Presented by Google Cloud
Thirty new security products announced at Google Cloud Next'19 spurred conversation around how public sector leaders can maintain security expectations and cyber-safety, especially during times of digital migration.
How do you manage the herculean task of securing the city that never sleeps? The answer lies with Colin Ahern, New York City Cyber Command’s deputy chief information security officer for Security Sciences.
In July 2017, New York City Mayor de Blasio released an executive order announcing the launch of the New York City Cyber Command (NYC3), urging centralized, accountable and vital protection of the city’s information infrastructure as a critical part of the “health, safety, and welfare of the residents.” Since its founding, NYC3 has worked to stay a step ahead of all types of cyber threats -- leveraging education and false network attacks to pinpoint key cybersecurity combat strategies in the cultural and business metropolis.
To protect the enormous citizen and visitor population in New York City, NYC3 has turned to Google Cloud to organize and interpret the security log data that track threats crucial to formulating defense response and cybersecurity architecture-- for example, NYC3’s NYC Secure app is prepared to defend over 13 types of mobile threats. “Yesterday I think we processed slightly over 12 billion events, with the average processing time less than 10 milliseconds,” says Ahern, about 50 times faster than when you blink your eye.
As a smaller agency that packs a punch on the defense lines, NYC3 relies on transparency, visibility and data security; ingredients that only the most trusted cloud solutions can provide. The leaders spearheading these efforts shared their experiences at Google Cloud Next '19 -- where Ahern dove into NYC3’ priorities, hurdles and key resources to achieving the NYC3 mission.
“Cybersecurity is a public safety issue,” Ahern says. “Not just the critical services and infrastructure, but the very livelihood of our citizens depends on a well-functioning internet. The government owes you tools so that you can lead safer digital lives online.”
NYC3 is one of the many agencies adopting the cloud, and the momentum shows no signs of letting up. At Google Next ‘19, several government agencies showcased how they are implementing a range of cutting-edge cloud solutions to deliver modernized citizen services.
Over the span of three days, Google Cloud Next ‘19 featured more than 400 breakout sessions and more than 1,000 Google Cloud customer and partner speakers. Thirty new security products spurred conversation around security advancements and data protection solutions diminishing the roadblocks agencies often face with cloud migrations. For example, Policy Intelligence, which helps security teams manage access, information and policies to reduce risk, allows users to work easily and securely across hybrid and multiple cloud platforms.
Urs Hölzle, the senior vice president of technical infrastructure at Google, emphasized that enterprises must not forgo security for innovation and compromise sensitive data in the process. “Security is something we’ve built in from the start comprehensively,” Hölzle says. “We start with the principle that your data is your data, and only your data. No one should access it without your knowledge and consent.”
In an era of rapidly shifting technological change, tools need to support the missions of its users and the outcomes they desire. For Google, it is important to understand the barriers industry leaders face, and figure out where Google Cloud technology can fit in place as a solution.
“Our secure responder environment is run on Google Cloud, our security data pipeline uses Google Cloud Platform tools” so that “we can ensure that the right data gets to the right analyst or analytical process at the right time to defend against cyber threats,” Ahern says.
For example, NYC3 recently kicked off a collaborative initiative with the Manhattan District Attorney and the Police Commissioner of New York City to launch the New York City Cyber Critical Services and Infrastructure Project, developing a sturdier and intentional cybersecurity infrastructure using cloud intelligence and data sharing to sync protocol across 17 industry sectors.
“Our mission isn’t to hire a bunch of robots to replace a bunch of people,” Ahern says of NYC3’s cybersecurity systems. “We want to use a person to think strategically, to draw an analogy, to make plans and designs, and then have a system execute those at high velocity, high reliability, and high scale.”
Defining the Cloud Impact
Google has worked with government customers to help them increase their productivity and integrate new security tools, while helping educate government employees on cloud capabilities including data analytics, collaboration and security. Access Transparency, a new product launched by Google Cloud, taps into Google’s internal workflow to give users control over Google Cloud administration support. Furthermore, if Google employees are granted access, the transparency logs record who, when and for what reasons this access occurred.
For Google, innovation also means a new form of visibility and meaningful oversight into operations that involve sensitive data, altering the relationship that enterprises can have with their providers, even at a large scale with billions of data points. “We are all here for a common purpose,” says Suzanne Frey, the vice president of engineering at Google. “We wake up galvanized every morning. Security is at the heart of making that happen, and if we don’t feel secure to begin with, that won’t happen.” Google Cloud’s network capacity, along with the tools, ensures protection over 1.5 billions consumers using Google applications, stopping over 10 billion spam emails every minute, Frey says.
A 2018 Forrester Research report found Google Cloud Platform to be one of just two leaders in current offerings and strategy for security when compared with competitors with varying market presence. Google Cloud’s large number of security certifications, as well as its vast ecosystem of solutions, offers the most dynamic and flexible platform to help modernize and secure its customers. “We build our own servers, we control the supply chain, and we are responsible for fixing the issues in our stack,” says Frey. “Not waiting on a vendor.”
Halfway across the country, several years before de Blasio launched NYC3, Wyoming public leaders started contemplating the best ways to securely and cost-effectively modernize their state government. It was a “really archaic system we were dealing with,” says Tony Young, the former chief information officer of Wyoming. When Wyoming became the first state to go Google in 2011, maintaining a high security posture was non-negotiable during this critical digital migration. Young worked with former Wyoming Gov. Matt Mead to grow and enhance Wyoming’s department of Enterprise Tech Services, using Google Cloud to lessen “our physical footprint significantly, improving disaster recovery plans, offering cost savings and increases in security,” the ETS website says. Young and Mead worked with Google Cloud to securely transfer thousands of government employees to G Suite, ultimately saving taxpayers 6 million dollars a year.
At Google Cloud Next’ 19, Google executives showed how they have listened and collaborated with their customers to keep a pulse on their security needs, through tools that will allow government leaders to deliver more innovative products, and spend less time and money managing infrastructure. “Google has been our single best partner in any endeavor,” Young says.
NEXT STORY: Insights into Today’s Breaches and Cyber Attacks