With cyberthreats growing, Google has launched a Cybersecurity Action Team with the goal of “supporting the security and digital transformation of governments, critical infrastructure, enterprises, and small businesses,” according to the company.
Google wants the new group to be the world’s “premier security advisory team,” the company said in a blog post. While the team will support Google Cloud customers, its research, security blueprints, and other outputs will be available for those who aren't customers as well, a company spokeswoman said.
The Cybersecurity Action Team will bring together security experts from across the company. It will provide strategic advisory services, trust and compliance services, engineering services to help customers deploy Google Cloud, and threat intelligence and incident response services.
Recent cyberattacks, including those on Colonial Pipeline and SolarWinds, demonstrate the need for better cybersecurity efforts, Google said in its blog post. The company in August announced it would spend $10 billion over the next five years to strengthen its cybersecurity efforts, and the new cybersecurity team is part of that program.
“Cybersecurity is at the top of every C-level and board agenda, given the increasing prominence of software supply chain exploits, ransomware, and other attacks,” Thomas Kurian, CEO of Google Cloud, said in the blog post.
Most cybersecurity experts applauded the new Google team, saying more research and cyber-defense efforts are welcome. Google’s announcement is a “nice step.” Still, companies also need to focus on security as software is being developed, said Peter McKay, CEO of Snyk, an open-source security company for app developers.
“At the end of the day, nothing truly changes if the industry doesn’t embrace developer security and make better use of the world's growing developer population,” he told the Washington Examiner.
The world faces several cybersecurity challenges, including a shortage of qualified cybersecurity experts, he added.
“Attackers are becoming more sophisticated, driving customers and legislators alike to seek ways to force companies to properly protect their data,” McKay said. “Unfortunately, cybersecurity can’t be solved by simply pouring money into it. Every year, we see companies like Google increase security, and yet the number of breaches across industries only grows.”
While Google’s new effort is primarily focused on supporting its Google Cloud customers, the company is likely to share important information with the broader market, said Dean Coclin, senior director of business development at DigiCert, an encryption vendor. Google has been open with sharing research from initiatives such as Project Zero, he noted.
“Given the increased hacking events reported in the news, and especially with large ransoms paid to criminals, cybersecurity is top of mind for every [chief information officer],” Coclin told the Washington Examiner. “Google is making a big investment in defensive and compliance measures to show organizations that they are serious about thwarting potential threats and keeping companies safe. We see this as a positive sign that will help companies protect their confidential information.”
In August, Google’s investment announcement came alongside a White House initiative to pump up the nation’s cybersecurity efforts. Several other companies announced new efforts at the same time.
“While it’s unclear whether Google’s investment would have happened without this event, it will certainly be welcomed by companies struggling with their IT security,” Coclin said. “Because hackers continue to exploit weaknesses in IT infrastructure and the high-profile attacks that have resulted, we expect more companies to join Google and Microsoft in announcing cybersecurity measures in the coming year.”
However, some IT experts raised questions about how much the Google team will focus on its large customers. “Many of Google's consumer-oriented products haven't seen as much security attention as they probably should have,” said Craig Boyle, co-founder and sales and marketing director at MSP Blueshift, an Australian IT services and consulting provider for small and medium enterprises. “The main issue is that this new team may focus too closely on existing Google Cloud customers and not correctly [on] other companies and businesses who threaten their and their users' security.”
Washington Examiner Videos
Original Author: Grant Gross
Original Location: Google launches new cybersecurity defenses