, which with 45 percent has twice the worldwide market share of Google, Microsoft and IBM combined in the public infrastructure-as-a-service space.
In the public platform-as- a- service space and managed private cloud market, Google presently is still struggling to even break into the ranks of the top four vendors.
