In case you missed it: Google Cloud Security Talks, Zero Trust Edition

Yesterday we held our final Google Cloud Security Talks event of 2021. Our event focused on zero trust and covered everything from Google’s history with BeyondCorp to our strategic thinking when it comes to applying zero trust principles to production environments. We shared product updates across the portfolio and talked about how zero trust fits into our invisible security vision.

In case you missed the event, we’ve put together a brief recap below. Of course, we’d also encourage you to check out the sessions on-demand for all the details!

Our opening keynote highlighted many recent security launches, including:

• the general availability of Cloud IDS, which helps detect network-based threats, including attempts to exploit the Apache Log4j vulnerability; 

• the new Mute Findings feature for Security Command Center which helps organizations more effectively manage their security posture on GCP based on their policies and requirements;

• and the Threat Horizons report, a new report by the Google Cybersecurity Action Team (GCAT) describing recent threat intelligence observations from teams across Google.

We then brought together security leaders across Google for a panel discussion of our zero trust vision. Our panelists emphasized the need to embrace the fact that security is not static which makes adoption of a zero trust mindset where trust is established via multiple mechanisms and verified continuously an imperative. The session also highlighted how even taking small steps - such as prioritizing specific applications as you begin your zero trust journey - can still have a large impact on improving your security posture.

Next, we covered some recent product announcements from the BeyondCorp Enterprise team, including the new Policy Troubleshooter feature. This session gave users a closer look at new product features across access, signal integrations, and threat and data protection capabilities leveraging machine-learning in real-time.

We then pivoted the conversation and two of our speakers shed more light on Google’s BeyondProd approach. First, we shared our learnings from building a cloud-native security model, which provides significant benefits to both application development and security teams. We outlined different principles you can apply to your infrastructure design and operations in order to strengthen the deployment of your workloads, better secure their communications, and limit their exposure to other workloads, in ways that can ultimately reduce the burden on individual developers.

We discussed how customers can bring BeyondProd to life in their own environments and offer zero trust protection for workloads with Google Cloud capabilities. These sessions featured customers who shared their experiences with VPC-Service Controls and Certificate Authority (CA) Service. We also announced some exciting news: CA Service now supports third-party identity federation and can issue certificates to attest to on-premises third-party identities using Google Cloud workload identity federation. Certificates can be issued for both users and workloads. 

Next, in light of the White House effort to deploy a zero trust model across the US federal government, we spent some time sharing how Google Cloud can support government guidance. Google recently announced a $10 billion investment to strengthen cybersecurity, including expanding zero-trust programs, helping secure the software supply chain, and enhancing open-source security. This session gave an overview of how different Google Cloud services align to federal cybersecurity priorities.

Our last session provided an overview of how we are strengthening security and privacy across the Google Workspace platform applying zero trust principles to the applications that allow customers to collaborate effectively with features such as Trust Rules for Drive.

These sessions will be available on-demand on our Google Cloud Security Talks page for you to reference. If you’d like to speak with a representative about Google Cloud’s zero trust access solutions, please fill out this form. Lastly, if you are planning to attend the 2022 RSA Conference in San Francisco (February 7-10, 2022), check out goo.gle/rsa-2022 to arrange a meeting with our team at the event.