Google plans to win the cloud war with its security strategy • The Register

Interview Google’s quest to steal cloud customers from rivals Amazon and Microsoft will be won — or lost — depending on its strength as a cybersecurity provider.

The web giant is pumping billions of dollars into its security offerings to make this big gamble pay off. This includes mergers and acquisitions as well as building technology to work in AWS, Azure, and on-premises environments.

While the ultimate goal remains to divert large organizations to Google Cloud, helping customers strengthen their network and IT defenses during this transition is a key goal, according to Sunil Potti, vice president of Google Cloud Security.

“Your overall security hygiene improves if most of your workloads are on cloud,” Potti said in an interview with The register. “This is our endgame, our true North. But along the way, we have to help modernize security because adversaries don’t wait. »

This deliberate security strategy within Google Cloud began about three and a half years ago – before SolarWinds ushered in this era of high-profile supply chain attacks in enterprise computing. Instead of just selling Google as a cloud service provider, “we intentionally decided…we’re a security brand,” Potti said.

It’s become both a strategic move and a differentiator for Google, which remains the third- or sometimes lowest-ranked cloud provider after Amazon and Microsoft, depending on which market share report you read.

Customers want to talk about multi-cloud even before they’re ready for it and while they’re still on a single cloud, such as Amazon Web Services or Azure. Even before a customer has committed to using Google Cloud Platform, Google hopes to at least tempt the customer with its security protection technologies. In other words, specify that customers can choose Google Cloud as their security provider, at least, if not as a full cloud platform.

“Really, what happens is someone starts with one cloud, reaches critical mass, and then expands to other clouds,” Potti said.

“While we wait for these multi-cloud decisions, what if you could move from the CIO to the CISO office, and in the CISO office find a way to get them to adopt security like we would at the inside Google, but without necessarily having to come to Google Cloud? »

Become a safety mark

Google’s answer to this question was Anthos – its multi-cloud platform introduced in 2019. It allows customers to run Kubernetes workloads in their data centers and on Google Cloud Platform, as well as on AWS and Azure.

And that gave security a prominent role. The platform built on its Beyond Body approach to security that Google began developing in 2010, after Chinese cyber spies successfully infiltrated it and the networks of other tech giants. of Silicon Valley and stolen intellectual property.

The security breach prompted Google to divert access controls from the network perimeter to individual users and devices – becoming the buzzword for zero trust.

Also in 2019, Google moved its Chronicle security analytics platform — which spun out of Alphabet into a standalone startup — back into its cloud security fold.

Around this time, security became a major pillar of Google Cloud, and Google “invested heavily in its standalone security products,” Potti recalled. “We have infrastructure, we have Workspace, we have data and analytics, and ML-AI, and then we have cloud security,” he said.

We’re told that Google tried to take a different approach than its rivals.

“With Amazon, you have to be on Amazon to sample the rest of the security capabilities,” Potti said. “You can’t modernize your security operations center (SOC) if you’re not completely on Amazon. You can’t adopt a zero-trust posture for your entire company and contractors” if you’re not quite on Amazon.

Meanwhile, Microsoft “wants to be an end in itself” for security products and software in general, he argued. “The analogies you hear about Microsoft having fire in the forest and also charging as a ranger,” he joked.

Potti confirmed that Google’s strategy differs from its two main cloud competitors in two key ways. First, its security products work in a customer’s environment, not just Google Cloud. And second, instead of offering a general-purpose security stack, “we’ve chosen a few markets as priority markets that we believe are the most important to be reimagined and bottled up in all these learnings in a few large market segments”, he explained.

Autonomous SOC

The Security Operations Center (SOC) is one such segment. This is an area where Google is using its internally developed technology combined with acquisitions to move customers into “autonomous” operations, Potti said.

In its second-biggest acquisition of all time, Google has signed a $5.4 billion deal to buy Mandiant, which would bring the company’s threat detection and intelligence, as well as its advisory and response services Incidents in Google Cloud. It’s also worth noting that Microsoft supposedly explored a takeover of Mandiant, and it fell through.

Potti was unable to discuss the Mandiant deal, which is also the subject of a lawsuit. But in March, when Google announced the planned acquisition, the cloud provider said it planned to integrate Mandiant’s services into its security operations product portfolio.

This includes BeyondCorp Enterprise for zero trust, VirusTotal for software vulnerabilities, Chronicle security scanning and automation, and Google Cloud’s new announcement. Cyber ​​Security Action Team.

For example, “Google Cloud’s Chronicle security operations tools, Siemplify solutions, and Mandiant’s automated defense help customers analyze, prioritize, and streamline threat response and leverage Mandiant’s expertise in as a virtual extension of their teams,” according to a Google. statement at the time.

Months before the Mandiant deal was announced, Google reportedly paid $500 million to acquire Siemplify to integrate security orchestration, automation, and response (SOAR) into Chronicle, which already provided functionality security information and event management (SIEM) and analytics.

Endpoint, XDR Partners

Additionally, Google partners with advanced feature and extended detection providers, including CrowdStrike, Palo Alto Networks, and Cybereason, who provide their own security services in addition to Google’s Chronicle and BeyondCorp enterprise suite” for a more comprehensive offering,” Potti noted.

In addition to partnering with the Endpoint Detection and Response team, Google also invested $50 million in Cybereason late last year.

These measures are intended to help customers move “from manual security operations to automated security operations to autonomous security operations,” Potti said.

Security automation only gets organizations halfway to the goal, he explained. “As soon as you free up your ability to store unlimited amounts of data – like petabytes of data from your DNS system or your endpoint – you can go beyond automation to what I call operations. autonomous. »

This makes real-time context — and the use of AI combined with live threat hunting teams to analyze massive amounts of data to find potential threats — increasingly important, Potti said.

He used a nation-state attack on a bank in Europe as an example of Google using both organic and inorganic security capabilities to transition to autonomous security operations in other territories.

“Any intelligence that I can plant on the front line,” he explained, “can soak[…]to all other customers subscribing to the real-time service. And with that knowledge in the system, potti said, “the chance of recognizing this actor if he shows up in Atlanta as a zero-day attack improves.” ®

Leave a Comment