Google’s future in business relies on strategic cybersecurity

Gaps in Google’s cybersecurity strategy are slowing banks, financial institutions and large corporations to adopt the Google Cloud Platform (GCP), with offerings often going to Microsoft Azure and Amazon Web Services.

It also doesn’t help that GCP has long had a reputation for being more aligned with developers and their needs than with corporate and commercial plans. But Google now has a timely opportunity to open up its customer opening with new security offerings designed to fill many of these gaps.

At last week’s Google Cloud Next virtual conference, Google executives leading the security business units announced an ambitious new set of cybersecurity initiatives precisely for this purpose. The most notable announcements are the formation of the Google Cybersecurity Action Team, new zero trust solutions for Google Workspace and the extension of Work Safer partnerships with CrowdStrike and Palo Alto Networks.

However, the most valuable new announcements for businesses can be found on the BeyondCorp Enterprise platform. BeyondCorp Enterprise is Google’s zero-trust platform that enables virtual workforce to access cloud or on-premises applications and work from anywhere without a traditional remote access VPN. Google’s announced Work Safer initiative combines BeyondCorp Enterprise for zero-trust security and their Workspace collaboration platform.

Workspace now has 4.8 billion installations of 5,300 public applications for more than 3 billion users, making it an ideal platform for building and developing cybersecurity partnerships. Workspace also reflects the growing problem for Information Security Officers (CISOs) and CIOs to protect the exponentially growing number of endpoints that dominate their virtual IT infrastructures first.

Clean up the cybersecurity chaos

With the latest round of cybersecurity strategies and product announcements, Google is trying to sell CISOs the idea of ​​trusting Google for their comprehensive security and public cloud technology stack. Unfortunately, that doesn’t reflect the reality of the number of legacy systems that CISOs have lifted and moved to the cloud for many businesses.

The many announcements of new approaches to dealing with how chaotic, deadly and out of control breaches and ransomware attacks have become. But Google’s announcement of Work Safer, a program that combines Workspace with Google’s cybersecurity services and new integrations with CrowdStrike and Palo Alto Networks, is a step in the right direction.

Google’s Cyber ​​Security Action Team asserted in a media advisory that it would be “the world’s premier security advisory team with a unique mission to support the security and digital transformation of governments, critical infrastructure, businesses and small businesses “. But let’s face it, this is a professional services organization designed to drive high margin engagement in business accounts. Unfortunately, small and midsize businesses won’t be able to afford engagements with the cybersecurity action team, which means they’ll have to rely on systems integrators or their own IT staff.

Why Every Cloud Must Be A Trusted Cloud

CISOs and CIOs tell VentureBeat that it’s now a cloud-native world, and that includes filling security gaps in hybrid cloud setups. Most enterprise technology stacks have grown through mergers, acquisitions, and a decade or more of cybersecurity technology purchasing decisions. These are maintained with custom integration code written and maintained by external system integrators in many cases. New digitally driven revenue streams are being generated from applications running on these technology stacks. This adds to their complexity. In reality, every cloud now needs to be a trusted cloud.

Google’s series of announcements regarding integration and monitoring and security operations are necessary, but not enough. Historically, Google has lagged behind the market in security oversight by prioritizing its own data loss prevention (DLP) APIs, given their proven scalability in large enterprises. To Google’s credit, it has formed a technology partnership with Cybereason, which will use Google Chronicle’s cloud security analytics platform to enhance its Extended Detection and Response (XDR) service and assist security and IT teams. identify and prevent attacks using threat hunting and incident response. logic.

Google now appears to have the components it previously lacked to offer its customers a much improved selection of security solutions. Creating a safer job by bringing together the BeyondCorp enterprise platform, Workspace, Google’s suite of cybersecurity products, and new integrations with CrowdStrike and Palo Alto Networks will resonate the most with CISOs and CIOs.

Without a doubt, many will want a discount on BeyondCorp maintenance fees at a minimum. While BeyondCorp is generally attractive to large companies, it does not address the accelerating pace of the arms race between bad actors and companies. Google also includes Recapture and Chrome Enterprise for desktop management, both necessary for all organizations to advance website protection and browser-level security on all devices.

It’s about protecting threat surfaces

Businesses operating in a cloud native world primarily need to protect threat points. Google announced a new client connector for its BeyondCorp Enterprise platform that can be configured to protect native Google applications as well as legacy applications, which are very important to older businesses. The new connector also supports identity and context access to non-web applications running in Google Cloud and non-Google Cloud environments. BeyondCorp Enterprise will also have a policy troubleshooter that gives administrators greater flexibility to diagnose access failures, triage events, and unblock users.

Throughout Google Cloud Next, cybersecurity officials have talked about integrating security into the DevOps process and creating zero-trust supply chains to protect new executable code from breach. Achieving this ambitious goal for the company’s overall cybersecurity strategy requires zero trust to be built into every phase of a build cycle through deployment.

Cloud Build is designed to support builds, tests, and deployments on Google’s serverless CI / CD platform. It is SLSA Level -1 compliant, with scripted versions and provenance support available. Additionally, Google launched a new build integrity feature as Cloud Build that automatically generates a verifiable build manifest. The manifest includes a signed certificate describing the sources that went into the build, hashes of artifacts used, and other parameters. Additionally, binary authorization is now built into Cloud Build to ensure that only trusted images make it into production.

These new announcements will protect software supply chains for large companies already running a technology stack dominated by Google. However, it will be a challenge for small and medium-sized businesses to make these systems work with their budgets and IT resources.

Conclusion: The cybersecurity strategy must work for everyone

As Google’s cybersecurity strategy grows, sales of the Google Cloud platform will change as well. Convincing corporate CISOs and CIOs to replace or expand their technology stack and make it Google-centric is not the answer. Recognize how chaotic, diverse and unpredictable the cybersecurity threat landscape is and create more adaptive applications, platforms and tools that learn quickly and thwart breaches.

Getting it right is only part of the challenge. The much more difficult aspect is how to close the growing cybersecurity gaps that all organizations face – not just large corporations – without needing a Google-dominated technology stack to achieve it.

VentureBeat

VentureBeat’s mission is to be a digital public place for technical decision-makers to learn about transformative technology and conduct transactions. Our site provides essential information on data technologies and strategies to guide you in managing your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the topics that interest you
  • our newsletters
  • Closed thought leader content and discounted access to our popular events, such as Transform 2021: Learn more
  • networking features, and more

Become a member

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

*