Google Cloud CISO Phil Venables On 8 Hot Cybersecurity Topics
‘When I look…at a lot of what companies implement in their own data centers, what we’re doing in the cloud as a default level of security is just way ahead of what all companies are able to do in their on-premise environment,’ Venables tells CRN.
Google Cloud’s biggest differentiator when it comes to security is its capitalization on “security by design,” according to Phil Venables, chief information security officer of the No. 3 cloud computing provider.
“The big thing is the fact that our infrastructure has been designed with security built in and was built from so-called zero trust principles from the very beginning,” Venables said.
In a recent interview with CRN, Venables addressed what he sees as Google Cloud’s edge when it comes to security compared to other providers, whether the cloud is more secure than on-premise environments, security challenges faced by Google Cloud customers and the cybersecurity threat landscape among other security topics.
Venables joined Google Cloud in December 2020 after 21 years at Goldman Sachs, the New York-based investment bank, where he last worked as a private equity operating partner supporting portfolio cybersecurity and other technology companies in building security capabilities and reducing risk. He previously served as chief information security officer for both Goldman Sachs and Deutsche Bank.
The last year-plus at Google Cloud has been an enjoyable one, he said.
“A different environment compared to my career in financial services — many things the same, but many things different, especially the scale of what we do and our ability to invest even more in security than even some of the largest banks are able to invest,” Venables said.
Google integrated its risk, security, compliance and privacy teams from across the company into the Google Cybersecurity Action Team announced last October. The consolidated team will provide strategic security advisory services, trust and compliance support, customer and solutions engineering, and incident response capabilities.
“Those were all teams that were doing really, really good stuff, but we thought it made sense for them to be part of one integrated organization for cloud given the importance of all four of those topics, making sure that we provide even more focus on those things together,” Venable said. “That’s working out very well, and I think that’s reflected in a lot of large organizations that are aligning their risk compliance, security and privacy teams because of a lot of the commonality between the types of controls that you have to implement to drive those things effectively.”
Click through to read what else Venables had to say about the cybersecurity landscape in these edited excerpts from his interview, including the Log4j 2 exploit and Google Cloud’s commitment to open-source security, and cyber threats and the federal government’s response among other topics.