Cloud CISO Perspectives: Get ready for Next ‘24: What you need to know

Welcome to the second Cloud CISO Perspectives for March 2024. Today, Brian Roddy, vice president of security product management, Google Cloud, talks about some of the important cybersecurity hot topics that will be driving our announcements at Google Cloud Next in April.

As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.

--Phil Venables, VP, TI Security & CISO, Google Cloud

Get ready for Next ‘24: What you need to know

By Brian Roddy, vice president of security product management, Google Cloud

We have entered the fifth epoch of distributed computing, and it promises to revolutionize information technology and how we use it. More than a decade of work at Google has been put into building AI into our products and solutions, and the shift to generative AI represents an industry-wide acknowledgement of its potential.

Gen AI has the potential to tip the balance of security in favor of defenders, and we plan on revealing the next steps in the evolution of cybersecurity at Google Cloud Next, from April 9-11. Tickets are still available to Next ‘24, where we’ll present our vision for the future of cloud — and the vital role that security plays within.

While I’m not going to spoil the announcements we have planned, I do want to give a bit of context for where we were in 2023, and where we’re headed.

As Mandiant CEO Kevin Mandia said last year, “[W]hile we continue to face significant challenges, our industry is getting better at cybersecurity and organizations globally have made progress in strengthening their defenses. But we cannot let our guard down. We have seen that attackers do not rest — and that they are increasingly sophisticated and well-funded.”

Earlier this month, we introduced Security Command Center Enterprise, adding long-awaited multicloud support and becoming the first cloud risk management solution that fuses AI-powered SecOps with cloud security. It’s designed to help break down the silos of tools, teams, and data to ensure faster outcomes and higher efficacy for cloud security and enterprise security operations. You don’t need a PhD in cryptography to know that we’re going to be talking about this new version of our flagship risk management tool at Next ‘24, but there’s a lot more we have to say.

Organizations need security partners like Google, who have proven expertise, solutions, and extended support. Last year, we set out to create a bold and responsible model for how gen AI could benefit cybersecurity with a positive impact on the security ecosystem. Our vision for AI in security described the possibilities: How we could automate tasks to reduce toil, up-level talent, and mitigate threats.

Our investments in key technologies, including threat intelligence, security operations, and risk management, drove our progress towards making strong security simple and accessible. We announced at the RSA Conference ‘23 in April our plan to supercharge security with gen AI, based on foundational AI research by Google and DeepMind, and the deep expertise of our security teams. We built on that promise, and some of our most important announcements revealed our ongoing work towards that goal.

At Next ‘23 in August, we shared additional AI innovations in our security products and also expanded on our holistic approach to securing AI. This included the application of the principles of our Secure AI Framework (SAIF): We explained why we believe that AI needs to be tested by red teams, detailed practical considerations for securing AI, and went deep into the risk governance principles that can help steer AI towards a more beneficial future.

We knew that by focusing on building the right foundations, we would be able to provide products that prioritize security by design and are made to help raise the bar on security. Early user feedback showed that gen AI in Security Operations helped reduce the time that security analysts spent writing, running, and refining searches and triaging complex cases by a factor of seven.

Of course, there’s a lot more work that our security teams did in the past year that I haven’t been able to discuss in depth here that nevertheless plays an important role. These topics include the news that we stopped the largest DDoS attack ever recorded to date, again; that we continue to invest in sovereign data and risk management solutions; and that we talked about why we partner with ISACs to improve communication across the community.

Google Cloud’s technology and expertise ties together a trusted cloud foundation, a modern SecOps platform, and frontline intelligence and expertise, all infused with the power of gen AI to help drive the security outcomes you’re looking to achieve. I hope you’ll join us at Next ‘24 so you can get a front-row seat to see what we’ve been planning.

We’re looking forward to seeing you at Next ‘24. If you haven’t yet, you can register here.

In case you missed it

Here are the latest updates, products, services, and resources from our security teams so far this month:

• Introducing Threat Intelligence news from Google Cloud: Google Cloud is excited to announce the launch of a new blog channel: Threat Intelligence, featuring in-depth threat research and guidance from Mandiant and Google Cloud experts on the frontlines of the latest cyberattacks. It also features indicators, detections, rules, and more that defenders can use to help proactively protect their organizations. Read more.
• To securely deploy AI on Google Cloud, follow these best practices: As part of a new Google Cloud report on securely deploying AI, we’ve put together a checklist to help organizations achieve a strong security posture for their AI deployments. Read more.
• Leading through change: 5 steps for executives on the cloud transformation path: Google Cloud experts and our customers say that they become even more successful when cybersecurity becomes everyone’s responsibility. Here’s 5 ways to make that happen. Read more.
• Secure by default: How to set compliance controls for your Google Cloud Organization: Assured Workloads can help you ensure comprehensive data protection and regulatory compliance with folders that support your compliance requirements. Here’s how. Read more.
• Making it easier to protect data in Cloud SQL: Discover sensitive data and manage risks with Sensitive Data Protection for Cloud SQL. Here’s what’s new. Read more.
• Introducing stronger default Org Policies for our customers: We’ve released an updated and stronger set of security defaults implemented with Organizational Policies. Read more.
• How Commerzbank safeguards its data with VPC Service Controls: Commerzbank explains how VPC Service Controls have helped them keep their sensitive data secure while using built-in Google Cloud storage and data processing capabilities. Read more.
• Securing Ray on Google Kubernetes Engine: Running Ray on GKE takes advantage of existing global Google infrastructure components like Identity-Aware Proxy (IAP), for a more secure deployment. Read more.
• Improving resilience to DDoS attacks with Cloud Armor Advanced rate limiting capabilities: As the threat landscape evolves, you can use Google Cloud Armor to build a comprehensive DDoS mitigation strategy. Here’s how. Read more.
• How to choose a known, trusted supplier for open source software: With an increasing focus on managing open-source software supply chain risk, both Citi and Google strive to apply more rigor across risk mitigation. Here’s what we’ve learned. Read more.

Threat Intelligence news

• APT29 uses WINELOADER to target German political parties: In late February, APT29 used a new backdoor variant publicly tracked as WINELOADER to target German political parties, the first time Mandiant has seen this APT29 cluster has done so. This activity presents a broad threat to European and other Western political parties. Read more.
• Bringing access back — Initial Access Brokers exploit F5 BIG-IP and ScreenConnect: During the course of an intrusion investigation in late October 2023, Mandiant observed a novel exploitation of a vulnerability affecting F5 BIG-IP Traffic Management User Interface. This February, we observed exploitation of Connectwise ScreenConnect by the same actor. This mix of custom tooling and the SUPERSHELL framework used in these incidents is assessed with moderate confidence to be unique to a People's Republic of China (PRC) threat actor, UNC5174. Read more.

Now hear this: Google Cloud Security and Mandiant podcasts

• Decoding 'shifting left' for cloud security: Are cloud operations more like pets, or more like farm animals? Ahmad Robinson, a Google Cloud security architect, talks with our Cloud Security podcast hosts Anton Chuvakin and Tim Peacock about why it’s important to understand policy-as-code early in your cloud career, and why the cloud is more like a working horse and less like Fido. Listen here.
• Leaping at quantum problems: What’s the real threat posed by quantum computers, and how can post-quantum cryptography help defenders? Jennifer Fernick, Google senior staff security engineer, shares her insights on all things quantum with our Cloud Security podcast hosts Anton and Tim. Listen here.

To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in two weeks with more security-related updates from Google Cloud.