Jump to Content
Security & Identity

Cloud CISO Perspectives: November 2022

November 30, 2022
https://storage.googleapis.com/gweb-cloudblog-publish/images/cybersecurity_action_team_jl2RU0c.max-2600x2600.jpg
Phil Venables

VP, TI Security & CISO, Google Cloud

Welcome to November’s Cloud CISO Perspectives. I’d like to celebrate the first year of the Google Cybersecurity Action Team (GCAT) and look ahead to the team’s goals for 2023.  

As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.

GCAT, one year later

We launched the Google Cybersecurity Action Team in October 2021 as a premier security advisory team, with the singular mission of supporting the security and digital transformation of governments, critical infrastructure, enterprises, and small businesses. The core mission is to help guide customers through the cycle of their security transformation, starting with their first cloud-adoption roadmap and implementation through increasing their cyber resilience preparedness for potential events, and to even help engineer new solutions in partnership with them as requirements change.

Readers know that cybersecurity has only become more top-of-mind – yet organizations face continued challenges as they kick off and advance their security transformations. Our desire to help with and accelerate this process is directly tied to Google Cloud’s shared fate model, where we take an active stake in the security posture of our customers by offering secure defaults, capabilities to ensure secure deployments and configurations, opinionated guidance on how to configure cloud workloads for security, and assistance with measuring, reducing, accepting, and transferring risk.

We’ve gotten very positive feedback on our strategy of deploying the right people with the right expertise at the right moment during customers’ transformation journeys, and doing it in an integrated way so that the handoff from one specialist team to the next is seamless. This may not seem revolutionary, but focusing on making customers more secure from the beginning of their journey helps reduce toil and ingrain better security practices earlier on. 

We focus heavily on how we build the institutional memory of particular customers on particular teams so that if a customer comes back, we can deploy the same or adjacent people to work with them. Most organizations are not solely on one cloud platform, so it's helpful to make sure we’ve got people we can re-deploy who understand the customer’s broader multicloud and hybrid environment. We look at the challenges that we see in engagements with customers and use those as a fast feedback loop into which future solutions and blueprints and products we should be working on.

Ultimately, GCAT’s role is at the forefront of making these transformations less daunting. We’ve also found that our quarterly Threat Horizons report helps progress towards that goal. Threat Horizons offers a unique fusion of security data and strategic threat intelligence pulled together from across research teams at Google, geared for security leaders and their leadership teams. Many CISOs and other leaders have told us that they find Threat Horizons helpful in part because our research often reflects their own findings, and can help make their arguments stronger.

As GCAT moves into its second year, we plan on further developing partnerships with our consulting teams (Professional Services and Mandiant) and we’ll continue to scale our offerings through specializations and feedback loops.

You can also listen here to my conversation with Google Cloud security experts Anton Chuvakin and Timothy Peacock on the Cloud Security podcast on the first year of GCAT and how it fits in with industry trends.  

Security Talks in December

Our Google Cloud Security Talks event for Q4 will focus on two topics that we’ve emphasized continuously in our Cloud CISO Perspectives — threat detection and Zero Trust. Join us on December 7 to hear from leaders across Google as well as leading-edge customers on these two critical initiatives. Click here to reserve your spot and we’ll see you there (virtually).

Google Cybersecurity Action Team highlights

Here are the latest updates, products, services and resources from our security teams this month: 

Securing tomorrow today: We updated our internal encryption-in-transit protocol to protect communications within Google from potential quantum computing threats. Here's why.

Making Cobalt Strike harder for threat actors to abuse: We took steps with Cobalt Strike’s vendor to hunt down cracked versions of the popular red team software, which often are used in cyberattacks. Read more.

How data embassies can strengthen resiliency with sovereignty: Data embassies extend the concept of using a digital haven to reduce risk, made possible by the flexible, distributed nature of the cloud. Here’s how they work, and how they intersect with Google Cloud. Read more.

For a successful cloud transformation, change your culture first: To fully incorporate all the benefits of a cloud transformation, an organization should update its security mindset and culture, along with its technology. Read more.

From the FBI to Google Cloud, meet CISO Director MK Palmore: Following three decades in the Marines and the FBI, MK Palmore came to Google Cloud’s Office of the Chief Information Security Officer in 2021 to help Google tackle some of the hardest security problems the industry faces right now. Read more.

Does the internet need sunscreen? No, submarine cables are protected from solar storms: A Google team set out to analyze the risks that undersea cables face from solar storms. Here’s what they learned. Read more.

CISO Survival Guide: How financial services organizations can more securely move to the cloud: The first day in the cloud can be daunting for financial services organizations. What are the key questions they face, and how can they best respond to them? Read more.

Multicloud Mindset: Thinking about open source and security in a multicloud world: Security leaders and architects are shifting away from traditional security models, which are increasingly insufficient for protecting multicloud environments. Here’s what you need to know about the trend. Read more.

Google Cloud security tips, tricks, and updates

4 more reasons to use Chrome’s cloud-based management: Take a deep dive into recent improvements to the Chrome Browser Cloud Management tool. Read more.

Introducing Cloud Armor features to help improve efficacy: Google Cloud Armor can be used more efficiently with two new features, an auto-deploy option for proposed rules generated by Adaptive Protection, and advanced rule tuning. Read more.

IAM Deny creates a simple way to harden your security posture at scale: New Identity and Access Management Deny policies can more easily create rules that broadly restrict resource access, a powerful, coarse-grained control to help implement security policies at scale. Read more.

Chronicle Security Operations offers new, faster search and investigative experience: A new investigative experience comes to Chronicle Security Operations, with lightning-fast search across any form of structured data, and greater flexibility to pivot and drill-down when conducting complex, open-ended threat investigations. Read more.

How to analyze security and compliance of your dependencies with the Open Source Insights dataset: The Open Source Insights project scans millions of open-source packages, computes their dependency graphs, and annotates those graphs with security advisories, license information, popularity metrics, and other metadata. Read more.

How to migrate on-premises Active Directory users to Google Cloud Managed Microsoft AD: For organizations operating in Microsoft-centered environments, Google Cloud offers a highly-available, hardened Managed Service for Microsoft Active Directory running on Windows virtual machines. Read more.

Announcing Private Marketplace, now in Preview: Looking to reduce employee usage of shadow IT and out-of-date software? IT and cloud administrators can now create a private, curated version of Google Cloud Marketplace for their organizations. Read more.

New Mobile SDK can help reCAPTCHA Enterprise protect iOS, Android apps: The reCAPTCHA Enterprise Mobile SDK can help block fake users and bots from accessing mobile apps while allowing legitimate users to proceed, and it’s now generally available to developers. Read more.

Practicing the principle of least privilege with Cloud Build and Artifact Registry: How to help reduce the blast radius of misconfigurations and malicious users using Cloud Build and Artifact Registry. Read more.

Automate cleanup of unused Google Cloud projects: Part of reducing technological debt means getting rid of abandoned projects, but doing that manually is time-consuming. You can automate that process using Remora, a serverless solution that works with the Unattended Project Recommender. Read more.

Should I use Cloud Armor: Cloud Armor provides DDoS defense and additional security for apps and websites running on Google Cloud, on-prem or on other platforms. This guide can help you decide when to use this powerful tool. Read more.

How to configure Traffic Director: Traffic Director is a managed Google service that helps solve common networking challenges related to flow, security, and observability. Here’s how to use it. Read more.

Compliance & Controls

Google Cloud completes Korea Financial Security Institute audit: Earlier this year, we worked with South Korean auditors to support a group of leading South Korean FSIs interested in expanding their adoption of Google Cloud. Read more.

Google Public Sector announces continuity-of-operations offering for government entities under cyberattack: Every U.S. government agency is now expected to have a Continuity of Operations Plan (COOP) in place. Google Workspace is positioned to help with these business and collaboration continuity needs, ensuring agency teams can continue to work effectively and securely in the event of an incident. Read more.

Announcing Assured Workloads for Israel in Preview: Assured Workloads helps customers create and maintain controlled environments. The Assured Workloads Preview for Israel provides data residency in our new Israel Cloud region, cryptographic control over data, and service usage restrictions that help keep organizations in policy compliance. Read more.

Google Cloud Security Podcasts

We launched a new weekly podcast focusing on Cloud Security in February 2021. Hosts Anton Chuvakin and Timothy Peacock chat with cybersecurity experts about the most important and challenging topics facing the industry today. This month, they discussed:

Google Workspace security, from threats to Zero Trust: Is compliance changing? Have hardware keys really stopped phishing? Which security assumptions do we need to revisit? We discuss these important hybrid workplace security questions and more with Nikhil Sinha and Kelly Anderson of Google Workspace. Listen here.

Secrets of cloud security incident response: Cloud transformations also change security standards and protocol, including incident response challenges, creating effective partnerships with cloud service providers, and even the definition of a security incident, with Google security specialists Matt Linton and John Stone. Listen here.

A deep dive on the release of detection rules for CobaltStike abuse: In this  conversation with Greg Sinclair, security engineer at Google Cloud, we discuss his blog post explaining how and why Google Cloud took action to limit the scope of malicious actor abuse of Cobalt Strike. Listen here

Who observes Cloud Security Observability? From improving detection and response to making network communications more secure to its impact on the shift to TLS 1.3, here is everything you wanted to know about “observability data” but were afraid to ask, with Jeff Bollinger, director of incident response and detection engineering at LinkedIn. Listen here.

Cloud threats and incidents — RansomOps, misconfigurations, and cryptominers: How are cloud environments attacked and compromised today, and is cloud security a misnomer? With Alijca Cade, director of financial services at Google Cloud’s Office of the CISO, Ken Westin, director of security strategy at Cybereason, and Robert Wallace, senior director at Mandiant. Listen here.

To have our Cloud CISO Perspectives post delivered every month to your inbox, sign up for our newsletter. We’ll be back next month with more security-related updates.

Posted in