Google knows that if enterprises are going to move their critical services to its cloud, then it has to offer something that AWS doesn’t. At Google Cloud Next, the company’s leadership made the case that Google Cloud was the most secure cloud.

At the conference this week, Google unveiled tools that would let IT teams provide granular access to applications, better manage encryption keys, and enforce stronger authentication mechanisms for applications running on Google Cloud. While Google is just playing catch-up to Amazon with the Key Management System for GCP, it is stepping into uncharted territory with Data Leak Prevention API by giving administrators tools that go beyond the infrastructure to protect individual applications. Google is tackling the identity access management challenge differently from Amazon, and it will be up to enterprises to decide which approach they prefer.

Google is clearly looking at security as the way to differentiate itself from other cloud infrastructure providers. It isn’t protecting only the underlying hardware and virtual machines; it will protect the applications running on them, too.

Protecting sensitive data everywhere

The DLP API, now in beta, will let IT teams identify and redact any piece of sensitive information that may be in applications running on GCP. The DLP technology performs deep content analysis to find matches against the list of more than 40 sensitive data types, such as credit card and account numbers or contact information, and it lets administrators decide how best to protect that information. The screenshot in the shows how DLP API redacts information in a document, such as a person’s name, email address, and mobile phone, Social Security, and credit card numbers.

reaffirms Google’s cloud security strategy. In many cases, Google is its own customer on Google Cloud: It rolls out security tools for G Suite and Gmail, then makes them available to enterprises on GCP. 

Cloud security is a shared responsibility, with the provider focusing on the physical security of the datacenters and protecting the hardware, and the enterprise in charge of applications and data. Google shifts the conversation by also providing tools to secure access, encrypt content, and prevent the leak of sensitive data within its cloud. For enterprises wondering, “Why should I trust you to run my most critical applications?” those tools may be the answer.