Much of the cybersecurity chatter over the past year on artificial intelligence has focused on how AI brings new risks into play and strengthens the attackers. While recognizing there is some apprehension, Google Cloud’s cyber strategy for 2024 is counter to that, arguing that disruption can lead to positive change.
“After all, there’s no shortage of long-standing problems in security — and our work with AI shows the technology has tremendous potential to help,” wrote Charley Snyder, Google’s head of security policy, in a recent blog post. “There is still more work to do to ensure AI technology is safe and secure, but if we solely focus on risks to avoid, we will never achieve its transformative potential,” he wrote.
At its Google Cloud Next ‘24 confab, the company has introduced a slew of new services and capabilities in support of AI. The event included a partner summit aimed at the cloud giant's reseller, MSSP and system integrator partners.
“Generative AI offers tremendous potential to tip the balance in favor of defenders and we continue to infuse AI-driven capabilities into our products,” wrote Sunil Potti, Google Cloud Security vice president and general manager, in unveiling new capabilities across its security portfolio.
Google's Security Offering Lineup
Here’s the lineup of offerings:
- Gemini in Security Operations: An assisted investigation feature guides analysts through their workflow wherever they are in Chronicle Enterprise and Chronicle Enterprise Plus. Generally available at the end of April.
- Gemini in Threat Intelligence: Conversational search across Mandiant’s repository of threat intelligence directly from frontline investigations. Now in preview.
- Gemini in Security Command Center: Offers preview features that let security teams search for threats and other security events using natural language.
Previews of new capabilities in Gemini Cloud Assist
- IAM Recommendations: Provides contextual recommendations to remove roles from over-permissioned users or service accounts to help uplevel IAM posture and reduce risk exposure.
- Key Insights: Provides assistance during encryption key creation based on its understanding of data, encryption preferences and compliance needs.
- Confidential Computing Insights: Recommends options for adding confidential computing protection for highly sensitive workloads based on data and compute usage.
New Enterprise Defenses
- Chrome Enterprise Premium: Brings together Chrome with Google’s threat and data protection, Zero Trust access controls, enterprise policy controls, and security insights and reporting. Generally available now.
Threat Intelligence
- Applied Threat Intelligence in Google Security Operations: Through threat visibility helps security operations teams uncover more threats with up-to-date threat intelligence to address them before they create damage or loss.
Managing Cloud Risk
- Security Command Center Enterprise Cloud: New risk-management solution that unites proactive cloud security and enterprise security operations. Offers security teams a single view of their posture controls, active threats, cloud identities and data. Generally available now.
- Mandiant Hunt for Security Command Center Enterprise: Offers on-demand human expertise that can become an extension of internal security operations teams. Hundreds of elite-level analysts and researchers are available on-call. Now in preview.
Updated Cloud Security Capabilities for Identity and Access Management
- Privileged Access Manager (PAM): Helps customers shift from always-on standing privileges towards on-demand access with just-in-time, time-bound, and approval-based access elevations. Available now in preview.
- Principal Access Boundary (PAB): Empowers security administrators to enforce restrictions on IAM principals so that they can only access authorized resources within a specific defined boundary. Available now in preview.
For Network Security
- Cloud First NGFW Enterprise: Next generation firewall includes threat protection powered by Palo Alto Networks with a distributed architecture that can provide granular control at the workload level. Now generally available.
- Cloud Armor Enterprise: Offers a pay-as-you-go model that includes advanced network DDoS protection, web application firewall capabilities, network edge policy, adaptive protection, and threat intelligence to help protect your cloud applications and services. Now generally available.
For Data Security
- Confidential Accelerators: For AI and ML workloads, Google Cloud supports Intel AMX, which provides CPU-based acceleration by default on C3 series Confidential VMs. Confidential Compute will also be coming to A3 VMs with NVIDIA H100 GPUs in preview later this year. Confidential Computing portfolio now spans Intel, AMD, and NVIDIA hardware. Now in preview and available on the C3 machine series with Intel TDX.
- Sensitive Data Protection integration with Cloud SQL: Deeply integrated into the Security Command Center Enterprise risk engine. Can pinpoint high-value assets, analyze vulnerabilities in databases, and simulate real-world attack scenarios that can proactively address risks and safeguard data. Generally available now.
- Key management with Autokey: Simplifies creating and managing customer encryption keys (CMEK) by ensuring the right key type is used for each resource. Now in preview.
- Expanded regions available for bare metal hardware security module deployments: Allows users to deploy their own HSMs in PCI-compliant facilities with your Google Cloud workloads.
For Regulated Cloud offerings
- Regional Controls for Assured Workloads: Can enforce data residency for customer content at rest, offers administrative access transparency, as well as compliant service restriction and monitoring. Regional controls are available at no additional cost. Available in 32 cloud regions in 14 countries. Now in preview.
- Audit Manager: Can help customers simplify their compliance audit process by automating control verification with proof of compliance for their workloads and data on Google Cloud. Now in preview.
