TECHNICAL VALIDATION

How to Deliver Successful AI Projects by Reducing Risk and Boosting Performance

Google Cloud Security Ecosystem—Palo Alto Networks

How to Deliver Successful AI Projects by Reducing Risk and Boosting Performance

Leveraging the Google Platform to Accelerate the
Delivery of Differentiated Security Offerings

By Tony Palmer, Practice Director and Principal Analyst, Validation Services
Enterprise Strategy Group

December 2023

Introduction

This Technical Validation from TechTarget’s Enterprise Strategy Group documents our evaluation of the Google Cloud Security Ecosystem. Our analysis focused on how the Google Cloud enables cybersecurity independent software vendors (ISVs) to provide differentiated security offerings and capabilities, accelerate time to market, and help their customers secure their cloud applications.

Background

Momentum for digital transformation is accelerating, and organizations are under increasing pressure to improve productivity and drive innovation to serve their customers and are leveraging cloud services to meet that demand. In fact, 86% run production workloads on public cloud infrastructure/platforms, and organizations are increasingly adopting a cloud-first policy for new applications.
Cloud services enable teams to modernize their application development processes for greater operational efficiency, which helps them meet their digital transformation objectives, including becoming more operationally efficient, providing a better customer experience, using technology that enables collaboration, and improving product development.
Figure 1. Cloud-first Policy for New Applications on the Rise
Organizations recognize the growing complexity across their IT environments and the ongoing cybersecurity skills gap is not making things any easier. In fact, 42% of respondents told Enterprise Strategy Group that cloud computing security was one of the most difficult roles for them to fill. They are looking for ways to efficiently manage risk to support the demands of their businesses with the move to the cloud.
This has serious implications for cybersecurity solution vendors. Organizations with mission- and business-critical workloads in the cloud need to be confident that they can control and secure their environment, and trust in their technology partners is key. ISVs need access to sophisticated tools to enhance their development efforts across the development lifecycle. ISVs should be looking for a partner that can provide capabilities and expertise that add value. A partner that offers not just infrastructure, but go-to-market support, network analytics, visibility, integration opportunities, and complementary security capabilities will let them focus on their core mission rather than tooling and support infrastructure.

The Google Cloud Security Ecosystem

Google Cloud is designed, built, and operated with security as a primary design principle to help protect its customers against threats in their environments. Google layers on security controls to enable organizations to meet their own policy, regulatory, and business objectives. Customers can leverage elements of Google’s compliance framework in their own compliance programs.

Google Cloud secures more than three billion users globally. To accomplish that, Google’s cloud infrastructure can’t rely on any single technology to make it secure. Google’s stack builds security through progressive layers designed to deliver true defense in depth, and at scale.

• Google Cloud’s hardware infrastructure is designed, built, controlled, secured, and hardened by Google.
• Google Cloud’s infrastructure—designed from the ground up to be multi-tenant—uses a zero trust model for applications and services, with multiple mechanisms to establish and maintain trust. This means that only specifically authorized services can run and only specifically authorized users and processes can access them.
• Data is automatically encrypted at rest and in transit and distributed for availability and reliability to help protect against unauthorized access and service interruptions.
• Strong authentication protects access to sensitive data with advanced tools like phishing-resistant security keys to verify identities, users, and services.
• Google’s network and infrastructure have multiple layers of protection that guard customers against denial-of-service attacks and communications over the internet to its public cloud services are encrypted in transit.
• At the top of the stack, Google develops and deploys infrastructure software using rigorous security practices, employing round-the-clock operations teams to detect and respond to threats to the infrastructure from both internal and external threat actors.
Google Cloud aligns with the needs of security ISVs and helps them deliver better, more capable offerings, faster. Google Cloud’s economies of scale, software-defined infrastructure, simplicity, shared responsibility, automation, and global reach help ISVs accelerate time to market and optimize the delivery of new products, enhancements, and updates.
Google operates from the precept that clients are always in control of their data. Google is committed to transparency in data handling. Google’s privacy commitments and data processing addendum clearly state that Google does not use cloud customer data for advertising, any AI model, or product improvement. Google adheres to their clients’ data storage, processing, and management preferences, so organizations control what happens to their data. In addition, all Google customers benefit from the privacy protections and fine-grained security controls built into Google Cloud by default.
Google’s products regularly undergo independent third-party audits with over two million control instances audited annually. Google maintains certifications, attestations of compliance, or audit reports against standards and regulations enforced across the globe. Google Cloud supports customer risk management and regulatory compliance needs with dedicated teams, offering compliance validation, support for due diligence, and security assessments, with an ongoing commitment to continuous assurance.
Google Cloud hardware infrastructure is custom designed by Google to precisely meet stringent requirements, including security. Google’s servers are designed for the sole purpose of providing Google services. Its servers are custom-built and don’t include unnecessary components that can introduce vulnerabilities. The same philosophy is imbued in Google’s approach to software, including low-level software and its operating system, which is a stripped-down, hardened version of Linux. Google designs and includes hardware specifically for security—Titan, its custom security chip, is purpose-built to establish a hardware root of trust in its servers and peripherals. Google also builds its own network hardware and software to optimize performance and security. Finally, Google’s custom data center designs include multiple layers of physical and logical protection. Owning the full stack enables Google to control the underpinnings of its security posture with far greater precision than is possible with third-party products and designs. Google can take steps immediately to develop and roll out fixes for vulnerabilities without waiting for another vendor to issue a patch or other remediation, greatly reducing exposure for Google and its customers.
Google was an early proponent, designer, and practitioner of zero trust computing. Google developed foundational concepts that underpin zero trust architectures with its Beyond Corp and Beyond Prod models. Operating this way has helped to protect its internal operations over the last decade. Google’s zero trust architecture ensures that only the individual with the correct identity, accessing only the machines specifically authorized by the correct code, is accessing just the data they are authorized to, in the correct context. Beyond Prod uses these same core principles to enable partners and Google Cloud customers to protect their operations in the same way, focusing on their own assets and resources and the entities and groups accessing them.
Layered over this foundation of trust are the tools and technologies that Google Cloud provides its partners— that they traditionally had to build in-house—to augment their capabilities. The Security Ecosystem uses Google Cloud capabilities to provide trusted security in the cloud, on-premises, at the edge, and everywhere in between.
Figure 2. Google Cloud Security Ecosystem Overview

Source: Enterprise Strategy Group, a division of TechTarget, Inc.

Google’s Data Cloud enables organizations to digitally transform with a unified, open, and intelligent data cloud platform.
• Data Cloud enables organizations to manage every stage of the data lifecycle, including databases, business intelligence (BI), data warehouses, data lakes, and streaming on a unified data platform.
• Data Cloud is open and standards-based for portability and flexibility with an extensive partner ecosystem, designed for multi-cloud environments.
• Data Cloud incorporates built-in intelligence and AI/ML, with comprehensive tools and processes. Organizations can leverage pre-trained models accessed via APIs and low-code custom training and solve real-world problems quickly with integrated analytics and an AI platform, BigQuery ML. ML model development and experimentation is fast-tracked with Vertex AI, an end-to-end ML platform.
• Security AI Workbench provides generative AI for security solutions. Security AI Workbench is a platform that enables security partners to extend generative AI to their products, bringing threat intelligence, workflows, and other critical functionality to customers, while retaining enterprise-grade data protection and sovereignty.
Google’s Open Cloud gives partners and customers the freedom to securely innovate and scale across data centers, edge locations, and the cloud on a transformative, open platform designed to be easy.
• Google has a long history of leadership in open source including projects like Kubernetes, TensorFlow, and others. Open source gives organizations the flexibility to deploy— and, if necessary, migrate— critical workloads across or off public cloud platforms.
• Google Open Cloud gives organizations the flexibility to build and run apps anywhere. Anthos, the modern application platform that extends Google Cloud services and engineering practices to hybrid and multi-cloud environments delivers portability that helps teams modernize apps faster and establish operational consistency across them.
• Open Cloud provides autonomy and control over infrastructure and data, enabling organizations to manage all their apps—both legacy and cloud-native—while meeting sovereignty, regulatory, and policy requirements.
Data protection is core to everything Google does. Trusted Cloud helps partners and customers protect what's important with advanced security tools.
• The Google Cybersecurity Action Team (GCAT) is Google’s security advisory team, with the singular mission of supporting the security and digital transformation of governments, critical infrastructure, enterprises, and small businesses.
• Google BeyondProd helps create trust between microservices—beyond what is possible with traditional network perimeter protections such as firewalls—using characteristics such as code provenance, service identities, and trusted hardware. This trust extends to software that runs in Google Cloud and software that is deployed and accessed by Google Cloud customers.
• Google has produced numerous foundational innovations. Google invented now-standard technologies such as Kubernetes and was an early proponent, designer, and practitioner of zero trust computing.
Support for DevSecOps includes secure software supply chain (S3C).
Google Workspace
Google Workspace has its own ecosystem of cybersecurity partners to extend its native security capabilities. This provides an opportunity for security ISVs to reach Google Workspace enterprise customers. Google Cloud is committed to helping customers achieve their security and risk mitigation goals, while enabling partners to deliver applications and capabilities that give customers greater security, agility, and resilience, all with significant cost savings. Google Cloud’s best practice guidance and tools help ISVs deliver their products securely and at scale.

Enterprise Strategy Group Technical Validation

Enterprise Strategy Group validated how Palo Alto Networks leverages Google core technologies via an OEM agreement to provide a differentiated cybersecurity offering to joint customers. In this report, we look at Cloud Intrusion Detection System (IDS).
Palo Alto Networks—OEM
Palo Alto Networks has been bringing security and network solutions to the market for almost two decades, with the goal of enabling organizations to remain agile and accelerate transformations while also mitigating risk, driving operational efficiencies, and enabling digital innovation.
Since 2018, Google Cloud and Palo Alto Networks have partnered to protect customers' applications and data as they utilize cloud-based infrastructure and platforms to modernize their businesses. The close relationship of the two organizations has enabled a multi-threaded view of how to integrate solutions and infrastructure, aimed at consolidating tools and improving security outcomes for customers. This has manifested in numerous solution architectures, which help customers seamlessly deploy and operate infrastructure with reduced friction across hybrid cloud and multi-cloud IT domains.
Figure 3. Cloud IDS Reference Architecture for Palo Alto Networks on Google Cloud

Source: Google and Enterprise Strategy Group, a division of TechTarget, Inc.

Palo Alto Networks has leveraged the foundational technologies of Google Cloud infrastructure and the first-party tools underpinning Data Cloud and Open Cloud to build these solutions. Google Cloud is partnering with Palo Alto to leverage its expertise to augment and enhance Google Trusted Cloud with Cloud IDS. Cloud IDS is an intrusion detection system built with Palo Alto Networks’ threat detection technologies and delivered as a native cloud service managed, scaled, and operated by Google.
As enterprises migrate applications and workloads to—and in—the cloud, security teams are challenged by the complexity of replicating their on-premises network security stack in the cloud. With Cloud IDS enabled, cloud security teams can get immediate value from the managed service with granular application-level visibility of traffic within a virtual private cloud (VPC)—between subnets, specific workload instances, or container pods— wherever inspection is required to secure applications and address compliance or regulatory requirements. The combination of the deep security expertise of Palo Alto Networks and the simple, secure, and scalable infrastructure of Google Cloud provides a unique offering.
The value of Cloud IDS is extended by leveraging the unique detection capabilities of the service and automating enforcement across the network or host/endpoint. As illustrated in the Cloud IDS reference architecture (see Figure 3), this leverages the capabilities of Cortex XSOAR to orchestrate response actions from the VM-Series Firewall for inline protection and Cortex XDR at the host level. This integration is coupled with native Google solutions like Security Command Center and Chronicle to gather a broad view of security automation across a customer environment.

Why This Matters

Enterprise Strategy Group research shows that organizations have faced a wide range of attacks on their cloud-native applications, making it clear that they need to take steps to reduce their security risk. Eighty- eight percent of organizations reported having been attacked across a wide range of incidents, including malware moving laterally across workloads, targeted penetration attacks, and exposed or lost data from an object store.

Google Cloud partnered with Palo Alto Networks to develop and deliver Cloud IDS to provide cloud-native threat detection that detects network-based threats, such as malware, spyware, and command-and-control attacks with both north-south and east-west traffic visibility. Customers benefit from a cloud-native, managed experience that combines high performance and high-fidelity network-based threat data for investigation and correlation with the simple, secure, and scalable infrastructure of Google Cloud.

Detecting threats in traffic between workloads within the trust boundary of a VPC has been a significant challenge for cloud network security teams. With Cloud IDS, Google Cloud customers can deploy on-demand application visibility and threat detection between workloads or containers in any Google Cloud VPC to support their compliance goals and protect applications.

Palo Alto Networks leveraged the foundational capabilities of Google Cloud’s infrastructure and Google Cloud’s first-party tools to create and deliver differentiated products and offerings to their customers. In turn, Google is leveraging Palo Alto Networks’ expertise in an OEM relationship to deliver differentiation and enhance the value of Google Trusted Cloud.

Conclusion

Cloud services are an integral part of organizations’ efforts to increase productivity and drive innovation to serve their customers, and organizations are increasingly adopting a cloud-first policy for new applications. Cloud services enable ISVs to modernize their application development processes to meet their digital transformation objectives.7 Finding and retaining skilled cloud security professionals is a significant challenge, which presents a market opportunity for cybersecurity ISVs that develop and deliver solutions to help customers efficiently manage risk and protect their businesses with the move to the cloud.
Cybersecurity vendors need a better way to scale with modern development cycles to address security issues and stay ahead of threats. They also need to be able to monitor cloud workloads to detect security issues and respond quickly to threats to protect their customers and their data.
Google’s cloud infrastructure stack builds security through progressive layers designed to deliver true defense in depth, which is how Google Cloud secures more than three billion users globally. Enterprise Strategy Group validated that Google Cloud aligns with the needs of security ISVs and helps them deliver better, more capable offerings, faster. The ISVs we interviewed confirmed that Google Cloud’s economies of scale, software-defined infrastructure, simplicity, shared responsibility, automation, and global reach help them accelerate time to market and optimize the delivery of new products, enhancements, and updates.
Enterprise Strategy Group validated that Google Cloud enabled Palo Alto Networks to provide differentiated security offerings to their mutual customers faster, easier, and cheaper using Google’s foundational technologies and services. Google is leveraging Palo Alto Networks’ expertise in an OEM relationship to deliver differentiation and enhance the value of Google Trusted Cloud with Cloud IDS.
Google Cloud offers broad and deep infrastructure and security support for ISVs developing solutions to secure their customers’ applications across the globe. Organizations that fully leverage everything that Google Cloud has to offer will find themselves able to bring massive scale to their solutions while providing broader visibility, faster analysis, and more effective response to their clients, without adding complexity.

This Enterprise Strategy Group Technical Validation was commissioned by Google and is distributed under license from TechTarget, Inc.

©TechTarget, Inc. or its subsidiaries. All rights reserved. TechTarget, and the TechTarget logo, are trademarks or registered trademarks of TechTarget, Inc. and are registered in jurisdictions worldwide. Other product and service names and logos, including for BrightTALK, Xtelligent, and the Enterprise Strategy Group might be trademarks of TechTarget or its subsidiaries. All other trademarks, logos and brand names are the property of their respective owners.

Information contained in this publication has been obtained by sources TechTarget considers to be reliable but is not warranted by TechTarget. This publication may contain opinions of TechTarget, which are subject to change. This publication may include forecasts, projections, and other predictive statements that represent TechTarget’s assumptions and expectations in light of currently available information. These forecasts are based on industry trends and involve variables and uncertainties. Consequently, TechTarget makes no warranty as to the accuracy of specific forecasts, projections or predictive statements contained herein.

Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of TechTarget, is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact Client Relations at cr@esg-global.com.

About Enterprise Strategy Group

TechTarget’s Enterprise Strategy Group provides focused and actionable market intelligence, demand-side research, analyst advisory services, GTM strategy guidance, solution validations, and custom content supporting enterprise technology buying and selling.