Security updates from Google Cloud Next '24 center on GenAI

Google has infused Gemini into its security tools and while GenAI isn’t going to solve every security problem right away, its assistive capabilities save much needed time.

A few weeks ago at Google Cloud Next '24, we saw progress on Google's generative AI vision with updates that apply GenAI across several security offerings to help solve pressing cybersecurity challenges.

The updates come just eight months after Google Cloud Next '23, where Google laid out its vision for applying GenAI to security including secure development processes and optimizing threat detection and response.

Here's my rundown of key takeaways from this year's conference, along with my thoughts on how GenAI and cybersecurity are differentiators that could drive migrations to Google Cloud.

Enterprise readiness depends on security


In his keynote, Google Cloud CEO Thomas Kurian described how GenAI is poised to transform every company in every industry with new ways to build helpful applications and services for customers and employees.

Google is making the case that its cloud infrastructure is right for AI workloads. Google's updates to BigQuery create a unified platform for data to AI, including a scalable metadata service with universal table definitions with enforcement of fine-grained access control policies for analytics and AI runtimes, which essentially make it easier to manage and handle the vast scores of data.

Users of Google products know the company makes it easy to search, in emails or on the internet. That would be difficult in other platforms without a lot of work to classify or tag the data. This is the type of advantage they are claiming in AI -- they have the infrastructure and foundation to enable safe usage and better security for GenAI adoption.

This is important as security leaders determine their strategies for managing risk. However, there are challenges for Google. Research from TechTarget's Enterprise Strategy Group shows that most organizations use multiple cloud services; 95% of organizations use two or more cloud service providers (CSPs) and 70% have three or more CSPs. The research also shows that organizations typically see third-party security vendor products as effective (45%) compared to using CSP-provided security controls (34%) because they need to address applications across environments.

Google and other CSPs have multi-cloud offerings for cloud-native application protection platforms, but customers understand that the CSP's security capabilities are optimized for the CSP's own environment.

Google needs to make a competitive play for more migrations and seek new customers through its security offerings. Kurian said Google has three key differentiators that are spurring organizations to move to Google Cloud: data analytics, AI and cybersecurity. My Enterprise Strategy Group colleague wrote about how Google is gaining traction with customers for data analytics and GenAI. Let's take a look at how Google might drive migrations with cybersecurity.

Cloud detection and response and streamlining SecOps

In March, Google introduced Security Command Center Enterprise, which helps cloud security teams manage posture while also enabling security operations (SecOps) teams to optimize threat detection investigation and response using Mandiant.

This is timely as our recent research on cloud detection and response showed that organizations are looking for better ways to align threat detection and response (TDIR) with their cloud-native development processes and workloads.

At Google Cloud Next '24, Brian Roddy, vice president of engineering of cloud security at Google, described the company's efforts to ensure that defenders can best apply GenAI to give them the advantage over attackers who use GenAI. Google is applying Gemini to "supercharge security with AI," assisting security teams by reducing time intensive, tedious tasks, cutting through the noise of alerts, and facilitating the analysis needed to rapidly respond to threats and attacks.

There is a healthy dose of skepticism in this area. Several years ago, we saw a wave of security offerings using machine learning to detect suspicious or abnormal behaviors and realized the challenges of building models with enough data to train them.

Google has a long history with AI, and now holds the advantages of data, models and search capabilities. Google offers Chronicle as a SecOps platform with security information and event management (SIEM). While SIEMs enable the logs of information for TDIR, the main problem is sifting through the data, which can be like finding a needle in a haystack.

When threats and attacks occur, time is money and efficiency is key. Chronicle uses Google's search capabilities to quickly investigate petabytes of data, and this can be cross-referenced with threat intelligence data from Mandiant. Security analysts can now use Gemini as a natural language assistive tool across their workflows. For example, searching through large amounts of metadata against the latest malware findings, easily running queries, writing security rules, setting policies or generating new playbooks.

However, not all data is in Chronicle; we come again to the issue of organizations using different CSPs, SIEMs and other tools, so when organizations need an effective strategy for their applications and workloads across different environments, effective TDIR comes down to looking at data from many different sources and analyzing it quickly.

The Open Connectivity Foundation's efforts to standardize connectivity across devices, devices to cloud, and cloud-to-cloud should help in this area, but collecting data in various formats from different sources creates challenges for security teams trying to act quickly while facing pressure to investigate a threat or attack.

While GenAI isn't going to solve every problem right away, its assistive capabilities save much needed time. As much as we like to think jobs in cybersecurity are exciting, there are a lot of tedious, repetitive tasks. Also, when we think about security incidents, it's not the advanced threats or attack methods that cause the most breaches; it's mistakes or vulnerabilities that attackers can exploit to wreak havoc.

Gemini also provides assistance in areas including confidential computing insights, policy guidelines, access and identification management with guidance to follow least privilege access, and other areas to mitigate risk more efficiently. This is where fusing cloud security with SecOps comes in handy; ideally Gemini efficiently remediates security issues before applications are deployed in the cloud, leaving fewer threats and attacks for SecOps to investigate.

There was also an interesting note about where we currently are: running these assistive tools with human oversight and then transitioning to running in a semiautonomous mode, compared to where we can be in the future, not having to do these mundane remediation tasks. Scary now, but perhaps doable in the future.

Chrome Enterprise Premium for endpoint security

Our research on web browsers in 2022 showed how employees increasingly utilize their browsers to retrieve and display corporate applications and data, with Google Chrome as the most widely used. Browser usage offers benefits for IT because with modern connectivity, the browsers provide more accessibility to real-time data, access to software installations and upgrades through a host server, easier data sharing and collaboration, and reduced hardware costs. We've also seen interest in startups offering secure browsers as centralized points to manage security with new products from startups, including Island, Mammoth and Talon.

It makes sense that Google announced its Google Chrome Enterprise Premium at its recent conference to give organizations an enterprise secure browser. This could provide another migration path to Google products because of the popularity of Gmail, Google Chrome and their search capabilities. The secure browser and integrated experience, with the use of GenAI, of Google Workspace products and Google Cloud might provide cost and productivity benefits to users. This could help Google more successfully challenge Microsoft as enterprises look for ways to optimize technology adoption with GenAI for a competitive advantage.

Melinda Marks is a senior analyst at TechTarget's Enterprise Strategy Group, where she covers cloud and application security.

Enterprise Strategy Group is a division of TechTarget. Its analysts have business relationships with technology vendors.

Dig Deeper on Cloud security