Welcome to the second Cloud CISO Perspectives for October 2024. Today, Anton Chuvakin, senior security consultant for our Office of the CISO, offers 10 leading indicators to improve cyber-physical systems, guided by our analysis of the White House’s new PCAST report. As with all Cloud CISO Perspectives, the …

The DORA research program has been investigating the capabilities, practices, and measures of high-performing technology-driven teams and organizations for more than a decade. It has published reports based on data collected from annual surveys of professionals working in technical roles, including software developers, managers, and senior executives. Today, we …

At Google Cloud, we believe that cloud computing will increasingly shift to private, encrypted services where users can be confident that their software and data are not being exposed to unauthorized actors. In support of this goal, our aim is to make confidential computing technology ubiquitous across our Cloud …

Vulnerability reward programs play a vital role in driving security forward. By incentivizing security research, vulnerabilities can be found and fixed by vendors before they are potentially exploited by malicious actors, protecting users and strengthening security posture. Also known as bug bounties, Google has long been a leader in …

The modern workplace revolves around the browser. It's where employees access critical applications, handle sensitive data, and collaborate with colleagues. This makes the browser a critical point for enforcing security. Chrome Enterprise, the most trusted enterprise browser, recently introduced powerful new capabilities for Chrome Enterprise Premium designed to further …

Government organizations and agencies face significant challenges from threat actors seeking to compromise data and critical infrastructure, and impact national and economic stability. These attacks target a broad range of industries and organizations, from water security to rural health care, via external targeting and insider threats. Government organizations are …

Welcome to the first Cloud CISO Perspectives for October 2024. Today I’m discussing new AI vulnerabilities that Google’s security teams discovered and helped fix, and why it’s important for AI vendors to share vulnerability research impacting their technology. As with all Cloud CISO Perspectives, the contents …

Operating a telecommunications network is more than just connecting phone calls, or helping people share funny videos online. Telecom networks are critical components of our society’s infrastructure. Telecom operators face a wide array of risks to the critical communication services they provide and the sensitive data they protect …

Project Shield has helped news, human rights, and elections-related organizations defend against distributed denial of service (DDoS) attacks since 2013 as part of Google's commitment to keep online content universally accessible. The solution has helped keep election resources online, supported news reporting during pivotal geopolitical events, and helped governments …

Google Cloud constantly innovates and invests significantly in our capabilities to stop cyberattacks such as distributed denial-of-service attacks from taking down websites, apps, and services. It’s an essential part of protecting our customers. Our Project Shield offering, which uses Google's Cloud networking and our Global Front End infrastructure …

To build trust in the software world, developers need to be able to digitally sign their code and attest that the software their customers are downloading is legitimate and hasn’t been maliciously altered. Keys used to sign code are the cryptographic equivalent of crown jewels for many organizations …

Google Cloud is committed to ensuring that your data remains safe, secure, and firmly under your control. This begins with fortifying the very foundation of your compute infrastructure — your Compute Engine virtual machines (VMs) — with the power of Confidential Computing. Confidential Computing protects data while it’s being used …

Cloud security teams use cloud-native application protection platforms (CNAPPs) to find misconfigurations and vulnerabilities in their multi-cloud environments. While these solutions can discover thousands of potential security issues in large cloud environments, many fail to answer two fundamental cloud security questions: “Where am I most at risk?” and “What …

Welcome to the second Cloud CISO Perspectives for September 2024. Today, Google Cloud’s Vinod D’Souza and Chris Cornillie examine the vital role that CISOs play in working with cloud providers to improve their organization’s incident preparedness. As with all Cloud CISO Perspectives, the contents of this …

Security information and event management (SIEM) systems are the backbone of most security operations centers and security teams rely on them for effective threat detection, investigation, and response. We’re thrilled to share that Google has been named a Leader in the IDC MarketScape: Worldwide SIEM for Enterprise 2024 …

Introduction Password rotation is a broadly-accepted best practice, but implementing it can be a cumbersome and disruptive process. Automation can help ease that burden, and in this guide we offer some best practices to automate password rotation on Google Cloud. As an example, we share a reference architecture to …

Ask 10 cybersecurity experts to define “attribution” and they would likely provide as many different answers. The term has become an industry buzzword for the process by which evidence of a breach is converted into a public disclosure naming the attackers responsible. In reality, attribution is the result of …

Identities can be a major source of cloud risk when they’re not properly managed. Compromised credentials are frequently used to gain unauthorized access to cloud environments, which often magnifies that risk since many user and service accounts are granted access to cloud services and assets beyond their required …

To stay ahead of evolving threats, security leaders and practitioners must tap into a vital but underutilized tool to strengthen their defenses: collaboration. The power of communication and knowledge-sharing among peers can help defenders seize the advantage when fighting threat actors who repeat the same tactics, techniques, and procedures …

Stolen credentials are one of the top attack vectors used by attackers to gain unauthorized access to user accounts and steal information. At Google, we’re continually evolving security capabilities and practices to make our cloud the most trusted cloud. To help protect your organization from stolen credentials, cookie …

Welcome to the first Cloud CISO Perspectives for September 2024. Today I’m taking a look at how our initiatives to drive cybersecurity collaboration across industries, regulators and governments, IT consortia, and researchers and universities can help make everyone safer online. As with all Cloud CISO Perspectives, the contents …

Electronic Arts (EA) is a global leader in digital interactive entertainment, known for its cutting-edge games, innovative services, and powerful technologies. So when EA Sports FC, a leading brand in the gaming industry, needed to choose a cloud provider to host its gaming infrastructure, they selected Google Cloud Armor …

The first step towards protecting sensitive data begins with knowing where it exists. Continuous data monitoring can help you stay one step ahead of data security risks and set proper access controls to ensure data is used for the right reasons while minimizing unnecessary friction. Google Cloud’s Sensitive …

Welcome to the second Cloud CISO Perspectives for August 2024. Today Google Cloud Security’s Peter Bailey talks about our upcoming Mandiant Worldwide Information Security Exchange (mWISE) Conference, and why mWISE can be one of the most valuable events this year for CISOs, security leaders, and those looking to …

In today's digital landscape, data reliability, availability, and performance are paramount. Businesses and organizations rely on cloud storage solutions that not only ensure that data is safe, but that also provide uninterrupted access and low latency. Cloud Storage is a robust solution to these challenges, offering three distinct types …