The U.S. government has made great strides to acknowledge and embrace the importance of cloud technology. This commitment to and focus on cloud infrastructure to enhance national security and accelerate critical infrastructure resilience is demonstrated in key pillars of The Biden Administration's National Cybersecurity Strategy. Google, now together with Mandiant, has and will continue to be a key partner to the U.S. government for cloud innovation and leadership. As focus in the areas of U.S. infrastructure abuse prevention, Federal systems modernization, critical infrastructure cybersecurity regulation development, and securing a clean energy future are developed and deployed across departments and sectors, Google will continue its mission-focused partnership to ensure a trusted and secure technology future. 

The National Cybersecurity Strategy acknowledges the range of benefits cloud services provide to security and resilience, and encourages federal entities to “replace legacy systems with more secure technology, including accelerating migration to cloud-based services.” (Page 13.) It is important for infrastructure and software-as-a-service providers to have a consistent model for integrated services that organizations can rely on. As federal departments and agencies move critical missions to the cloud, they will be able to leverage security and resilience at scale across their enterprise with our secure-by-design approach, or by collaborating with other service providers using Google and Mandiant’s tools and data. 

Information technology-enabled enterprises—whether fully private sector, collaborations between public and private, or strictly government in nature—all play an outsize role in both projecting and preserving national power. Therefore, the common underpinning infrastructure, in this case the cloud, can be a target for all manner of cyber, information, and kinetic disruption, oftentimes specifically designed to avoid direct confrontation while achieving its objectives. 

This situation is a part of “gray zone competition,” in which near-peer nation states are constantly probing for weaknesses and seeking advantage in arenas outside of armed conflict, foremost among these being cyber. The U.S. Government needs cloud partners who can operate at scale and in close coordination, to help protect agencies, their missions, and vital constituent services in this new and rapidly evolving environment. 

Deep architectural defenses, designed to thwart entire classes of attacks, are necessary in an environment populated by highly motivated and well-resourced actors, aligned with some of the most aggressive nations on earth. Designing and building systems to keep service members, civil servants, contractors and others safe from mishaps—even when they make mistakes—can also mitigate both basic and sophisticated external malicious activities. 

Finally, defense-in-depth from configuration errors helps prevent mistakes through enforced security patterns for solving problems that have been built into development and production workflows.This enables cyber defense, counter-intelligence, insider threat, and various other data-driven enterprises tied to future requirements.

This kind of purpose-built security is an essential piece of protecting the mission in the cloud at scale. Platforms must be resilient and fit-for-purpose, enabling functions across domains while having the resilience to support essential missions. The second piece is high-quality threat intelligence. Google, now with Mandiant, has access to best-in-class threat intelligence that details the tactics, techniques and procedures being used by advanced nation-state actors, and how to secure against them. What’s more, this intelligence exists at a level which can be rapidly shared with the interagency and mission partners, domestic and international.

Mandiant Threat Intelligence is compiled by over 385 security and intelligence professionals across 29 countries, researching actors via undercover adversarial pursuits, incident forensics, malicious infrastructure reconstructions and actor identification processes. All this intelligence is constantly fed into the Mandiant Intel Grid, providing near real-time protection from trending threats. Our analysts have the unique backgrounds required not only to understand the adversary, but rapidly translate those insights into actionable items for mission partners, regardless of the cloud instance or use case.

This combination of proprietary platforms and agnostic insights creates a common operating picture (COP), which is continuously updated and available to all. Open source intelligence (OSINT) and other unclassified, easily shareable data will play an important role in ensuring that a COP exists which can be leveraged in multiple types of domestic and international partnerships. Due to government restrictions on the sharing of other types of intelligence, the private sector is the best source for this near real-time threat intelligence. 

No company is better positioned to provide and enable mission-driven, multicloud enterprises than Google Cloud. Security in particular has been assessed by leading independent research firms as an area of strength and differentiation, where in its latest analysis, Forrester Research ranked Google Cloud a Leader in the Forrester Wave: IaaS Platform Native Security, Q2 2023 report, where GCP received the highest rating in the Strategy category among the 8 cloud platforms evaluated, and the most 5 out of 5 ratings across the entire 22 evaluation criteria. Moreover, Forrester also rated Google Cloud a Leader in The Forrester Wave: Data Security Platforms, Q1 2023 report where the combination of native capabilities across Google Cloud Platform and Google Workspace earned Google the highest rating in the Current Offering category among the 14 vendors evaluated. Forrester cited the solid data controls built into GCP, including capabilities for data threat and risk visibility, data access controls, data masking, and encryption. The report also stated Google stands out for manageability and integrations for Zero Trust.

In 2022, prior to Mandiant and Google combining, Mandiant was named a Leader in The Forrester Wave™: Cybersecurity Incident Response Services, Q1 2022 report. The most secure cloud infrastructure and the best threat intelligence and incident response—it’s a powerful combination for government customers. 

With each passing year, larger and larger portions of the government mission will happen in, or be enabled by, the cloud. This is what the National Cybersecurity Strategy envisions and prior and subsequent Executive Orders call for. Agencies deserve the most secure infrastructure and the best threat intelligence available to make this move to the multicloud at scale safe and successful. Google Public Sector is broadly committed to helping the government achieve its mission goals through this crucial effort.