Fortinet Cloud Security for Google Cloud
Executive Summary
Organizations are modernizing their IT operations to develop applications faster
and accelerate time to innovate to maintain their competitive position in the digital
innovation era. Google Cloud provides customers with modern tools to enable
business innovation. However, cloud computing expands the digital attack surface
across hybrid and multi-cloud infrastructures. The Fortinet Security Fabric offers
organizations comprehensive security solutions to address the expanding attack
surface with integrated network, application, and cloud security in one platform.
Fortinet’s approach natively integrates security with Google Cloud, offering a broad
set of security solutions and ultimately enabling streamlined management and
automated security operations. This gives Google Cloud customers the flexibility to
run any application on Google Cloud or on-premises, while maintaining consistent
security everywhere.
Advanced Security for Google Cloud
Fortinet Cloud Security for Google Cloud provides consistent, best-in-class
enterprise security. The Fortinet Security Fabric protects business workloads across
on-premises, data centers, and cloud environments, providing multilayered security
for cloud-based applications. Fortinet Cloud Security offers network, application,
and cloud platform security capabilities in various form factors, including virtual
Fortinet security functionality is natively integrated into Google Cloud.
Google offers customers various essential security tools to address the security of
the Google Cloud infrastructure. However, as much as these tools offer effective
security capabilities for basic needs, they introduce a great deal of operational
overhead for application development teams looking to rapidly build new
capabilities and introduce products to market. Further, according to the shared
security responsibility model, Google Cloud is only responsible for protecting the
cloud’s physical infrastructure, isolating tenants, and keeping their services running.
Customers are responsible for securing applications they build in the cloud and the
services they consume. Because securing cloud resources is complex and varies by
cloud provider, cloud security failures are typically the customer’s fault.
Fortinet Cloud Security for Google Cloud helps organizations maintain a consistent
security posture in a shared responsibility model, from on-premises to the cloud.
It delivers comprehensive, multilevel security and threat protection to improve an
organization’s overall security posture and reduce misconfiguration.
Expanding Threat Landscape
Enterprise security for
Google Cloud
Enable performance and agility
with comprehensive, advanced
security and threat prevention
from on-premises to the cloud.
Continuous visibility and real-
time malware protection with
FortiEDR and Google Cloud
Security Command Center
Improve IT efficiency using familiar
tools to manage workloads and
view security threats.
Advanced network security
and threat protection
Reduce risk from advanced
threats by accessing the
latest threat intelligence from
FortiGuard Labs. Secure branch
office access to Google Cloud
with FortiGate Secure SD-WAN
and Network Connectivity Center
(NCC) Integration.
Security from the edge to
the cloud
Run applications anywhere
using consistent security with a
universal security management
pane for flexible workload
deployments.
As outlined in the 2023 Fortinet Cloud Security Report, security remains a top concern among organizations using the cloud.
In fact, 95% of surveyed organizations are concerned about their security posture in public cloud environments.
1
Key concerns
include preventing cloud misconfigurations, securing applications already in production, and defending against malware.
With a growing number of organizations using two or more cloud providers or a hybrid-cloud infrastructure, the complexity of these
challenges is compounded. Accordingly, it’s understandable why 90% of organizations say it would be helpful to have a single cloud
security platform to configure and manage security policies consistently and comprehensively across their cloud environments.
2
1
SOLUTION BRIEF
The Fortinet Security Fabric answers this need, providing continuous security from
on-premises to multiple clouds to protect Google Cloud users.
How the Security Fabric Complements Google Cloud Security
The Fortinet Security Fabric offers multilayer protection and operational benefits
for securing business workloads across on-premises, data centers, and cloud
environments. Key capabilities of the Fortinet Security Fabric for Google Cloud include:
n
Single-pane control and management
Both cloud and on-premises Fortinet Security Fabric resources can be managed
from Google Cloud. This simplicity helps eliminate human errors while reducing the
time burden on limited IT resources.
n
Single-vendor SASE
WAN connectivity with a cloud-delivered security service edge to extend the
convergence of networking and security from the network edge to work-from-
anywhere users. FortiSASE enables secure access from anywhere to the web,
cloud, and applications everywhere.
n
Protection from zero-day attacks
Secure applications from the edge to the cloud with access to the latest threat
intelligence to provide highly scalable zero- day attack protection that is fully
integrated into Google Cloud. FortiGuard Labs’ global security research team has
systems gather and analyze over 100 billion security events daily.
n
Compliance ready
Obtain insights with actionable instant security reports on targeted attacks. Meet compliance regulations for industry standards
such as Payment Card Industry Data Security Standard, Health Insurance Portability and Accountability Act, and data privacy
laws such as the European Union’s General Data Protection Regulation.
n
Fabric Connectors
Fabric Connectors enable open integration of the Fortinet Security Fabric to automate firewall and network security insertion
into Google Cloud with multiple existing components within a customer’s ecosystem. It also allows for the integration of security
intelligence services from Google Cloud.
Protect the Full Attack Spectrum
Fortinet breaks down the walls that inhibit security visibility and management between and across on-premises and cloud
environments. The Fortinet Security Fabric for Google Cloud solutions are designed to improve an organization’s security posture
and increase end-user confidence in Google Cloud environments.
They are also available via flexible procurement options:
n
Licenses purchased from a Fortinet channel partner for different products are transferrable across platforms.
n
Pay-as-you-go
Cloud Marketplace. Additionally, many products with free trials can easily be continued with PAYG pricing.
2
Fortinet Cloud Security for Google Cloud SOLUTION BRIEF
TECHNOLOGY
Security — Identity &
Endpoint Protection
2023
2020
n
Private offer
With private offers, you can simplify the procurement cycle and unlock discounts for SaaS products and VM images directly from
Google Marketplace.
The following products are available on the Google Cloud Marketplace as part of the Fortinet Security Fabric for Google Cloud:
n
FortiGate provides flawless convergence that can scale to any location: remote office, branch, campus, data center, and cloud.
Using APIs, FortiGate is infrastructure aware, enabling the configuration of high-availability environments automatically to create
Fortinet across hybrid and multi-clouds.
n
Deployed as a VM, FortiWeb protects web applications and APIs from attacks that target known and unknown vulnerabilities,
including the OWASP Top 10, zero-day threats, and other application-layer attacks.
n
Delivered as SaaS, FortiWeb Cloud includes bot mitigation and API discovery and protects public cloud–hosted web applications
from the OWASP Top 10, zero-day threats, and other application-layer attacks.
n
FortiFlex (private offer)
FortiFlex is a points-based cybersecurity licensing program that allows organizations to easily provision the services and
solutions they need on-demand. With FortiFlex, organizations are freed from having to preplan and presize their deployment
purchases and risk under-sizing or over-sizing their solutions. Instead, organizations simply purchase packages of FortiFlex
points that can then be used to deploy any solution size, in any quantity, and with any service.
n
FortiManager provides single-pane-of-glass management and policy controls across the extended enterprise for insight into
networkwide, traffic-based threats. This includes features to contain advanced attacks as well as scalability to manage up to
10,000 Fortinet devices.
n
This solution collects, analyzes, and correlates data from Fortinet products for increased visibility and robust security alert
information. Combined with the FortiGuard Indicators of Compromise Service, it also provides a prioritized list of compromised
hosts to allow rapid action.
n
FortiADC optimizes application performance using unmatched load balancing and web security. It provides global server
load balancing, link load balancing, and user authentication to deliver availability, performance, and security for enterprise
applications.
n
Cloud workloads. FortiEDR reduces the attack surface, detects and defuses attacks in real time, and supports a wide range of
customizable automation steps to remediate policy violations.
n
FortiDevSec is an application security testing product that offers comprehensive SaaS-based continuous application testing for
software developers and DevOps without the need for any security expertise. Comprehensive testing is included for SAST, SCA,
containers, IaC, Secrets, DAST, and more.
3
Fortinet Cloud Security for Google Cloud SOLUTION BRIEF
n
FortiSandbox for Google Cloud Platform enables organizations to defend against zero-day threats natively in the cloud, working
alongside network, application, email, endpoint security, and other third-party security solutions or as an extension to their on-
premises security architectures to leverage cloud elasticity and scale.
n
FortiMail VM is a complete secure email solution that protects against inbound attacks, including advanced malware, and
outbound threats and data loss with a wide range of top-rated security capabilities. It includes powerful, built-in capabilities for
spam, phishing, malware, and ransomware protection.
Use Cases for Extending the Fortinet Security Fabric to Google Cloud
The Fortinet Security Fabric offers consistent enterprise security and supports a spectrum of Google Cloud-based enterprise
use cases.
1. Network security
Implement scalable and multilayer security using a cloud security services hub. Leverage the scale and flexibility of the Google
Cloud infrastructure to build effective and low-friction security solutions.
n
n
Hybrid cloud
n
VPC-to-VPC segmentation
n
Remote access
n
Perimeter security for GKE clusters
FortiGuard Protected
Edge
Application Project
Application VPC
Application VPC
Shared Services Project
Cloud Security
Services Hub
Autoscaling
Cloud IAM
Google Security
Command Center
Container infra
GKE/Kubernetes
FortiCNP
FortiGate
Secure
Zone 1
Zone 2
FortiAP
FortiSwitch
Cloud On-Ramp
HA
HA
Users
FortiManager
FortiGate NGFW
FortiAnalyzer
VPC
Peering
FortiCASB FortiWeb WAFaaS FortiEDRFabric Connector
Anthos
Anthos
Container Infra
GKE/Kubernetes
Cloud
Interconnect
Fortinet
Security Fabric
IPsec
IPsec
HA
HTTP/S
FortiWeb WAF
4
Fortinet Cloud Security for Google Cloud SOLUTION BRIEF
2. Application and web traffic security
Protect business-critical applications from known and unknown threats, including zero-day, botnet, and API attacks. Also,
mitigate the risk from server vulnerabilities and support compliance with the latest laws, regulations, and standards.
n
API security for Apigee
n
Web application security
n
Regulatory compliance
n
Risk management
n
Bot defense
3. Endpoint protection
n
Google Cloud workload protection
n
Risk mitigation policy control
n
Next-generation antivirus capabilities
n
Real-time, automated breach protection
n
Incident response orchestration
n
Enterprise Protection to Reduce Risk
Fortinet Cloud Security for Google Cloud helps organizations maintain operationally viable, consistent security protection in a
shared responsibility model, from on-premises to the cloud. It delivers comprehensive, advanced security and threat prevention
capabilities for Google Cloud users. Continuous control and visibility through a single pane of policy management reduce
security complexity. With Fortinet Cloud Security, leaders can rest assured their security architecture covers the entirety of the
network attack surface and that their sensitive data is compliant and secure.
1
“2023 Cloud Security Report,” Fortinet.
SOLUTION BRIEF
Copyright © 2024 Fortinet, Inc. All rights reserved. Fortinet
®
, FortiGate
®
, FortiCare
®
and FortiGuard
®
, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable.
www.fortinet.com
571283-D-0-EN
Fortinet Cloud Security for Google Cloud
