Google Cloud positions itself as a ‘standalone security brand’
This audio is automatically generated. Please let us know if you have any comments.
Google Cloud, a distant third player in the public cloud market, is trying to become a one-stop shop for security with potential market-changing acquisitions and in-house product development.
For Sunil Potti, vice president and CEO of Google Cloud, these efforts will strengthen its position among companies facing serious security threats, from attacks on the software supply chain to new threat actors. entrepreneurs.
Google’s security boost is also gaining new benchmarks with its largest competitors in the cloud, Microsoft and Amazon Web Services (AWS). Microsoft, in particular, has established close links with the security community with a layered toolkit for specific needs and its instrumental role in helping companies respond to and recover from major attacks.
Security is an activator and differentiator for Google Cloud, Potti told a news conference last week ahead of the Google Cloud Security Summit. Google January 2022 acquisition of Siemplify for orchestration, automation and security response (SOAR) and its $ 5.4 billion deal to acquire Mandiant for incident response they refer to “ensuring that customers can use Google as a standalone security brand,” he said.
Google has stressed the importance of security for years, but its capabilities have been limited and unprepared for companies in some critical areas such as telemetry and the bids it adds through the acquisition, said Forrester analyst Allie Mellen. The company is making some major improvements to change that, he said.
The deal to acquire Mandiant is “a big problem for the security talent they will have at home,” Mellen said. “This is an important and important acquisition for them that could have a huge effect on the way they create security products for the future and the way they approach the market.”
Philip Bues, IDC’s director of cloud security research, echoed Mandiant’s great opportunity at Google. “If Google can combine Mandiant’s threat intelligence with its current artificial intelligence capabilities, the combination could and should be a game changer for proactive threat defenses,” he wrote in an email.
The company’s acquisitions combined with innovations in workload protection and the training of Google’s cybersecurity action team create an environment where “Google can be referred to as a standalone security provider.” dir Bues.
Google is not the only one or a market leader in this endeavor.
Microsoft remains “a powerhouse in the security space” with products and resources that have a huge impact on the market, Mellen said. The company has strong, comprehensive offerings and a strong business footprint, which it uses in aggressive licensing schemes to encourage IT professionals to adopt their security technology along with the core business products, he added.
Google will certainly have a more complete offer than before. The question is whether or not it will be able to compete directly with what we are seeing from Microsoft, “Mellen said.
Google is directing resources to increase security
According to Potti, the influx of cybercriminals on multiple fronts and nation-states imposing stricter regulatory requirements and data sovereignty standards gives Google a unique opportunity to intensify its game.
To that end, Google is institutionalizing zero-trust architectures, striving to anticipate digital supply chain problems, and looking for solutions to the talent gap, he added.
Efforts to secure the open source software supply chain have gained prominence at the highest levels of the technology industry and government. Major companies such as Amazon, Google and Microsoft earlier this month pledged to invest an initial $ 30 million to make open source software more secure.
Google followed suit presenting secured open source software service (OSS), which packages the same workflows on which its developers rely to strengthen and validate the open source software supply chain.
This summer, as a breakthrough for companies and government agencies, the company will provide ongoing testing, corrections, and a deeper level of standard code analysis.
Google said it also continuously applies fuzzing, an automated form of software testing, to 550 of the most widely used open source projects, a process that has resulted in the discovery of at least 36,000 vulnerabilities in January 2022.
Google claims to be the first company to launch open source security software as a product, but there are specialized tools that cover the market targeting different components of open source software.
Google also introduced BeyondCorp Enterprise Essentials to help organizations implement a zero-trust architecture in third-party clouds, client applications, and the Chrome browser. This includes an application plug-in that extends capabilities to other cloud platforms such as AWS and Microsoft Azure, and a client plug-in that provides zero-trust access to on-premises or other cloud-hosted client applications.
Following in Microsoft’s footsteps
Google is not the first or only large cloud company to struggle to become a leader in security by launching, in part, services to support the other giants of the cloud. Microsoft has recently expanded its Defender for Cloud Google Cloud security solution, enabling the cloud-independent solution to natively support workloads, devices, and digital identities, whether or not a client uses Azure.
Bues supports Google’s position as an early leader in zero-trust network environments and notes that the company has made significant open source contributions, including the 2014 release of Kubernetes.
“Understand the challenges of verifying, updating and maintaining open source, continuous innovation in [open source security] with Assured OSS is a continuation of Google ‘s long – standing commitment to open source and the developer community, “said Bues.
Google will also integrate data loss prevention, malware protection, and URL fishing and filtering into the Chrome browser as part of its zero-trust architecture.
Google also introduced Security Foundation, a service that provides models and guidance followed by the Google Cloud Cybersecurity Action Team to help organizations validate configurations and overcome some of the challenges posed by the shortage of cybersecurity talent.
“Cybersecurity has become the biggest risk of all organizations today, as well as possibly in the future,” Potti said.
Security remains a major challenge for all organizations and the risk is growing, he added. Attacks on the software supply chain, according to Google, increased by 650% and over the last year at least 600 threat actors and hundreds of new families of malware have emerged.