TECHNICAL VALIDATION
How to Deliver Successful AI Projects by Reducing Risk and Boosting Performance
Google Cloud Security Ecosystem—Egnyte
How to Deliver Successful AI Projects by Reducing Risk and Boosting Performance
Leveraging the Google Platform to Accelerate the
Delivery of Differentiated Security Offerings
By Tony Palmer, Practice Director and Principal Analyst, Validation Services
Enterprise Strategy Group
November 2023
DOWNLOAD PDF REPORT
Opens in a new window.Introduction
This Technical Validation from TechTarget’s Enterprise Strategy Group documents our evaluation of the Google Cloud Security Ecosystem. Our analysis focused on how the Google Cloud enables cybersecurity independent software vendors (ISVs) to provide differentiated security offerings and capabilities, accelerate time to market, and help their customers secure their cloud applications.
Background
Momentum for digital transformation is accelerating, and organizations are under increasing pressure to improve productivity and drive innovation to serve their customers and are leveraging cloud services to meet that demand. In fact, 86% run production workloads on public cloud infrastructure/platforms, and organizations are increasingly adopting a cloud-first policy for new applications.
Cloud services enable teams to modernize their application development processes for greater operational efficiency, which helps them meet their digital transformation objectives, including becoming more operationally efficient, providing a better customer experience, using technology that enables collaboration, and improving product development.
Figure 1. Cloud-first Policy for New Applications on the Rise
Organizations recognize the growing complexity across their IT environments and the ongoing cybersecurity skills gap is not making things any easier. In fact, 42% of respondents told Enterprise Strategy Group that cloud computing security was one of the most difficult roles for them to fill. They are looking for ways to efficiently manage risk to support the demands of their businesses with the move to the cloud.
This has serious implications for cybersecurity solution vendors. Organizations with mission- and business-critical workloads in the cloud need to be confident that they can control and secure their environment, and trust in their technology partners is key. ISVs need access to sophisticated tools to enhance their development efforts across the development lifecycle. ISVs should be looking for a partner that can provide capabilities and expertise that add value. A partner that offers not just infrastructure, but go-to-market support, network analytics, visibility, integration opportunities, and complementary security capabilities will let them focus on their core mission rather than tooling and support infrastructure.
The Google Cloud Security Ecosystem
Google Cloud is designed, built, and operated with security as a primary design principle to help protect its customers against threats in their environments. Google layers on security controls to enable organizations to meet their own policy, regulatory, and business objectives. Customers can leverage elements of Google’s compliance framework in their own compliance programs.
Google Cloud secures more than three billion users globally. To accomplish that, Google’s cloud infrastructure can’t rely on any single technology to make it secure. Google’s stack builds security through progressive layers designed to deliver true defense in depth, and at scale.
.png?v=07312023160027){kind=icon}
• Google Cloud’s hardware infrastructure is designed, built, controlled, secured, and hardened by Google.
• Google Cloud’s infrastructure—designed from the ground up to be multi-tenant—uses a zero trust model for applications and services, with multiple mechanisms to establish and maintain trust. This means that only specifically authorized services can run and only specifically authorized users and processes can access them.
• Data is automatically encrypted at rest and in transit and distributed for availability and reliability to help protect against unauthorized access and service interruptions.
• Strong authentication protects access to sensitive data with advanced tools like phishing-resistant security keys to verify identities, users, and services.
• Google’s network and infrastructure have multiple layers of protection that guard customers against denial-of-service attacks and communications over the internet to its public cloud services are encrypted in transit.
• At the top of the stack, Google develops and deploys infrastructure software using rigorous security practices, employing round-the-clock operations teams to detect and respond to threats to the infrastructure from both internal and external threat actors.
Google Cloud aligns with the needs of security ISVs and helps them deliver better, more capable offerings, faster. Google Cloud’s economies of scale, software-defined infrastructure, simplicity, shared responsibility, automation, and global reach help ISVs accelerate time to market and optimize the delivery of new products, enhancements, and updates.
Google operates from the precept that clients are always in control of their data. Google is committed to transparency in data handling. Google’s privacy commitments and data processing addendum clearly state that Google does not use cloud customer data for advertising, any AI model, or product improvement. Google adheres to their clients’ data storage, processing, and management preferences, so organizations control what happens to their data. In addition, all Google customers benefit from the privacy protections and fine-grained security controls built into Google Cloud by default.
Google’s products regularly undergo independent third-party audits with over two million control instances audited annually. Google maintains certifications, attestations of compliance, or audit reports against standards and regulations enforced across the globe. Google Cloud supports customer risk management and regulatory compliance needs with dedicated teams, offering compliance validation, support for due diligence, and security assessments, with an ongoing commitment to continuous assurance.
Google Cloud hardware infrastructure is custom designed by Google to precisely meet stringent requirements, including security. Google’s servers are designed for the sole purpose of providing Google services. Its servers are custom-built and don’t include unnecessary components that can introduce vulnerabilities. The same philosophy is imbued in Google’s approach to software, including low-level software and its operating system, which is a stripped-down, hardened version of Linux. Google designs and includes hardware specifically for security—Titan, its custom security chip, is purpose-built to establish a hardware root of trust in its servers and peripherals. Google also builds its own network hardware and software to optimize performance and security. Finally, Google’s custom data center designs include multiple layers of physical and logical protection. Owning the full stack enables Google to control the underpinnings of its security posture with far greater precision than is possible with third-party products and designs. Google can take steps immediately to develop and roll out fixes for vulnerabilities without waiting for another vendor to issue a patch or other remediation, greatly reducing exposure for Google and its customers.
Google was an early proponent, designer, and practitioner of zero trust computing. Google developed foundational concepts that underpin zero trust architectures with its Beyond Corp and Beyond Prod models. Operating this way has helped to protect its internal operations over the last decade. Google’s zero trust architecture ensures that only the individual with the correct identity, accessing only the machines specifically authorized by the correct code, is accessing just the data they are authorized to, in the correct context. Beyond Prod uses these same core principles to enable partners and Google Cloud customers to protect their operations in the same way, focusing on their own assets and resources and the entities and groups accessing them.
Layered over this foundation of trust are the tools and technologies that Google Cloud provides its partners— that they traditionally had to build in-house—to augment their capabilities. The Security Ecosystem uses Google Cloud capabilities to provide trusted security in the cloud, on-premises, at the edge, and everywhere in between.
Figure 2. Google Cloud Security Ecosystem Overview
Source: Enterprise Strategy Group, a division of TechTarget, Inc.
Google’s Data Cloud enables organizations to digitally transform with a unified, open, and intelligent data cloud platform.
• Data Cloud enables organizations to manage every stage of the data lifecycle, including databases, business intelligence (BI), data warehouses, data lakes, and streaming on a unified data platform.
• Data Cloud is open and standards-based for portability and flexibility with an extensive partner ecosystem, designed for multi-cloud environments.
• Data Cloud incorporates built-in intelligence and AI/ML, with comprehensive tools and processes. Organizations can leverage pre-trained models accessed via APIs and low-code custom training and solve real-world problems quickly with integrated analytics and an AI platform, BigQuery ML. ML model development and experimentation is fast-tracked with Vertex AI, an end-to-end ML platform.
• Security AI Workbench provides generative AI for security solutions. Security AI Workbench is a platform that enables security partners to extend generative AI to their products, bringing threat intelligence, workflows, and other critical functionality to customers, while retaining enterprise-grade data protection and sovereignty.
Google’s Open Cloud gives partners and customers the freedom to securely innovate and scale across data centers, edge locations, and the cloud on a transformative, open platform designed to be easy.
• Google has a long history of leadership in open source including projects like Kubernetes, TensorFlow, and others. Open source gives organizations the flexibility to deploy— and, if necessary, migrate— critical workloads across or off public cloud platforms.
• Google Open Cloud gives organizations the flexibility to build and run apps anywhere. Anthos, the modern application platform that extends Google Cloud services and engineering practices to hybrid and multi-cloud environments delivers portability that helps teams modernize apps faster and establish operational consistency across them.
• Open Cloud provides autonomy and control over infrastructure and data, enabling organizations to manage all their apps—both legacy and cloud-native—while meeting sovereignty, regulatory, and policy requirements.
Data protection is core to everything Google does. Trusted Cloud helps partners and customers protect what's important with advanced security tools.
• The Google Cybersecurity Action Team (GCAT) is Google’s security advisory team, with the singular mission of supporting the security and digital transformation of governments, critical infrastructure, enterprises, and small businesses.
• Google BeyondProd helps create trust between microservices—beyond what is possible with traditional network perimeter protections such as firewalls—using characteristics such as code provenance, service identities, and trusted hardware. This trust extends to software that runs in Google Cloud and software that is deployed and accessed by Google Cloud customers.
• Google has produced numerous foundational innovations. Google invented now-standard technologies such as Kubernetes and was an early proponent, designer, and practitioner of zero trust computing.
• Support for DevSecOps includes secure software supply chain (S3C).
Google Workspace
Google Workspace has its own ecosystem of cybersecurity partners to extend its native security capabilities. This provides an opportunity for security ISVs to reach Google Workspace enterprise customers. Google Cloud is committed to helping customers achieve their security and risk mitigation goals, while enabling partners to deliver applications and capabilities that give customers greater security, agility, and resilience, all with significant cost savings. Google Cloud’s best practice guidance and tools help ISVs deliver their products securely and at scale.
Enterprise Strategy Group Technical Validation
Enterprise Strategy Group examined how Egnyte leverages Google Cloud components to deliver differentiated secure file access, storage, and governance solutions.
Egnyte - Secure Workspace
Egnyte offers an all-in-one platform designed to simplify access, management, and control of content on any device, from anywhere. Egnyte designed its platform with fully integrated content security, governance, and collaboration. Egnyte protects its customers from multiple threats and risks, including accidental data deletion, and data exfiltration. Egnyte’s platform offers a single, centralized content repository for privacy management for structured and unstructured data. Egnyte’s Advanced Privacy and Compliance solution fully automates answering specific access requests like CCPA, GDPR, HIPAA, FCRA, and eDiscovery.
Figure 3. Egnyte’s Content Intelligence Engine
Source: Egnyte and Enterprise Strategy Group, a division of TechTarget, Inc.
Egnyte’s proprietary content intelligence engine enables organizations to detect and prevent zero-day ransomware attacks, proactively locate and protect sensitive data, simplify compliance and audit responses, and perform centralized content discovery.
In 2021, Egnyte completed its migration to Google Cloud Platform. Egnyte chose Google Cloud for multiple reasons, including the reach of the network, with its own transoceanic fiber with points of presence in all markets where Egnyte currently does business as well as markets where they intend to expand in the future.
Egnyte completed the migration gradually and without disrupting services at any point. The close collaboration with the Google Cloud team contributed greatly to their success. The Google Cloud team anticipated some of the challenges Egnyte faced and helped resolve them quickly. Egnyte CIO Frank Sicilia described their experience this way, “Using Google Cloud means that we no longer rely on aging infrastructure, which is a very limiting factor when you’re developing and engineering a platform as complex as Egnyte. Our entire platform is now always operating on the latest storage, processing, network, and services available on Google Cloud.”
Egnyte embeds multiple Google Cloud services on its infrastructure, including Cloud SQL, Cloud Bigtable, BigQuery, Dataflow, Pub/Sub, and Memorystore for Redis. This means they no longer need to build services from scratch, nor do they have to purchase, install, and build them into the product and company workflow. In short, Google Cloud services have significantly simplified Egnyte’s processes and now support their flagship products.
Egnyte partnered with Google Cloud to provide secure enclave services for its clients. Secure enclaves are controlled collaboration environments for sensitive content that are designed to be simple to use and manage (see Figure 4).
Figure 4. Egnyte Secure Enclave
Source: Egnyte
Egnyte’s Google Drive integration allows organizations to identify and protect sensitive and regulated data including personally identifiable information (PII), like Social Security Numbers and dates of birth, financial records (credit card numbers, for example), and protected health information (PHI) such as patient IDs.
Why This Matters
File sharing and collaboration solutions can improve productivity, and users have become accustomed to obtaining easy access from any device and being able to easily share with internal and external users. However, organizations need to be able to control end-user access to sensitive or regulated content and their ability to share such data.
Egnyte’s integration provides access to the most current information anytime, from anywhere. Secure enclaves were designed to increase productivity and efficiency by improving security and control over sensitive and regulated data, making the business smarter and more efficient.
Running on Google Cloud means that Egnyte can offer even higher reliability and faster scalability to their clients whenever they need a platform to protect and manage critical content on any cloud or any app, anywhere in the world.
Conclusion
Cloud services are an integral part of organizations’ efforts to increase productivity and drive innovation to serve their customers and organizations are increasingly adopting a cloud-first policy for new applications. Cloud services enable ISVs to modernize their application development processes to meet their digital transformation objectives.6 Finding and retaining skilled cloud security professionals is a significant challenge, which presents a market opportunity for cybersecurity ISVs who develop and deliver solutions to help customers efficiently manage risk and protect their businesses with the move to the cloud.
Cybersecurity vendors need a better way to scale with modern development cycles to address security issues and stay ahead of threats. They also need to be able to monitor cloud workloads to detect security issues and respond quickly to threats to protect their customers and their data.
Google’s cloud infrastructure stack builds security through progressive layers designed to deliver true defense in depth, which is how Google Cloud secures more than three billion users globally. Enterprise Strategy Group validated that Google Cloud aligns with the needs of security ISVs and helps them deliver better, more capable offerings, faster. The ISVs we interviewed confirmed that Google Cloud’s economies of scale, software-defined infrastructure, simplicity, shared responsibility, automation, and global reach help them accelerate time to market and optimize the delivery of new products, enhancements, and updates.
Enterprise Strategy Group validated that Google Cloud enabled Egnyte to deliver differentiated secure file access and sharing to its customers, improving security and control over sensitive and regulated data while accelerating time to market, increasing performance and reliability, and reducing costs.
Google Cloud offers broad and deep infrastructure and security support for ISVs developing solutions to secure their customers’ applications across the globe. Organizations that fully leverage everything that Google Cloud has to offer will find themselves able to bring massive scale to their solutions while providing broader visibility, faster analysis, and more effective response to their clients, without adding complexity.
This Enterprise Strategy Group Technical Validation was commissioned by Google and is distributed under license from TechTarget, Inc.
©TechTarget, Inc. or its subsidiaries. All rights reserved. TechTarget, and the TechTarget logo, are trademarks or registered trademarks of TechTarget, Inc. and are registered in jurisdictions worldwide. Other product and service names and logos, including for BrightTALK, Xtelligent, and the Enterprise Strategy Group might be trademarks of TechTarget or its subsidiaries. All other trademarks, logos and brand names are the property of their respective owners.
Information contained in this publication has been obtained by sources TechTarget considers to be reliable but is not warranted by TechTarget. This publication may contain opinions of TechTarget, which are subject to change. This publication may include forecasts, projections, and other predictive statements that represent TechTarget’s assumptions and expectations in light of currently available information. These forecasts are based on industry trends and involve variables and uncertainties. Consequently, TechTarget makes no warranty as to the accuracy of specific forecasts, projections or predictive statements contained herein.
Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of TechTarget, is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact Client Relations at cr@esg-global.com.
About Enterprise Strategy Group
TechTarget’s Enterprise Strategy Group provides focused and actionable market intelligence, demand-side research, analyst advisory services, GTM strategy guidance, solution validations, and custom content supporting enterprise technology buying and selling.