Because of gaps in Google’s cybersecurity approach, banks, financial institutions, and larger businesses are hesitant to use the Google Cloud Platform (GCP), preferring instead to use Microsoft Azure and Amazon Web Services.
It also doesn’t help that Google Cloud Platform has a reputation for being more focused on developers and their demands than on enterprise and commercial initiatives. However, Google now has a unique chance to broaden its customer base with new security services that aim to close many of those loopholes.
Google officials overseeing the security business groups launched an ambitious new series of cybersecurity measures specifically for this reason during last week’s Google Cloud Next virtual conference. The launch of the Google Cybersecurity Action Team, new zero-trust solutions for Google Workspace, and the extension of Work Safer with CrowdStrike and Palo Alto Networks collaborations are among the most notable developments.
However, the most important new announcements for businesses are on the BeyondCorp Enterprise platform. BeyondCorp Enterprise is Google’s zero-trust platform, which enables virtual workforces to access cloud and on-premises applications and work from anywhere without the use of a traditional remote-access VPN. BeyondCorp Enterprise for zero-trust security and Google’s Workspace collaboration platform are combined in Google’s Work Safer initiative.
Workspace today has over 3 billion users and 4.8 billion installations of 5,300 public apps, making it a perfect platform for forming and scaling cybersecurity collaborations. Workspace also highlights the growing challenge that chief information security officers (CISOs) and chief information officers (CIOs) have in safeguarding the rapidly growing number of endpoints that now dominate their virtual-first IT infrastructures.
Bringing order to the chaos of cybersecurity
Google is aiming to persuade CISOs to trust Google for their entire security and public cloud tech stack with its newest wave of cybersecurity initiatives and product launches. Unfortunately, this does not reflect the reality of how many legacy systems CISOs have lifted and moved to the cloud for many businesses.
New techniques to coping with how chaotic, lethal, and uncontrollable breaches and ransomware attacks have become were conspicuously absent from the many announcements. Work Safer, a programme that integrates Workspace with Google cybersecurity services and new integrations with CrowdStrike and Palo Alto Networks, is a step in the right direction, according to Google.
According to a press release, the Google Cybersecurity Action Team will be “the world’s premier security consulting team with the primary objective of assisting the security and digital transformation of governments, key infrastructure, companies, and small businesses.” But let’s be honest: this is a professional services firm whose goal is to increase high-margin engagement in enterprise accounts. Small and mid-sized businesses, on the other hand, will be unable to afford engagements with the Cybersecurity Action Team, forcing them to rely on system integrators or their own IT employees.
Why is it necessary for every cloud to be a trusted cloud?
It’s a cloud-native world now, CISOs and CIOs tell VentureBeat, and that includes fixing security gaps in hybrid cloud deployments. Most enterprise tech stacks grew as a result of mergers and acquisitions, as well as a decade or more of cybersecurity tech purchases. In many situations, these are held together by specialised integration code written and maintained by third-party system integrators. Applications built on these tech stacks generate new digital-first revenue sources. This adds to the intricacy of the situation. In truth, every cloud must now be a trustworthy cloud.
Google’s pronouncements on integration, security monitoring, and operations are necessary, but they are insufficient. Given their proven scalability in large companies, Google has always trailed behind the market when it comes to security monitoring by emphasising its own data loss prevention (DLP) APIs. To Google’s credit, it has formed a technology partnership with Cybereason, which will use Google’s cloud security analytics platform Chronicle to improve its extended detection and response (XDR) service and will use threat hunting and incident response logic to help security and IT teams identify and prevent attacks.
Google now looks to have the components it lacked previously in order to provide its clients with a vastly improved assortment of security options. CISOs and CIOs will be especially interested in combining the BeyondCorp Enterprise Platform, Workspace, the Google cybersecurity suite, and new integrations with CrowdStrike and Palo Alto Networks to make work safer.
Without a doubt, many people will demand a discount on BeyondCorp maintenance payments. While BeyondCorp is appealing to major businesses in general, it does not address the fast-paced arms race between bad actors and businesses. For desktop management, Google also includes Recapture and Chrome Enterprise, both of which are required by all enterprises in order to scale website protection and browser-level security across all devices.
It’s all about defending against threat surfaces.
In a cloud-native world, businesses must primarily safeguard threat points. Google has released a new client connector for its BeyondCorp Enterprise platform that can be customised to safeguard both Google-native and legacy applications, which are critical for older businesses. Non-web applications running in both Google Cloud and non-Google Cloud settings can now be accessed using the new connector, which allows authentication and context-aware access. BeyondCorp Enterprise will also include a policy troubleshooter that will allow administrators to diagnose access issues, triage events, and unblock users with greater freedom.
Security officials spoke about embedding security into the DevOps process and developing zero trust supply chains to safeguard new executable code from being hacked throughout Google Cloud Next. To achieve that lofty aim for the company’s overall cybersecurity strategy, zero trust must be ingrained in every aspect of the development process, from design to deployment.
Cloud Build is a serverless CI/CD platform for Google that supports builds, tests, and deployments. It is SLSA Level -1 compliant, with scripted builds and provenance support. In addition, Google introduced Cloud Build, a new build integrity capability that generates a verifiable build manifest automatically. A signed certificate defining the sources used in the build, the hashes of artefacts utilised, and other parameters are included in the manifest. Furthermore, binary authorization has been linked with Cloud Build to ensure that only trustworthy images are deployed.
These new initiatives will safeguard software supply chains for large-scale businesses that currently use Google’s tech stack. However, getting these systems up and running on mid-tier and smaller enterprises’ IT budgets and resources would be difficult.
In the end, a cybersecurity policy must benefit everyone.
The sales of the Google Cloud Platform will follow Google’s cybersecurity strategy. It’s not going to be easy persuading enterprise CISOs and CIOs to replace or extend their tech stack to make it Google-centric. Recognizing the current state of the cybersecurity threat landscape, which is chaotic, diversified, and unexpected, and developing additional apps, platforms, and adaptive solutions that can learn quickly and thwart attacks.
Part of the challenge is getting the integration correct. The far more difficult component is bridging the expanding cybersecurity gaps that all businesses — not just large-scale enterprises — are facing without relying on a Google-dominated software stack to accomplish it.