Welcome to the second Cloud CISO Perspectives for December 2024. To close out the year, I’m sharing the top Google Cloud security updates in 2024 that attracted the most interest from the security community. There’s a lot of AI, of course, as well as a few surprises.

As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.

--Phil Venables, VP, TI Security & CISO, Google Cloud

From gen AI to threat intelligence: 2024 in review

By Phil Venables, VP, TI Security & CISO, Google Cloud

While generative AI erupted from the confines of IT to the world at large in 2023, this year we saw gen AI begin to rapidly and truly change cybersecurity. At the same time, Google Cloud continued to drive towards our goals of bringing simplicity, streamlining operations, and enhancing efficiency and effectiveness for security essentials.

To that end, I’m sharing our top stories from four important areas of development in cybersecurity: security and AI, the security ecosystem, threat intelligence, and security operations.

We made significant developments in our commitment to shared fate by advocating for more resilient and secure-by-design technology this year, an approach to cybersecurity that we were excited to see adopted in both the public and private sectors. We also released important updates to our core products throughout the year, and introduced Google Threat Intelligence, Security Command Center Enterprise and Chrome Enterprise Premium.

• Mandatory MFA is coming to Google Cloud. Here’s what you need to know
• Automatically disabling leaked service account keys to help you safeguard your environments
• Introducing our new Vulnerability Reward Program
• 10 ways to make cyber-physical systems more resilient
• How Google is helping to improve rural healthcare cybersecurity

Threat intelligence

This year, our integrated threat intelligence products and services from across Mandiant, VirusTotal, and Google presented a comprehensive view of the threat landscape, helping customers to operationalize the data and enable a more proactive security program. We introduced our Google Cloud Threat Intelligence blog to share insight from all of the Google intelligence teams. We also announced new ways to help keep our customers safe, including updated best practices aligned to our Defender’s Advantage framework, expanded managed services, and additional avenues for threat intelligence sharing.

• Activating your defender's advantage at mWISE ‘24
• Why water security can’t wait
• Guidance from our Threat Horizons report

Security operations

We believe that a modern security operations solution should be intelligence-driven, AI-powered, and capable of fueling productivity while empowering defenders to handle new threats. We leaned into this approach this year, focusing on innovation, improvement, and education.

• Modern SecOps Masterclass: Now Available on Coursera
• Introducing Google Security Operations: Intel-driven, AI-powered SecOps

Our forecast for 2025

As security professionals, we know that threat actors will continue to innovate to achieve their mission objectives. To help defenders proactively prepare for the coming year, we put together this forecast report with insights from across Google. We look forward to sharing more insights to help organizations strengthen their security posture in the new year.

For more leadership guidance from Google Cloud experts, please see our CISO Insights hub.

In case you missed it

Here are the latest updates, products, services, and resources from our security teams so far this month:

• The Prompt: Gen AI demystified: Understanding gen AI types and their risks: To help business leaders better understand AI uses, we’re looking at common types of gen AI and prioritized the risks for each. Read more.
• How to make the cloud an engine for manufacturing success: In spite of challenges and threats facing the manufacturing sector, we see significant cause for optimism. Here’s why.
• Google Cloud's commitment to responsible AI is now ISO/IEC certified: We're thrilled to announce that Google Cloud has achieved an accredited ISO/IEC 42001:2023 certification for our AI management system. Read more.
• To help combat fraud, Google Cloud and Swift pioneer advanced AI and federated learning tech: To better combat fraud in cross-border payments, Swift joins with Google Cloud to develop anti-fraud AI and federated learning tech. Read more.
• CTI Program Design Playbook is now available: To help you better operationalize threat intelligence, we’ve published the Cyber Threat Intelligence Program Design Playbook, developed for professionals who actively defend networks. Read more.
• How Google Cloud helps navigate your DPIA and AI privacy compliance journey: We’re continually improving our DPIA Resource Center with updated content and guidance. Here’s what’s new.
• How Virgin Media O2 uses Privileged Access Manager to achieve least privilege: Henry Tze, head of DevOps for Virgin Media O2, explains how Google Cloud powers the backbone of their daily operations and shares his insights. Read more.
• Google Cloud first CSP to join BRC, MFG-ISAC, and affiliates to advance security: Google Cloud is proud to be the first cloud service provider to partner with the GRF Business Resilience Council and its affiliates. Read more.
• Announcing expanded custom Org Policy portfolio of supported products: Our custom Organization Policy can help you safeguard cloud resources, and it now works with even more of our services. Read more.
• How Google Cloud can help customers achieve compliance with NIS2: NIS2 may require new investments in security tools, talent, and processes. Here’s how Google Cloud can help make those achievements. Read more.

Please visit the Google Cloud blog for more security stories published this month.

Threat Intelligence news

• Introducing XRefer, a Gemini-assisted binary navigator: XRefer is a new Gemini-powered cluster analysis tool that can help analysts break down the structure of malware and its behavior, and also help them navigate its code for deeper analysis. Read more.

Please visit the Google Cloud blog for more threat intelligence stories published this month.

Now hear this: Google Cloud Security and Mandiant podcasts

• Phil Venables on the future of resilience: Google Cloud CISO Phil Venables joins hosts Anton Chuvakin and Tim Peacock to discuss the apparent sudden rise of resilience, the PCAST report (and Google’s take on it), and the importance of leading indicators. Listen here.
• Go beyond the blame game when sharing cloud responsibility: Rich Mogull, senior vice-president, cloud security, Firemon, and CEO, Securosis, talks about shared irresponsibilities and whether blame needs a framework with Anton. Listen here.
• Detection as code and the rise of response engineering: Amine Besson, detection engineering tech lead, Behemoth Cyberdefence, chats with Anton about how to do detection engineering when you don’t want to engineer anything. Listen here.
• Behind the Binary: From software cracking to threat hunting: Renowned threat hunter Ryan Chapman sits down with host Josh Stroschein to talk about his journey from a curious young hacker to a formidable force in cybersecurity, and the early days of reverse engineering. Listen here.

To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in January with more security-related updates from Google Cloud.