White House joins industry leaders to double down on commitment to zero trust

U.S. National Cyber Director and top leaders from Google and Citibank promote public-private partnerships to increase critical cyber defenses at the recent Google Cloud Security Summit.
zero trust
(Getty Images)

Cybersecurity leaders from the White House, Citibank and Google came together to promote stronger cooperation between public and private sector organizations at the Google Cloud Security Summit earlier this year. They asserted that these partnerships are critical to how public sector and critical infrastructure organizations combat national security threats.

Together, these leaders explored multiple aspects of how public and private organizations are moving the dial forward in areas such as zero trust, software supply chain security, digital sovereignty in the cloud and combatting ransomware.

Speaking at a virtual Google Cloud Security Summit held May 17, U.S. National Cyber Director Chris Inglis touched on the need for public and private sector leaders to proactively collaborate to build resilience and robustness in the cyberspace.

He detailed some of the actions his office his taking to push U.S. government entities towards zero trust architectures, such as better defining the roles and responsibilities and making sure that government agencies have access to the right skillsets to defend their networks.

These efforts are needed to make sure “the government is coherent, not just in how it manages its own enterprises, but coherent in how we deal with the private sector,” said Inglis.

Jonathan Meadows, head of cloud cyber security engineering at Citibank, echoed the need for strong collaboration among industry partners “to better understand the attack surface and deliver an end-to-end approach to mitigating the [supply chain] threat.”

“Citi joined the Open Source Security Foundation, where we work with our partners at Google, and others in the industry, to find ways to secure this software supply chain,” he said.

Meadows explained that by looking at supply chain as an end-to-end challenge, collaborative partnerships can consider all aspects of software security including the ingestion of software, the security of open-source software, all the way through securely building software using secure software factories with attestations validating the provenance of that software.

Google Cloud used its virtual Cloud Security Summit as a platform to announce the launch of its new Assured Open Source Software (OSS) service which promises to help improve the security of the software supply chain.

“Assured Open Source Software is a new first of its kind offering from Google Cloud,” said Sunil Potti, general manager and vice president of cloud security at Google Cloud. “It’s a fully managed service that provides enterprises access to the same OSS packages that Google depends on, allowing you to directly benefit from the rigorous security capabilities and practices like static code analysis, fuzz testing, dependency analysis and vulnerability management that we apply to our own OSS portfolio.”

Combining OSS with other security capabilities like autonomic security operations (ASO) — which combines the principles, practices and tools that provide continuous detection and continuous response around software development and IT operations — ensures that public sector organizations can increase the productivity of their security operations, reduce detection and response time and stay ahead of attackers.

Google diligently works to innovate their cloud security initiatives to remain a trusted cloud partner “with a practical, comprehensive approach to addressing security challenges,” according to Potti.

In his panel discussion, Potti also touched on another key aspect of Google’s collaborative effort to provide a flexible and secure cloud environment — the ability to assure digital sovereignty.

“Digital sovereignty,” Potti explained, “is one of the most important mandates that’s emerging around the world today.”

“At the core of digital sovereignty, are a few fundamental requirements. Some are obvious and some are much more nuanced data location, protection from external access. But even beyond that, local supervision of services by trusted partners, going all the way to providing the ability to survive the unexpected,” said Potti.

Watch the full discussion from “Charting a safer future with Google Cloud” and learn more about how Google Cloud helps federal agencies stay ahead of security threats.

Latest Podcasts