Government Security Summit Shines Light on Power of Innovation and Zero Trust

On Tuesday, July 20, public sector cybersecurity leaders gathered virtually at the Google Cloud Government Security Summit to learn, engage, and collaborate around a single goal – to improve the government’s cybersecurity posture and defenses. It’s a 24/7 mission that gets more challenging daily, and several of the world’s most respected cybersecurity thought leaders shared their most pressing needs, and their latest learnings, best practices, and strategies for a safer, more secure government  network. All sessions below are now available on demand.

Keynotes Set the Stage

The Biden Administration’s Cybersecurity Executive Order (EO) and the power of Zero Trust architecture set the stage and tone for the half-day event, starting with our keynote speakers. 

Google Cloud CEO Thomas Kurian kicked off the program with an overview of today’s cybersecurity landscape, the significance of the EO, and Google Cloud’s commitment to and leadership in cybersecurity in the public sector. 

“Google is a proud American company committed to defending our nation’s critical infrastructure,” Kurian said, “We are honored to support public servants, government agencies, and your mission.” 

He also introduced new solutions that will help government organizations accelerate their Zero Trust journey and improve their overall security posture. These include a Zero Trust assessment and planning offering, as well as a targeted deep-dive security assessment that helps government agencies proactively and rapidly analyze their cybersecurity logs to determine risk.

In his Q&A remarks, Mike Daniels, vice president, Global Public Sector, Google Cloud, highlighted two additional cybersecurity solutions: Google Cloud’s Actifio enterprise cloud data management solution, which enables agencies to quickly recover from ransomware attacks; and Secure Application Access Anywhere, which leverages Google’s Anthos solution to help users secure applications and identify and manage threats to network and data – across on-premises, hybrid, and multi-cloud environments.

The keynote session also featured two Biden Administration cybersecurity leaders: Chris DeRusha, federal chief information security officer, and Eric Goldstein, executive assistant director for cybersecurity for the cybersecurity and infrastructure security agency (CISA). DeRusha underscored the urgent need to change the cybersecurity paradigm in the wake of recent attacks, and how the EO and commitment to Zero Trust can achieve that shift. He also discussed the importance of measuring and assessing progress – highlighting how the EO prioritizes tested security, increased automation, and IT modernization with a strong focus on security outcomes.

Goldstein focused on the need to break the cycle and move to a posture where we are no longer surprised by the next attack; he highlighted how CISA is advancing this mission. He shared how the EO will drive progress in stemming the root causes of cybersecurity risk through initiatives such as Zero Trust and a more secure software supply chain. He also underscored the need for greater public-private cooperation, citing CISA’s new Joint Cyber Planning Office as one channel to expand collaboration.

Zero Trust Takes Center Stage: Security at Scale - Google's Zero Trust Journey

Zero Trust pioneers Dmitri Alperovitch, Founder and Former CTO of CrowdStrike and Executive Chairman of the Silverado Policy Accelerator, and Heather Adkins, Director of Information Security for Google, provided unique insight into the potential of Zero Trust architecture to transform the security of government organizations. Alperovitch shared his perspective on the most significant changes in the attack surface and cybercriminal tactics in recent years, the potential impact of the EO, and pitfalls agencies should avoid in implementing Zero Trust. Adkins then chronicled Google’s own journey to Zero Trust, including drivers for Google’s BeyondCorp initiative, as well as success in executing it globally.

Innovation in Action: Defense Innovation Unit (DIU) - Secure Application Access Anywhere 

When facing a daunting challenge, there’s nothing more inspiring and empowering than a real-world success story. Rick Simon, Cyber Portfolio Program Manager at the DIU, served up a healthy dose of inspiration. Simon shared the DIU’s journey to creating and implementing a successful secure cloud monitoring prototype, which was born out of necessity. The DIU collaborates with many private sector technology organizations, and it needed a more streamlined – yet highly secure – way for users to connect to the cloud directly through the internet. The DIU tapped Google Cloud and its Anthos platform for this mission – bringing new levels of security and management simplicity to its multi-cloud environment. As a result of this successful prototype, Google Cloud will now offer this container-based solution for secure application access and monitoring to a broader set of customers.  

A Compliance Page-Turner: Modernizing Compliance for Government

Google Cloud’s Jeanette Manfra, Director, Risk and Compliance, and Chris Johnson, Global Compliance Product Lead, promised to make compliance interesting and engaging--and they made good on their promise. The duo shared how Google Cloud is modernizing security and advancing the compliance journey using products like Assured Workloads and Confidential Compute. Manfra also discussed the importance of moving from a shared responsibility to a shared fate mindset – built on a foundation of transparency and commitment to investing in customer success. She explained that Google Cloud’s commitment extends well beyond providing a secure and trusted infrastructure and the auditing needed to document it. It also encompasses blueprints for secure and compliant solutions, as well as offerings to help agencies better respond to and remediate issues. For Google Cloud, this also includes partnering across the ecosystem to offer innovative joint risk management solutions.

Invest in a Robust Toolkit: Zero Trust Principles and Tools for Government

Google Cloud’s Ameet Jani, Product Manager, Engineering, and Robert Sadowski, Trust and Security Marketing Lead, unpacked Zero Trust principles and shared what tools agencies need to achieve their Zero Trust objectives. They showed how agencies can leverage user, device information, and strong multi-factor authentication, coupled with data protection, to elevate security, especially when employees are remote and phishing attacks are at record highs.

All About Analytics: Transform Cybersecurity Productivity with Next-Gen Analytics and Detection

Cybersecurity Analytics is a critical capability for organizations to counter threats and manage risk. But, most organizations don't do enough, do it well enough, or make full use of the data they have to elevate their cyber detection game. Eric Hutcheson, Customer Engineering Team Lead at Looker, Trevor Welsh, Global Security Strategist at Google, and Dan Prieto, Head of Security Strategy, Global Public Sector, at Google Cloud, broke it down for summit participants. They demonstrated how three powerful Google Cloud products ─ BigQuery, Looker, and Chronicle ─ combine to transform an agency’s cybersecurity situational awareness and balance the scales between cyber attackers and cyber defenders.

The Government Security Summit is a wrap, but Google Cloud’s commitment to partnering with public sector organizations to defend our nation’s critical infrastructure is stronger than ever. Together we can solve for the future of government cloud security.