How Google Cloud helps government agencies stay ahead of security threats
Lynn Martin
Vice President, Google Public Sector
Cybersecurity remains a top national concern, and Google Cloud is committed to providing government agencies with the security capabilities they need to achieve their missions. At the annual Google Cloud Security Summit today, we’re excited to share updates on how we’re helping governments around the world address their pressing security challenges and meet the demands of new and evolving cybersecurity mandates.
Introducing Assured Open Source Software service
Google Cloud is announcing its new Assured Open Source Software (OSS) service to help improve the security of the software supply chain, one of the major objectives of White House Executive Order 14028 on Improving the Nation’s Cybersecurity. Assured OSS can assist in making the open source ecosystem more secure and help government agencies identify, assess, and respond to cybersecurity risks throughout all levels of an organization’s supply chain, in alignment with guidance from the National Institute of Standards and Technology (NIST) in support of the EO.We continue to work closely with government leaders to innovate and develop initiatives and frameworks that strengthen open source software and the software supply chain. For example, Google launched Supply Chain Levels for Software Artifacts in June 2021. Also known as the SLSA framework, it formalizes criteria around software supply chain integrity to help the industry and open-source ecosystem secure the software development lifecycle. We also introduced Open Source Insights, which helps developers better understand the structure and security of the software they use. Assured OSS, which is expected to enter Preview in Q3 2022, reflects our continued commitment to building safer security practices in government.
Transforming security analytics and operations
Google Autonomic Security Operations (ASO) solution is available to help public sector agencies and government leaders meet the requirements set forth in EO 14028 and OMB M-21-31 around cybersecurity analytics and threat management.Powered by Google Chronicle and Siemplify, ASO can allow agencies to comprehensively manage cybersecurity telemetry across an agency, support the Event Logging Tier requirements of the White House guidance, and ultimately transform the scale and speed of threat detection and response. ASO can also help government agencies support continuous detection and continuous response so that cybersecurity teams can increase their productivity, reduce detection and response times, and stay ahead of attackers.
Expanding our government compliance
To continue to help meet government’s security and compliance needs, we’re expanding Assured Workloads to help enable regulated workloads to run securely at scale in Google Cloud's infrastructure. We are also pleased to announce that 14 new Google Cloud services1 support FedRAMP Moderate and three services2 are being added to support FedRAMP High — with more coming this summer.To help meet the Zero Trust requirements outlined in EO 14028, Google Cloud provides a range of capabilities to help federal agencies progress toward a Zero Trust architecture. Google Cloud’s BeyondCorp Enterprise can enhance government agencies’ ability to implement and scale Zero Trust secure access to applications and data on premises or in any cloud. For the Defense Innovation Unit (DIU), Google Cloud is implementing a Secure Cloud Management solution – leveraging Anthos, our container deployment and orchestration solution – to help provide a scalable, highly responsive alternative to the Department of Defense’s current network boundary security architecture. Google Cloud also offers a range of Professional Services engagements to help accelerate agencies’ adoption of cloud and of Zero Trust architectures.
We are proud to help government agencies innovate securely, and we will continue to pursue federal certifications to support their needs. For more information on our work with the federal government and our security capabilities, please visit our Google Cloud for U.S. federal cybersecurity webpage.
1 New FedRAMP Moderate services include: Anthos Config Management, Anthos Service Mesh, Assured Workloads, Binary Authorization, Certificate Authority Service, Cloud External Key Manager, Cloud Run for Anthos, Cloud Scheduler, Cloud Tasks, Connect Service Directory, Document AI, Game Servers, and Secret Manager
2 New FedRAMP High services include: Cloud Admin Console, Cloud Data Loss Prevention, and Cloud Logging