Organizations need a “hard reset” to rethink their cloud security approaches in the wake of increasing risks from attacks on software supply chains, zero-day issues in email services and ransomware attacks on critical infrastructure industries, according to Sunil Potti, Google Cloud’s general manager and vice president of cloud security.
At its online Security Summit today, Google Cloud today unveiled new offerings to support its cloud platform, products and services with “engineered-in, invisible security.” The security products and services include the integration of its cloud-native Chronicle security analytics platform with its Looker and BigQuery analytics platforms, Autonomic Security Operations and the previews of a managed intrusion detection system and a risk protection program.
“We fundamentally believe to trust the cloud more, you have to be able to trust it less,” Potti said. “This zero-trust approach tends to be an underpinning for us to bring unprecedented visibility, transparency and control to customers not only on GCP (Google Cloud Platform), but also in their own data centers or on Amazon or Azure, or other clouds of their choice with products like BeyondCorp Enterprise or Chronicle.”
Security controls covering only 80 percent of an organization’s services equates to 0 percent coverage, Potti noted.
“We all seem to have this feeling like every day, every week, there’s something coming up, and it’s to a point where, in fact, many companies — through ransomware or otherwise — are actually almost abdicating their responsibility,” Potti said. “There’s a meme going around where a CISO is hesitant to spend a million dollars on security tools, but writes a check for $10 million for ransomware very quickly.”
Google Cloud also announced three new services offerings to help U.S. federal, state and local government organizations implement zero-trust architecture in line with President Joseph Biden’s executive order in May on improving the nation’s cybersecurity, along with National Institute of Standards and Technology standards.
Biden’s executive order comes down to accelerating the journey to zero-trust architecture, solid cyber-analytics, along with diagnosis and an ability to rapidly recover, according to Mike Daniels, vice president of global public sector sales for Google Cloud.
“Partially as a result of the pandemic, which expanded the threat offload tremendously with respect to remote work, and then with the exclamation points of Solarwinds, and the Colonial Pipeline, the threat landscape suddenly heated up tremendously again…and that threatened national security, critical infrastructure and the delivery, frankly, of essential services for the nation to operate,” Daniels said. “It was a really good reminder about the importance of top-level security infrastructure, securing third-party vendors and eliminating reliance on a single cloud vendor as resilience became really important.”
Here’s a closer look at the top eight security announcements from today’s Google Cloud Security Summit.