From AI to Zero Trust: Google Cloud Security delivers comprehensive solutions for the public sector

Government organizations and agencies face significant challenges from threat actors seeking to compromise data and critical infrastructure, and impact national and economic stability. These attacks target a broad range of industries and organizations, from water security to rural health care, via external targeting and insider threats. Government organizations are in the top five industries targeted by cyberattacks, according to this year’s M-Trends report, a special look at the evolving cyber threat landscape published by Mandiant. 

Google Cloud Security is committed to helping government agencies and organizations strengthen their defenses, including managing threats, and keeping staff trained and ready for any scenario, using generative AI to help expedite tasks, and helping to keep sensitive workloads secure. Google Cloud’s portfolio of security solutions, combined with Mandiant threat intelligence and expertise, positions us to help public sector organizations stay protected at every stage of their security lifecycles. Today at the Google Public Sector Summit, we’re proud to unveil several new announcements around our security solutions. Read about all of the details below.

Driving effective security operations 

Building on Google Cloud services that have achieved a FedRAMP High designation, we are pleased to announce today that Google Security Operations is now authorized for operation in FedRAMP High environments.  

Positioned as a Leader in the recent in the IDC MarketScape: Worldwide SIEM for Enterprise 2024 Vendor Assessment, the IDC report states, “Google Security Operations is a cloud-native SIEM that is integrating previous point products such as SOAR and ASM, enriching all alerts with Google Threat Intelligence, and offering a gen AI assistant to alleviate mundane security analyst tasks. It is built on the search, data visualization, and storage services of Google Cloud.”

Achieving FedRAMP authorization complements other government-focused efforts for Google Security Operations, including Google Cloud Cybershield™, which enables governments to build an enhanced cyber threat capability, get actionable insights in real time, and develop skills and processes that drive effective security operations.

New cloud compliance control packages and service expansion

Assured Workloads can help public sector customers run regulated workloads on Google's public cloud infrastructure, without the tradeoffs of isolated government clouds. By enforcing data location, personnel access controls, and policy constraints, Assured Workloads can simplify the process of maintaining security and compliance while allowing customers to take advantage of the flexibility and innovation of Google Cloud services.

Today, we’re pleased to announce the expansion of services across several Assured Workloads compliance control packages: 

• We recently added nine services for our control package supporting the FBI’s Criminal Justice Information Services (CJIS) information protection guidelines. These services unlock AI capabilities such as Text-to-Speech for applications, and enable users to build frontend and backend services with CloudRun and Spanner. The CJIS program now covers 16 accredited states.

• Our new control package for Assured Workloads can support state and local government customers’ compliance with IRS 1075. The IRS 1075 control package maps to FedRAMP High controls, and includes Access Transparency control for U.S. personnel.

• We now offer a Healthcare and Life Sciences control package, which can help simplify configuration and security for regulated workloads in healthcare and life sciences. It configures support for VPC Service Controls, Access Transparency, data residency, and customer-managed encryption keys. In addition, Healthcare and Life Sciences Controls can help organizations ensure that Google Cloud services used in their workload are covered by Business Associate Agreements and have passed HITRUST Common Security Framework (CSF) certification.

Simplify your compliance audit process

Compliance audits in the cloud can be time consuming and complex, and you need to generate evidence of compliance every audit cycle, each time you upgrade or deploy a new application, or whenever regulations change. 

We are excited today to introduce our new Google Cloud Audit Manager, so you can evaluate your resources against industry benchmarks such as NIST 800-53 Revision 4, NIST CSF, FedRAMP Moderate, ISO 27001, HIPAA, and Google-recommended AI controls. Generally available later this month, this powerful tool is designed to streamline and simplify your compliance audit process on Google Cloud by: 

• Providing a shared responsibilities matrix, clearly articulating separation of duties and recommendations for you to execute your responsibilities.

• Automating compliance assessments to evaluate compliance controls on workloads so you can understand their state of compliance.

• Gathering evidence necessary for your compliance audits.

Audit Manager can be used by any Google Cloud customer and SCC Enterprise customers will have access to Audit Manager at no additional cost, which means customers can have a more complete CNAPP experience, streamlining their audit evidence generation to complement SCC’s monitoring and reporting capabilities.

Government-ready Gemini for Google Workspace

The shift towards generative AI presents an opportunity for governments to transform the lives of their citizens, through enhanced efficiencies, improved resilience of utilities and citizen services, and protection of government information. Our AI-powered agent, Gemini for Workspace, which has been submitted for FedRAMP High authorization, is built into the applications, such as Gmail, Drive, and Docs, to help your teams do more in less time.

We are also announcing general availability of Drive Inventory Reporting (DIR), which generates weekly snapshots of key metadata for files in Drive. DIR allows administrators to understand what data they have, how it is labeled, and who has access to it. DIR also includes Gemini modifications (changes made by Gemini), and administrators can see when Gemini accesses Drive data in the Drive logs.

DIR is mapped to the U.S. government's Zero Trust Maturity Model Data pillar, which requires that agencies “inventory, categorize, and label data; protect data at rest and in transit; and deploy mechanisms to detect and stop data exfiltration.”

Immersive cyber range experience

Mandiant has long supported the government sector. In addition to recent announcements for Mandiant Custom Threat Hunt and Mandiant Managed Defense for Google Security Operations, we are announcing Mandiant ThreatSpace. 

Mandiant ThreatSpace facilitates a consequence-free, immersive environment to practice and learn without risk. Hosted on Google Cloud, this customized, live-fire, technical learning service is designed to help security teams keep their skills sharp and learn new ones by performing incident response and threat hunting against the latest real-world threat and attack scenarios.   

Cybersecurity assistance for rural hospitals

Google is committed to helping rural health systems strengthen their resilience to cyberattacks. We are partnering with government and industry to offer security services, support, and technologies, enabling these hospitals to defend their systems and keep their focus on providing safe patient care. 

This tailored initiative to improve cybersecurity is specially designed for rural hospitals and health clinics. The program delivers a growing set of secure-by-design Google technology for access and collaboration, consulting and support services, and security training resources at a discount or no cost. Interested organizations can learn more and sign up for more information.

Learn more about Google Cloud Security

Google Cloud Security is committed to empowering public sector organizations with the tools and resources they need to navigate today's complex threat landscape. From FedRAMP-authorized solutions like Google Security Operations and Assured Workloads to innovative offerings such as Mandiant ThreatSpace and tailored support for rural hospitals, we're dedicated to helping agencies strengthen their cybersecurity posture and protect sensitive data. With a focus on continuous innovation and collaboration, Google Cloud Security is your trusted partner in building a more secure and resilient future for the public sector.

If you’re attending our Google Public Sector Summit, you can learn more about what Google Cloud Security has to offer by visiting us today at the Security Station on the show floor, along with attending our session, “Protecting Critical Infrastructure and Resources,” at 1:45 p.m. ET.