Google Cloud Security Summit: New Solutions for Zero Trust, Software Supply Chain, More
The new solutions will help partners help their customers more quickly and easily adopt Google Cloud’s security capabilities.
![New Solutions New Solutions](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt8023dcd837070570/65242a9f7c71d346d21f2bc2/New-solutions.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Google Cloud announced a new cloud security product that enables customers to use the same open-source software (OSS) packages that Google uses, enhancing their end-to-end security capabilities.
“Assured OSS helps organizations reduce the need to develop, maintain and operate a complex process for securely managing their open source dependencies,” said Google Cloud’s Sunil Potti.
Google Cloud introduced BeyondCorp Enterprise Essentials. It’s a new solution intended to help organizations quickly and easily take the first steps toward zero trust implementation.
“Zero trust is something that Google pioneered with BeyondCorp and it’s how we operate,” Potti said. “It’s not a marketing slogan for us. We apply it to our workforce with our BeyondCorp model and our workloads. Recently, the U.S. executive order and federal strategy to move the U.S. government toward zero trust architectures mandates many foundational elements of the approach Google has promoted for more than a decade.”
Google Cloud unveiled a new Security Foundation solution. It helps enterprises more easily adopt security capabilities available on Google Cloud. This solution provides users the controls they need for data protection, network security and security monitoring to help make their deployments secure.
“We recognize that while some partners may work with customers that run everything on Google Cloud, there are also customers that run on-premises or in multicloud environments,” Potti said. “Our new security solutions, which deliver capabilities that only an organization like Google can provide, can be used across these environments, providing partners with an opportunity to engage with customers in all stages of their cloud transformation journey – no matter where that may be. Google is uniquely positioned to help partners address key security challenges so they can drive successful security transformations, accelerate digital transformation efforts and be safer with Google.”
Google Cloud is announced BeyondCorp Enterprise app connector and BeyondCorp Enterprise client connector will be generally available in the third quarter. It simplifies app connections and enables zero trust access to customers.
“Security is a key area of focus for Google – we know that we have the potential to drive major change when it comes to how we as an industry think about and approach security,” Potti said. “In August, we committed to invest $10 billion over the next five years to advance cybersecurity, including expanding zero trust programs, helping secure the software supply chain, enhancing open-source security, and offering accessible computer security education and training. But this was just the first step. The announcements today demonstrate our continued investment in supporting organizations as they navigate these critical issues. Ultimately, we believe Google Cloud is the best cybersecurity partner for governments, enterprises and organizations of all sizes, across all industries.”
U.S. national cyber director Chris Inglis addressed the summit and said what’s emerging in terms of the public-private relationship is an increasing commitment to resilience by design.
“Responding to crises, whether it’s log4j or WannaCry, or NotPetya is meritorious and we have in fact, swarmed, interdicted and evicted many threats together,” he said. “But increasingly, we need to build that resilience in, not just to the technology, but to the people and to the doctrine, to the roles and responsibilities. We need to get left of the event, again taking a best practice from the way Google has designed its architectures across time.”
Another emerging trend is public-private collaboration, Inglis said.
“There are increasingly places where we can only discover things together by combining our insights, combining our authorities, such that we make it true that an adversary increasingly in this space, a transgressor in this space, has to beat all of us to beat one of us,” he said. “That being said, we will take great efforts to defend privacy and proprietary interest, but there are places where collaboration has its place, and we all need to be committed to figuring out how does the government aid and abet the knowledge of the private sector about things the government uniquely knows and bring its resources to bear in a true collaboration.”
The federal government now has a space where private-public collaboration can be enjoined, Inglis said. It’s the Joint Cyber Defense Collaborative.
“We’ve stood that up within the last year, and … private and public subject matter experts in the cyber realm join forces there to co-discover and hopefully implicitly collaborate in the mitigation of cyber threats that can’t be discovered by one party or another, and that can only be discovered together. Each of us can contribute to the defense of all of us.”
Also during the summit, Joshua Haslett, Google Cloud’s strategic technology partnership manager, and Josh Zelonis, Palo Alto Networks‘ field CTO and evangelist, discussed the Unit 42 Ransomware Threat Report. Palo Alto Networks is one of Google Cloud’s ISV partners.
“One of the key takeaways is that ransoms keep rising, both in demands and the payments that these operators are receiving,” Zelonis said. “Among our incident response cases in 2021, which were predominantly U.S.-based companies, the average ransom demanded was approximately $2.2 million. Now further, our recent [report] was an analysis of leak sites where ransomware operators are providing snippets of stolen information as part of a naming and shaming, multi-extortion kind of tactic designed to coerce victims to pay ransom demands even if they think that they can recover from the encryption event itself.”
These are extremely well-funded adversaries who are now starting to leverage zero day attacks and even reverse engineering patches for day one exploits they can leverage against organizations, he said.
Zelonis gave four recommendations to protect against ransomware:
Harden your attack surface against common intrusion vectors.
Improve threat detection and response.
Validate your ability to recover at scale.
Work with a trusted partner, such as an incident response (IR) provider.
Also during the summit, Joshua Haslett, Google Cloud’s strategic technology partnership manager, and Josh Zelonis, Palo Alto Networks‘ field CTO and evangelist, discussed the Unit 42 Ransomware Threat Report. Palo Alto Networks is one of Google Cloud’s ISV partners.
“One of the key takeaways is that ransoms keep rising, both in demands and the payments that these operators are receiving,” Zelonis said. “Among our incident response cases in 2021, which were predominantly U.S.-based companies, the average ransom demanded was approximately $2.2 million. Now further, our recent [report] was an analysis of leak sites where ransomware operators are providing snippets of stolen information as part of a naming and shaming, multi-extortion kind of tactic designed to coerce victims to pay ransom demands even if they think that they can recover from the encryption event itself.”
These are extremely well-funded adversaries who are now starting to leverage zero day attacks and even reverse engineering patches for day one exploits they can leverage against organizations, he said.
Zelonis gave four recommendations to protect against ransomware:
Harden your attack surface against common intrusion vectors.
Improve threat detection and response.
Validate your ability to recover at scale.
Work with a trusted partner, such as an incident response (IR) provider.
At Tuesday’s Google Cloud Security Summit, the cloud computing giant unveiled new security solutions. They’re aimed at helping global enterprises and governments address their most pressing security challenges.
Those challenges include:
Securing their software supply chain.
Accelerating zero trust adoption.
Improving data protection controls.
Simplifying access to core cyber insights.
Security, Cyber Risk Atop Every Organizations’ Agendas
Google Cloud’s Sunil Potti
Sunil Potti is general manager and vice president of cloud security at Google Cloud. He said the new solutions will help partners help their customers more quickly and easily adopt Google Cloud’s security capabilities.
“Security and cyber risk remain at the top of every organization’s agenda,” he said. “We are facing active adversaries. Six hundred-plus threat actors have emerged just in the past 12 months. There are hundreds of new malware families which are found every year. We’ve been hit with an over 650% increase in software supply chain attacks. And last but not least, the continued shortage of security talent means that every organization can’t find the help they need.”
Cybersecurity has become every organization’s singular biggest risk today, as well as possibly going forward, Potti said.
“Google keeps more people safe online than anyone else,” he said. “And we help enterprises be safer with Google Cloud in a two-pronged approach. First, we aim to provide the industry’s most trusted cloud for digital transformation, while at the same time we
recognize not every critical system or workload is in the cloud. And we know you’re on a journey so we can meet you where you are
with SaaS products that bring our Google Security magic to your on-premises, private or multicloud environments. And in our trusted
cloud, we operate in a shared-fate model. And key to this is engineering security into our core platform coupled with security
controls you can configure according to your own risk profile. But you shouldn’t have to wonder which controls to deploy or how to
achieve a strong base posture.”
Big Things Coming from Mandiant Acquisition
In March, Google Cloud announced it is acquiring Mandiant to bolster its cybersecurity services.
“This will enable us to bring together highly skilled security analysts with rich frontline intelligence into an end-to-end security operations product portfolio,” Potti said. “And you’ll be hearing much more to come on our plans and progress later this year. So hopefully, as you can see, we are working hard to deliver the solutions that can matter most in today’s risk and threat environment. So when you couple this organic development with the acquisitions we’ve made this year … our momentum in security is not only increasing, but amplifying and accelerating at a time when help is needed more than ever.”
Scroll through our slideshow above for more from Google Cloud Security Summit.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
Read more about:
MSPsAbout the Author(s)
You May Also Like