CSS Extends Malware Scanning to Google Cloud Storage

Salt Lake City, February 14, 2025 – Cloud Storage Security (CSS), a leader in advanced threat detection for cloud storage, announced today that it has extended its award-winning malware protection to Google Cloud Storage complementing its current support for Azure Blob and the AWS suite of storage services.

Benefits of Holistic, Programmatic Protection

CSS believes that all organizations should apply malware detection holistically across the entirety of their storage resources. Infected files can be introduced into any bucket, even those that are not a part of applications or data pipelines designed to ingest files into the cloud. Some practical examples of how these files can be ingested are:

• Compromised credentials or exploited APIs – Attackers often target endpoints with weak security measures, such as leaked API keys, poorly secured APIs or user accounts protected by weak or reused passwords. These vulnerabilities provide entry points for unauthorized uploads of malicious files into your storage environment.

• Phishing attacks – Phishing schemes that impersonate trusted sources can trick employees into unknowingly uploading infected files, often disguised as “important” documents.
• Unmonitored automated integrations – Automated processes such as backups, sync tools, and API-driven transfers can propagate malware if not actively monitored. Further, legacy integrations may lack the necessary safeguards to detect and prevent such threats.
  

CSS responded to these risks by expanding their functionality to provide greater coverage of storage resources across cloud platforms and within each platform’s storage suite.

Summary of Functionality

Along with Amazon S3, Amazon EBS, Amazon EFS, Amazon FSx, and Microsoft Azure Blob, CSS offers scheduled and on-demand scanning for Google Cloud Storage. Customers  have access to three industry-leading malware scanning engines (Sophos, CSS Premium, and CSS Secure) which  present no limitations on file size or file type when combined.

How to Configure Scanning for Google Cloud Storage

1. Navigate to Protection > GCP > GCP Buckets
2. Click on the hyperlinked Manage Accounts page.
3. At the top right, click (Link Account) and select (Link GCP Account)
4. Enter in the following parameters
   1. Organization ID: Navigate to the Cloud Resource Manager in your GCP account, locate the line item denoting the account where you would like to configure scanning, and copy the number in the “ID” field.
   2. Billing Account ID: Navigate to the Cloud Resource Manager in your GCP account, locate the line item denoting your preferred billing account, and copy the number in the “ID” field.
   3. Nickname (Optional): Select a nickname, which will denote a group of protected projects under one singular name.
   4. Project IDs to Protect: Navigate to the Cloud Resource Manager in your GCP account, locate the line item denoting the projects you would like to protect, and copy the number in the “ID” field, separated by a comma and a space.
5. Click (Download main.tf File)
6. Run the CSS terraform module provided
   1. Replace the main.tf file with the one you just downloaded
   2. Authenticate to Google Cloud; gcloud with application-default login
   3. Initialize the directory: terraform init
   4. Validate input restraints: terraform validate
   5. Run the module: terraform apply
7. Enter the following outputs of the link account Terraform execution into the CSS console:
   1. Project ID
   2. Audience
   3. Service Account Impersonation URL
8. Click the (Test Credentials) button. If the credentials are invalid, check the values entered and correct them. Then, test the credentials again.
9. Click the (Link Account) button at the bottom right.

Summary and Unlimited Licensing

 Customers must protect everything they store in the cloud, as such CSS  grants customers the ability to:

• Defend their entire environment – Amazon S3, Amazon EFS, Amazon EBS, Amazon FSx, Microsoft Azure Blob Storage, and Google Cloud Storage
• Perform periodic rescanning to meet compliance requirements and detect dormant malware

CSS prices their programmatic defenses for modern cloud storage. Our flat-rate, unlimited usage pricing model, enables organizations to focus on what truly matters:  protecting their entire cloud storage suite. Not worrying about over-spending and license usage with per-GB pricing.

Take advantage of CSS’ program-based pricing model  and contact a SME at cloudstoragesecurity.com/contact or get started today with a 30 day free trial in AWS Marketplace.