Jump to Content
Security & Identity

Cloud CISO Perspectives: September 2022

September 30, 2022
Phil Venables

VP, TI Security & CISO, Google Cloud

Welcome to September’s Cloud CISO Perspectives. This month, we're focusing on Google Cloud’s acquisition of Mandiant and what it means for us and the broader cybersecurity community. Mandiant has long been recognized as a leader in dynamic cyber defense, threat intelligence, and incident response services. As I explain below, integrating their technology and intelligence with Google Cloud’s will help improve our ability to stop threats and to modernize the overall state of security operations faster than ever before. 

As with all Cloud CISO Perspectives, the contents of this newsletter will continue to be posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.

Why Mandiant matters

Cybersecurity is moving through a tumultuous period of growth, change, and modernization as small organizations, global enterprises, and entire industries move to the cloud. Their digital transformations are an opportunity to do security better and more efficiently than before. 

At Google Cloud, we believe that our industry should evolve beyond defense strategies and incident response techniques that, in some cases, predate the wide availability of broadband Internet. Our acquisition of Mandiant only underscores how important this belief is to how we work with our customers, putting their security first.   

Mandiant has been a leader in incident response and threat intelligence for well over a decade. In my experience, they've been at the forefront in dealing with all major developments of threats, threat actors, and landmark events in the industry. We have no intention of changing this – their expertise and capabilities will be even more amplified within Google Cloud. 

In fact, we see this as a terrific opportunity to combine what we’re both good at when it comes to security operations. Google Cloud already has excellent SIEM and SOAR capabilities with Chronicle and Siemplify. With Mandiant, we’re able to provide more threat intelligence and incident response capabilities than ever before. At the end of the day, this is a natural and complementary combination of products and services.

We hope to lead the industry towards a democratization of security operations that focuses on “workflows, personnel, and underlying technologies to achieve an autonomic state of existence,” as Google Cloud CEO Thomas Kurian said. And as Mandiant CEO and founder Kevin Mandia wrote, protecting good people from bad is what this is all about. “We can help organizations find and validate potential security issues before they become an incident,” he said.

Mandiant also embraces our shared fate vision, where we are actively involved in the outcomes of our customers. We want to work with customers where they are, and help them achieve better outcomes at every phase of their security lifecycle. From building secure infrastructure, to understanding and defending against new threats, to reacting to security incidents, we want to be there for our customers – and so does Mandiant.

Mandiant is the largest acquisition ever at Google Cloud, and the second-largest in Google history. As cybercriminals continue to exploit new and old vulnerabilities — see last month’s column for more on that — bringing Mandiant on as part of Google Cloud only underscores how important effective cybersecurity has become. 

Coming in October: Google Cloud Next and Mandiant Mwise

Our big annual user conference Google Cloud Next ‘22 is just around the corner, and it’s going to be an incredible three days of news, conversations, and hopefully more than a little inspiration. For current cloud customers and those among you who are cloud-curious, security is a foundational element in everything we do at Google Cloud and will be ever-present at Next.

From October 11 - 13, you’ll be able to dive into the latest cloud tech innovations, hear from Google experts and leaders, learn what your peers are up to, and even try new skills out in the lab sessions. You can read more about the sessions for further details, and sign up here

The following week, Mandiant hosts its inaugural mWISE conference from October 18 - 20. This vendor-neutral conference is a must for SecOps leaders and security analysts, which will bring together cybersecurity leaders to transform knowledge into collective action in the fight against persistent and evolving cyber threats. You can read more about the sessions for further details, and sign up here

Google Cybersecurity Action Team highlights

Here are the latest updates, products, services and resources from our security teams this month: 


  • Best Kept Security Secrets: Organization Policy Service: Our Organization Policy Service is a highly-configurable set of platform guardrails for security teams to set broad yet unbendable limits for engineers before they start working. Learn more

  • Custom Organization Policy comes to GKE: Sometimes, predefined policies aren’t an exact fit for what an organization wants to accomplish. Now in Preview, the Custom Organization Policy for GKE can define and tailor policies to their organization's unique needs. Read more.

  • What makes our security special: Our reflections 1 year after joining OCISO: Google Cloud’s Office of the CISO Taylor Lehmann and David Stone reflect on their first year helping customers be more secure at Google Cloud. Read more.

  • How to use Google Cloud to find and protect PII: Google Professional Services has developed a solution using Google Cloud Data Loss Prevention to inspect and classify sensitive data, and then apply these insights to automatically tag and protect data in BigQuery tables. Read more.

  • Introducing Workforce Identity Federation, a new way to manage Google Cloud access: This new Google Cloud Identity and Access Management (IAM) feature can rapidly onboard workforce user identities from external identity providers and provide direct secure access to Google Cloud services and resources. Learn more.

  • Three new features come to Google Cloud Firewall: Firewalls provide one of the basic building blocks for a secure cloud infrastructure, and three new features are now generally available: Global Network Firewall Policies, Regional Network Firewall Policies, and IAM-governed Tags. Here’s what they do

  • New ways BeyondCorp Enterprise can protect corporate applications: Following our announcement with Jamf Pro for MacOS earlier this year, we are excited to announce a new BeyondCorp Enterprise integration: Microsoft Intune, now available in Preview. Read more.

  • Connect Gateway and ArgoCD: Integrating your ArgoCD deployment with Connect Gateway and Workload Identity provides a seamless path to deploy to Kubernetes on many platforms. ArgoCD can easily be configured to centrally manage various cluster platforms including GKE clusters, Anthos clusters, and many more. Read more

  • Architecting for database encryption on Google Cloud: Learn security design considerations and how to accelerate your decision making when migrating or building databases with the various encryption options supported on Google Cloud. Read more.

  • Introducing fine-grained access control for Cloud Spanner: As Google Cloud’s fully managed relational database, Cloud Spanner powers applications of all sizes. Now in Preview, Spanner gets fine-grained access control for more nuanced IAM decisions. Read more.

  • Building a secure CI/CD pipeline using Google Cloud built-in services: In this post, we show how to create a secure software delivery pipeline that builds a sample Node.js application as a container image and deploys it on GKE clusters. Read more.

  • Introducing deployment verification to Google Cloud Deploy: Deployment verification can help developers and operators orchestrate and execute post-deployment testing without having to undertake a more extensive testing integration, such as with Cloud Deploy notifications or manually testing. Read more.

Industry updates

  • The 2022 Accelerate State of DevOps Report: Our 8th annual deep dive into the state of DevOps finds broad adoption of emerging security practices, especially among high-trust, low-blame cultures focused on performance. Read the full report.

Compliance & Controls

  • Evolving our data processing commitments for Google Cloud and Google Workspace: We are pleased to announce that we have updated and merged our data processing terms for Google Cloud, Google Workspace, and Cloud Identity into one combined Cloud Data Processing Addendum. Read more.

  • Data governance building blocks for financial services: How does data governance for financial services correspond to Google Cloud services and beyond? Here we propose an architecture capable of supporting the entire data lifecycle, based on our experience implementing data governance solutions with world-class financial services organizations. Read more.

  • Update on regulatory developments and Google Cloud: As part of our commitment to be the most trusted cloud, we continue to pursue global industry standards, frameworks, and codes of conduct that tackle our customers’ foundational need for a documented baseline of addressable requirements. Here’s a summary of our efforts over the past several months. Read more.

Google Cloud Security Podcasts

We launched a new weekly podcast focusing on Cloud Security in February 2021. Hosts Anton Chuvakin and Timothy Peacock chat with cybersecurity experts about the most important and challenging topics facing the industry today. This month, they discussed:

  • Everything you wanted to know about securing AI (but were afraid to ask): What threats does artificial intelligence face? What are the best ways to approach those threats? What do we know so far about what works to secure AI? Hear answers to these questions and more with Alex Polyakov, CEO of Adversa.ai. Listen here.

  • Inside reCAPTCHA’s magic: More than just “click on buses,” here’s how reCAPTCHA actually protects people, with Badr Salmi, product manager for reCAPTCHA. Listen here

  • SRE explains how to deploy security at scale: The art of Site Reliability Engineering has a lot to teach security teams about safe and rapid deployment, with our own Steve McGhee, reliability advocate at Google Cloud. Listen here.

  • An XDR skeptic discusses all things XDR with Dimitri McKay, principal security strategist at Splunk. Listen here.

To have our Cloud CISO Perspectives post delivered every month to your inbox, sign up for our newsletter. We’ll be back next month with more security-related updates.

Posted in