The Google Cloud suite offerings are now compatible with new U.S. government regulations requiring a Zero Trust architecture.
Following the Biden administration’s Executive Order on Improving the Nation’s Cybersecurity (more details below), Google Cloud has announced a suite of new Zero Trust offerings for U.S. federal, state and local governments. These services are an expansion on much of Google’s current software as a service (SaaS), and platform as a service (PaaS) offerings that allow federal, state and local government agencies to implement the new executive order. The level of software security goes beyond the executive order by incorporating the National Institute of Standards and Technology (NIST) standards to bolster the strength of Google’s offerings.
The rapid digitization caused by the COVID-19 pandemic has ushered in a larger threat surface than previous security regulations were equipped to keep up with, coming at an unprecedent time with no lead-up. Whereas many government agencies were previously at least semi-paper based, many had to go nearly completely digital in a rapid time frame and will likely continue to keep many of their operations and processes digital for the foreseeable future.
“Ransomware, cybercrime, and nation-state attacks have caused significant disruptions and high costs. To mitigate this crisis, it is critical that federal agencies take a sweeping approach to protect the security and privacy of digital assets and cultivate the ability to anticipate, identify, contain, measure, and address cyber-risks,” noted IDC Government Insights Research Director Adelaide O’Brien.
Attacks like the Colonial Pipeline hack this past May only highlight our current reliance on digital systems while also showcasing the importance of cybersecurity. When digital systems work, we don’t even think about them to the point of forgetting about them, but if they become compromised and provide a key piece of infrastructure, then all our lives are inadvertently affected.
The sudden transition from the physical workplace to the digital environment did not allow organizations enough time to pivot to the digital and provide adequate supports or skills training for the new cyber environment where both technical and nontechnical employees have found themselves. Millions of government employees logging in from personal devices, or from on home networks, have created a large potential attack surface for cyber criminals.
In response, the plan outlined in the Executive Order on Improving the Nation’s Cybersecurity hopes to address these gaps while also providing a forward-looking cybersecurity framework for government agencies that will also influence private enterprise, especially companies that do contract work for the government.
Zero Trust is a cybersecurity philosophy based on the notion that organizations should never trust anything, including items and agents within and outside of its perimeters. With Zero Trust, every connection coming its way must be verified before system access is granted. Zero Trust contrasts with the old-fashioned castle and moat framework that many organizations still employ, which assumes that everything within the organization does not pose a threat and is therefore cleared for full access. This approach of focusing on potential threats on the perimeter turns organizations’ backs to possible threats on the inside, thus making them even more vulnerable to such attacks. Consider the film trope of a hacker needing to get inside an organization’s premises to gain access to their networks. With Zero Trust, they would not be able to connect to the networks because they would not have the requisite access.
In direct response to the Zero Trust requirements set forward by the Biden administration’s executive order, Google Cloud is launching three new service offerings—Zero Trust Assessment and Planning, Secure Application Access Anywhere, and Active Cyber Threat Detection—to ease the transition for government departments and agencies throughout the U.S. as they work toward meeting those benchmarks.
Google Cloud’s Zero Trust Assessment and Planning offerings will be distributed and managed through Google Cloud’s professional services organization (PSO). The PSO is what Google refers to as its “post-sales” department that helps clients come up with security, data migration, artificial intelligence (AI) and machine learning (ML) solutions. In short, it is Google’s consultancy wing for cloud services.
The Zero Trust Assessment and Planning offering was created to help government agencies reach security goals through Zero Trust architecture planning models for core applications and data. Google Cloud’s PSO teams will advise government entities on technology needs and requirements as well as provide support on things like workplace culture change and policies required for a successful adoption of Zero Trust. Google Cloud’s PSO current iteration of its Zero Trust for government plan involves delivering each of those components in phases to ensure a successful adoption and utilization within the customer’s business infrastructure. This new offering from Google Cloud will allow government agencies to leverage Google Cloud tools to support existing administrative assets and infrastructure as well as empower them on either cloud-based, on-premises, or hybrid computing environments.
Secure Application Access Anywhere is Google Cloud’s new container-based offering for secure application access and monitoring. This application delivery system is leaner than virtual machines and can be utilized as a scalable, responsive alternative to old-fashioned government network boundary systems. This service offering is delivered in collaboration with Palo Alto Networks and Google Cloud’s PSO team. Secure Application Access Anywhere uses Google Cloud’s Anthos (an enterprise-level infrastructure and application management operations platform) to help deploy and manage containers while ensuring secure access and monitoring applications in cloud and on-premises environments for potential threats. A successful prototype was recently launched within the Defense Innovation Unit of the U.S. Department of Defense to help provide the unit with controlled secure access to SaaS apps over the Internet.
Active Cyber Threat Detection monitoring services will help U.S. government agencies determine if they may have been affected by a cyberattacks before the attack is even detected. Google has partnered with Deloitte and Fishtech CYDERES to fully harness the capabilities of Google Cloud’s Chronicle platform to investigate, detect and hunt threats against protected U.S. government assets.
Beyond the aforementioned new service offerings, many of Google Cloud’s existing solutions are already compatible with Zero Trust and can be immediately deployed to help agencies accelerate their secure digitalization so that they can protect themselves and recover from cyberattacks. BeyondCorp Enterprise is Google’s Zero Trust access solution that provides users with access to internal web applications, SaaS solutions, and cloud resources through strong access policies based on user identity and device contextual data. BeyondCorp Enterprise is an end-to-end platform that also offers integrated threat and data protection for a fully compliant Zero Trust cybersecurity platform. Google Workspace (previously the G Suite) is also Zero Trust compatible and enables organizations to immediately start operating within a Zero Trust environment for email, communication and workplace collaboration. Google’s acquisition of Actifio in 2020 has proven beneficial as Google will also be utilizing the platform to help provide backup and disaster recovery services for government data.
