Welcome to the second Cloud CISO Perspectives for May 2023. I hope you all enjoyed our previous newsletter from my Office of the CISO colleague MK Palmore, on Google’s new cybersecurity certification and how it can help prepare aspiring cybersecurity experts for their next career steps. Before I …
Welcome to the second Cloud CISO Perspectives for April 2023. This is our first month moving to a twice-monthly cadence, with a guest column today from my friend and the CEO of Mandiant, Kevin Mandia. Mandiant, the company Kevin founded in 2004, was acquired by Google last year. At …
Welcome to the first Cloud CISO Perspectives for April 2023. This is our first month moving to a twice-monthly cadence, with a guest column at the end of April from my friend and colleague, Kevin Mandia. Today, I’d like to talk about the newest report from the Google …
Welcome to Cloud CISO Perspectives for March 2023. The Biden-Harris Administration released its National Cybersecurity Strategy on March 2, so this month I’d like to discuss how the strategy aligns with our approach to security at Google Cloud. While the strategy is intended to guide American cybersecurity efforts …
Welcome to February’s Cloud CISO Perspectives. This month, we’re going to take a look at one of the most important issues our industry faces right now: securing the software supply chain. At Google Cloud, we’ve been heavily invested in creating a layered approach to software supply …
Welcome to January’s Cloud CISO Perspectives. This month, we’re going to catch up with a few of the cloud security megatrends that I described a year ago, and see how they and the cloud security landscape has evolved. As with all Cloud CISO Perspectives, the contents of …
When we closed the Mandiant acquisition in September 2022, we set the expectation that we’d be investing heavily in cybersecurity offerings that can help customers mitigate risk. In the short time since our two companies came together, we’ve aimed to do just that. Today, we are announcing …
Welcome to December’s Cloud CISO Perspectives. This month, we’re going to look back at the most important security lessons of 2022 with my colleagues in our Office of the CISO and on the Google Cybersecurity Action Team. As with all Cloud CISO Perspectives, the contents of this …
Welcome to November’s Cloud CISO Perspectives. I’d like to celebrate the first year of the Google Cybersecurity Action Team (GCAT) and look ahead to the team’s goals for 2023. As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud …
Welcome to October’s Cloud CISO Perspectives. This month, we're focusing on our just-completed Google Cloud Next conference and Mandiant’s inaugural mWise Conference, and what our slate of cybersecurity announcements can reveal about how we are approaching the thorniest cybersecurity challenges facing the industry today. As I wrote …
Welcome to September’s Cloud CISO Perspectives. This month, we're focusing on Google Cloud’s acquisition of Mandiant and what it means for us and the broader cybersecurity community. Mandiant has long been recognized as a leader in dynamic cyber defense, threat intelligence, and incident response services. As I …
Welcome to this month’s Cloud CISO Perspectives. This month, we're focusing on the importance of vulnerability reward programs, also known as bug bounties. These programs for rewarding independent security researchers for reporting zero-day vulnerabilities to the software vendor first started appearing around 1995, and have since evolved into …
Welcome to this month’s Cloud CISO Perspectives. Starting with this issue, we’re going to add even more top-of-mind content based on the hot topics we see emerge across the industry and with our customers, globally. Today, we're focusing on the evolving relationship between an organization's boardroom and …
The U.S. Department of Homeland Security (DHS) recently announced the results of the first report from the Cyber Safety Review Board (CSRB) on the log4j software library vulnerabilities discovered in late 2021. Google welcomed the opportunity to participate in the development of the CSRB report and share our …
The National Institute of Standards and Technology (NIST) on Tuesday announced the completion of the third round of the Post-Quantum Cryptography (PQC) standardization process, and we are pleased to share that a submission (SPHINCS+) with Google’s involvement was selected for standardization. Two submissions (Classic McEliece, BIKE) are being …
June saw the in-person return of the RSA Conference in San Francisco, one of the largest cybersecurity enterprise conferences in the world. It was great to meet with so many of you at many of our Google Cloud events, at our panel hosted in partnership with Cyversity, and throughout …
June saw the in-person return of the RSA Conference in San Francisco, one of the largest cybersecurity enterprise conferences in the world. It was great to meet with so many of you at many of our Google Cloud events, at our panel hosted in partnership with Cyversity, and throughout …
European legislators came to an inter-institutional agreement on the Digital Operational Resilience Act (DORA) in May 2022. This is a major milestone in the adoption of new rules designed to ensure financial entities can withstand, respond to and recover from all types of ICT-related disruptions and threats, including increasingly …
May was another big month for us, even as we get ready for more industry work and engagement at the RSA Security Conference in San Francisco. At our Security Summit and throughout the past month, we continued to launch new security products and features, and increased service and support …
This month marks one year of our Cloud CISO Perspectives Series ! Over the past year, we’ve discussed many milestones and challenges across our industry. I’m most proud of the work our collective security teams at Google Cloud are doing everyday to help improve security for our customers …
Two themes have been resonating for me across the security industry over the last month. The first is a topic from my personal blog that I wrote more than two years ago: Resilience is about Capabilities not Plans. Collectively, organizations have proven their ability to be resilient in light …
As the tragic Russian invasion of Ukraine continues, we want to provide customers and partners with an update on how Google Cloud is providing resources for organizations, protecting against potential cyberattacks, and delivering network resiliency. We continue to work closely with U.S. and international officials in our approach …
As the war in Ukraine continues to unfold, I want to update you on how we’re supporting our customers and partners during this time. Google is taking a number of actions. Our security teams are actively monitoring developments, and we offer a host of security products and services …
I’m excited to share our first Cloud CISO Perspectives post of 2022. It's already shaping up to be an eventful year for our industry and we’re only in month one. There’s a lot to recap in this post, including the U.S. government’s recent efforts …
We are often asked if the cloud is more secure than on-premise infrastructure. The quick answer is that, in general, it is. The complete answer is more nuanced and is grounded in a series of cloud security “megatrends” that drive technological innovation and improve the overall security posture of …