A new Google cybersecurity team will have the “singular mission” of supporting the security and digital transformation of governments, critical infrastructure, businesses and small businesses, the company said.
Google’s cybersecurity action team is basically a team of cybersecurity advisors tasked with providing incident response services, advising on security plans, and helping customers securely deploy Google Cloud. The idea is to guide clients through the process of improving their cybersecurity profile, including:
- A roadmap for transformation and implementation.
- Strengthen cyber resilience to prepare for possible cyber attacks.
- Design new solutions to meet changing needs.
Google and tech heavyweights discuss cybersecurity
In August 2021, Google was among a number of IT heavyweights that pledged money, programs, and workforce training to bolster U.S. cybersecurity at the behest of President Biden. . The company has pledged to spend $ 10 billion over the next five years to expand zero trust programs, help secure the software supply chain, and improve open source security. Google also said it would help 100,000 Americans earn industry-recognized digital skills certificates to qualify for security-focused jobs. The Google Cybersecurity Action team is part of this commitment.
The group will be made up of internal cybersecurity experts from various business units. Google has not specified how many people will be joining the effort or when it will begin.
Here’s what Google expects from the team:
- Strategic consulting services for client security strategies, including transformation workshops and educational content.
- Advise clients on the structure of their digital security transformation and provide assistance with program management and professional services.
- Trust and compliance services that combine Google’s global compliance certifications with industry control frameworks.
- Customer engineering and security solutions that provide proven blueprints and architectures for deploying Google Cloud products and services securely and in accordance with regulatory requirements.
- Complete solutions for autonomous security operations and cyber resilience.
- Threat intelligence and incident response services, including threat briefings, preparedness exercises, incident support and rapid response commitments.
“Cyber security is at the top of every C-level program and board, given the growing importance of software supply chain exploits, ransomware and other attacks,” said Thomas Kurian, director general of Google Cloud.
Google, AWS, Microsoft and MSSP
Of particular note, while Google has spoken of internal expertise for its new team, a striking absence in the makeup of its cybersecurity team are MSSPs (Managed Security Service Providers). Although Google is working with MSP partners.
In contrast, Google’s main competitors have made a concerted effort to involve MSSPs in similar initiatives. For example, at the end of August 2021, Amazon Web Services (AWS) deployed MSSP Level 1 competency for AWS partners who provide security and monitoring as a fully managed service. The Level 1 competency helps AWS customers identify AWS Partners, in this case MSSPs and Managed Detection and Response (MDR) service providers with cloud security expertise and experience. Several Top 250 MSSP and Top 40 MDR have obtained the competency.
On a related note, the Microsoft Intelligent Security Association (MISA) has now grown to include 67 MSSP members that support 165 managed security service offerings, the provider said in mid-2021. Microsoft positions MISA as an independent ecosystem of software vendors, MSSPs and MDRs who have integrated their solutions to better defend their partners and customers against cyber attacks.
The federal government weighs down on Google’s security team
In a somewhat unusual choice to comment on a private sector company, the Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly touted the Google cybergroup. “It’s great to see a large company like Google Cloud orienting itself to support the cybersecurity of all organizations, large and small, through its Cyber Security Action Team, and as part of the JCDC and other initiatives, we look forward to partnering with them and other tech companies. in this vital effort, ”Easterly said in a statement. Google is a member of the CISA Joint Cyber Defense Collaborative (JCDC) formed to help defend the United States against cyberattacks.
Meanwhile, Google unveiled its new Work Safer program that combines Google Workspace with offers from Palo Alto Networks and CrowdStrike to help a wide range of organizations implement a more secure collaboration and communication solution environment. The program is aimed at small businesses, businesses and public sector institutions, many of which use legacy technologies and struggle to overcome the security challenges of working remotely, Google said.
“As daily headlines attest, threats are increasing and vulnerabilities in legacy communication and collaboration systems continue to be exploited,” said Sunil Potti, vice president and general manager of Google Cloud Security. “Work Safer makes it easier for organizations to adopt a much stronger security posture to defend against phishing, malware, ransomware and other cyber attacks. “
Google Cloud has also rolled out a new Security and Resiliency Framework that includes a comprehensive security management program with cloud technologies that matches the National Institute of Standards and Technology’s cybersecurity framework.
Google Cloud, Chronicle and Cybereason XDR: joint development and investment?
In the midst of all this movement, Google was not done. In another move, Google Cloud has apparently invested in Cybereason, an XDR (eXtended Detection and Response) security software company. On a possibly related note, the two companies announced Cybereason XDR powered by Google Chronicle. The cloud-native service “automates the prevention of common attacks, guides analysts through security operations and incident response, and enables threat hunting with precision at a rate never seen before,” the two companies say.