Google unveils cybersecurity programs and action team
By the end of 2021, cybercrime is expected to cost the world $6 trillion. And by 2025, this figure will climb to $10.5 trillion, according to Cybersecurity Ventures. There’s been a rash of recent high-profile cyberattacks, including Colonial Pipeline, the SolarWinds breach, and JBS USA. That’s perhaps why 80% of senior IT employees believe that their companies lack sufficient protection against cyberattacks, despite increased security investments made in 2020.
To address the challenges, Google today at Google Cloud Next 2021 debuted Work Safer, a program to help organizations, employees, and partners collaborate in hybrid work environments. It also unveiled a new security-focused task force — the Cybersecurity Action Team — and a security and resilience framework, in addition to enhanced security capabilities in Workspace.
The announcements come after research showing that companies want cloud providers to increase their security efforts. According to a a recent Tripwire survey, while the majority of enterprises believe that public cloud providers are doing enough to ensure security for users, it’s “just barely adequate.”
Work Safer is designed to provide companies with access to security for email, meetings, messages, documents, and additional services through Workspace (formerly G Suite), Google says. The program incorporates Pixel phones managed with Android Enterprise, Chrome Enterprise Upgrade, and HP Chromebooks as well as Google’s Titan Security Keys, reCAPTCHA Enterprise for website fraud prevention, and endpoint and intrusion protection from CrowdStrike and Palo Alto Networks.
Work Safer taps Chronicle for analytics and account protection. Chronicle — which houses VirusTotal, a virus-scanning tool Google acquired in 2021 — launched two years ago as a division within Google parent company Alphabet focused on cybersecurity. It develops machine learning-powered software to sift and analyze stores of data to detect cyberthreats ostensibly more quickly and precisely than traditional methods.
BeyondCorp Enterprise is also included as a part of Work Safer. A subscription-based version of Google’s BeyondCorp product, it’s a zero trust platform that allows an organization’s employees to access apps in the cloud or on-premises and work without a remote-access VPN. With zero trust security, no user is trusted by default — whether they enter a network internally or externally.
“[Work Safer] is designed to meet the needs of all organizations, including small businesses, enterprises and public sector institutions, many of which are reliant on legacy technology and often lack expertise to fully address rising security challenges associated with hybrid work,” Google wrote in a blog post. “Work Safer … uniquely brings together the cloud-native, zero-trust solutions of Workspace with BeyondCorp Enterprise for secure access with integrated threat and data protection.”
Cybersecurity Action Team
In August, Google announced it would dedicate $10 billion over the next five years to strengthen cybersecurity by expanding zero trust programs, securing software supply chains, and enhancing open source security. The Cybersecurity Action Team is one of the company’s first efforts under these commitments, Google says, with others to follow in the future.
The Cybersecurity Action Team aims to advise customers on the state of their digital security while providing program management and professional support. It delivers advisory services for customers’ security strategies, including workshops and educational content, with trust and compliance programs that map Google’s certifications to industry control frameworks.
The Cybersecurity Action Team offers blueprints and architectures for deploying Google Cloud products and services in accordance with regulatory requirements. It also includes threat intelligence, autonomic security operations, and incident response services spanning threat briefings, preparedness drills, incident support, and rapid response engagements.
Alongside the Cybersecurity Action Team, Google announced the aforementioned security and resiliency framework, which delivers a security management program aligned to the National Institute of Standards and Technology’s Cybersecurity Framework. “The vision … is to guide customers through the cycle of security transformation — from their first transformation roadmap and implementation, through increasing their cyber-resilience preparedness for potential events and incidents, and engineering new solutions as requirements change,” Google wrote.