Cloud CISO Perspectives: How the AI megatrend can help manage threats, reduce toil, and scale talent
Phil Venables
VP/CISO, Google Cloud
Hear monthly from our Cloud CISO in your inbox
Get the latest on security from Cloud CISO Phil Venables.
SubscribeWelcome to the first Cloud CISO Perspectives for December 2023. Today I’ll be providing an update to our cloud security megatrends blog. First published in January 2022, the premise of cloud security megatrends is that there were eight “megatrends” that drive technological innovation.
It’s become clear that artificial intelligence has emerged as the ninth megatrend. While generative AI has defined this year as a disruptive technology that presents tremendous potential to revolutionize and transform the way we do business, Google has been applying machine learning and AI for security since at least 2005. Read on to see how AI fits into the cloud security megatrends rubric, and how understanding these megatrends can help business and security leaders improve their overall security posture.
As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.
Artificial intelligence: Augmentation to help reduce toil, manage threats, and scale talent
What started as pattern recognition evolved into machine learning, and that has since become a whole range of artificial intelligence tools including generative AI and underlying foundation models. AI has been the sleeper megatrend, first slowly and now rapidly becoming an integral part of what we do — broadly in IT, and especially in security as the challenge of stopping threats required creative adaptation. Similarly to cloud computing or any new technology, AI changes the risk landscape — both positively and negatively.
Security teams can adopt several approaches to understanding their security controls, including Breach and Attack Simulation (BAS) and Security Validation. BAS has proved useful to security teams needing a point-in-time understanding of how specific security controls perform; however, as the threat landscape and attack surface have broadened, BAS tools are often inadequate for true validation of security performance.
To more comprehensively test their defenses, organizations require critical functionality needed for continuous validation of security performance across their security infrastructure.
For all of its uses, AI is assuredly a cloud security megatrend that can increasingly fuel and accelerate all the other megatrends. While we also expect to see AI help attackers, AI should give defenders an advantage because AI is good at amplifying capability based on data — and defenders have more data.
For example, Google Cloud recently launched Duet AI for Security Operations, a generative AI tool that helps security teams detect, investigate, and respond to threats — including by analyzing large amounts of data in seconds, reducing time-consuming manual reviews, and improving response time.
In the long run, while AI is beneficial to cloud and on-premises systems, we believe that it can help cloud security more than on-prem security. AI taps into the virtuous circle of security improvement. Since generative AI models broadly become more useful when they’re trained on larger sets of data, there’s an immediate scaling problem that gen AI faces if it can only be trained from on-premises data. Clouds let you store and process more data to train (and tune) a foundation model on, and security-focused gen AI will become significantly better when it relies on not just “big data” but “massively huge data available in the cloud.”
Security gen AI foundation models such as Google Cloud’s fit squarely in the flywheel of security innovation. It depends on cloud technology, and it can also make cloud security better. While it may be possible to create similar gains for AI with on-prem as in the cloud, it's very unlikely because training AI is much easier (and easier to rapidly improve) with the data available in the cloud.
In the long run, while AI is beneficial to cloud and on-premises systems, we believe that it can help cloud security more than on-prem security. AI taps into the virtuous circle of security improvement.
Generative AI has the potential to revolutionize how we use technology, especially in cybersecurity. We are hopeful that it can significantly lighten the burden — and possibly even eliminate — three of security’s thornier problems: toil, threat overload, and the talent gap.
Enabling progress in AI means focusing on the opportunities it presents, the responsibilities we bear as we develop it, and securing AI from malicious use and hacking.
The bottom line is that cloud computing megatrends will propel security forward faster, for less cost and less effort than any other security initiative. With the help of these megatrends, the advantage of cloud security over on-prem is inevitable.
In case you missed it
Here are the latest updates, products, services, and resources from our security teams so far this month:
- How Google responded to the Reptar vulnerability: In November, Google announced in conjunction with Intel that we had discovered and issued a remediation for the Reptar vulnerability affecting CPUs. Here’s the story of how we found Reptar, and how our response unfolded. Read more.
- New cybersecurity center in Málaga will help build a safer Europe: The Google Security Engineering Center in Málaga is a new hub that will advance the state of the art in cybersecurity and malware analysis. Read more.
- A $10 million program to train students in cybersecurity across Europe: As part of the launch of our new flagship cybersecurity hub in Màlaga, we announced a $10 million cybersecurity skilling program through Google.org, in partnership with the European Cyber Conflict Research Incubator. Read more.
- How Stairwell uses Bigtable for cybersecurity: Stairwell is a new cybersecurity data analysis company, from the founder of Chronicle, built on Google Cloud. Here’s why they rely on Bigtable for their scalable, high-performance database needs. Read more.
- Cloud Armor for regional application load balancers now generally available: We’re announcing that Cloud Armor for Regional External Application Load Balancers is generally available. It can help customers create regionally-scoped Cloud Armor security policies. Read more.
News from Mandiant
- Improving FLARE’s malware analysis tools at Google Summer of Code 2023: This summer marked the FLARE team’s first year participating in Google Summer of Code (GSoC), a global open-source software development mentoring program. Here’s an overview of the FLARE 2023 GSoC projects. Read more.
Now hear this: Google Cloud Security and Mandiant podcasts
- Trust, security, and the latest Google Transparency Report: Our annual Transparency Report is out, and hosts Anton Chuvakin and Tim Peacock talk with Michee Smith, director of product management for Global Affairs Works at Google, about how the report got started, what we can (and can’t) include in the report, and how Access Transparency Logs factor into the analysis. Listen here.
- Balancing protection, data, and risks with cloud-era cyber insurance: Cloud security and cyber insurance are relatively new friends, so to help explain this hot-or-not relationship, Anton and Tim are joined by Monica Shokrai, head of business risk and insurance for Google Cloud. Listen here.
To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in two weeks with more security-related updates from Google Cloud.
