As developers use Vertex AI, Google Cloud’s end-to-end AI platform that includes intuitive tooling to build the next generation of AI applications, IT teams are called on to bolster cloud infrastructure security. Aligned with the Secure AI Framework (SAIF) we introduced last year, Google want to share approaches and tools customers can use to help secure AI models, products, and technologies.

Google recommend starting with Google Cloud’s Organization Policy Service. Organization policies define constraints on how cloud resources can be configured, and include Vertex AI-specific policies that keep developers operating within centrally-defined guardrails.

Security Command Center Premium, our built-in security and risk management solution for Google Cloud, now works with organization policies to provide near real-time detection of changes to policies and to AI resource configurations; either of which could increase cloud risk. These new Security Command Center capabilities are now generally available.

Protecting Vertex AI applications with preventative and detective controls

Because Security Command Center is built into the Google Cloud infrastructure, it delivers visibility of AI workloads and applications without relying on point-in-time snapshots that can quickly become stale. This is important because you cannot protect AI workloads that you cannot see.

Once discovered, Security Command Center uses first-party knowledge of Vertex AI architecture and service operations to deliver posture controls specifically designed and recommended for Vertex AI workloads.

Unlike legacy cloud security products that often treat AI applications like any other workload, Security Command Center’s new capabilities include out-of-the-box security controls that can be applied in a single click. It offers continuous monitoring to detect when Vertex AI resource configurations violate security policies. Alerts are then automatically generated when the configuration of core AI infrastructure drifts from security best practices, such as when:

  • Newly-created Vertex AI Workbench notebooks permit access via public IP addresses
  • Workbench instances enable file download operations
  • Access privileges to Vertex AI workloads are changed

Security Command Center also notifies security managers when policies have been changed, which can help teams to quickly determine whether posture controls have been relaxed due to policy misconfiguration or malicious intent. Additionally, it supports Security Health Analytics (SHA) to identify common misconfigurations and vulnerabilities across other services used by AI workloads, including compute, storage, and networking.

Combining near real-time detection with preventative posture policies provides defense-in-depth security for AI workloads in a single solution. To make it easier to strengthen the security of Vertex AI implementations, relevant security findings are highlighted in a dedicated card in the Security Command Center UI. This at-a-glance view of the AI security status can help security teams to monitor their risk posture.

https://storage.googleapis.com/gweb-cloudblog-publish/original_images/ai_workload_findings_1.jpg

Spotlight of Vertex AI security findings in Security Command Center

Responding to Vertex AI security events

When Security Command Center detects a Vertex AI workload running outside of established security guardrails, built-in risk analysis tools can be used to assess the situation and recommend next-step remediation. This includes attack path simulation that mimics how a real-world attacker could access and compromise Vertex AI workloads.

Security teams can visualize how an attacker could exploit specific gaps in cloud defenses to access high-value assets. It also provides an attack exposure score to help prioritize remediation.

Additionally, Security Command Center provides reporting to show the security posture of Vertex AI workloads. Reports can be customized for specific folders, projects, or assets so they can be shared with the right application or devsec team.

Posture controls for common compliance standards

In addition to protecting AI workloads, Security Command Center also includes out-of-the-box policy sets for compliance standards that can be applied to other types of cloud applications. Detective controls support common standards, such as:

  • CIS 2.0
  • CIS Kubernetes Benchmark v1.5.1
  • NIST SP 800-53
  • ISO 27001
  • PCI DSS