TECHNICAL VALIDATION

How to Deliver Successful AI Projects by Reducing Risk and Boosting Performance

Google Cloud Security Ecosystem—Wiz

How to Deliver Successful AI Projects by Reducing Risk and Boosting Performance

Leveraging the Google Platform to Accelerate the
Delivery of Differentiated Security Offerings

By Tony Palmer, Practice Director and Principal Analyst, Validation Services
Enterprise Strategy Group

December 2023

Introduction

This Technical Validation from TechTarget’s Enterprise Strategy Group documents our evaluation of the Google Cloud Security Ecosystem. Our analysis focused on how the Google Cloud enables cybersecurity independent software vendors (ISVs) to provide differentiated security offerings and capabilities, accelerate time to market, and help their customers secure their cloud applications.

Background

Momentum for digital transformation is accelerating, and organizations are under increasing pressure to improve productivity and drive innovation to serve their customers and are leveraging cloud services to meet that demand. In fact, 86% run production workloads on public cloud infrastructure/platforms, and organizations are increasingly adopting a cloud-first policy for new applications.
Cloud services enable teams to modernize their application development processes for greater operational efficiency, which helps them meet their digital transformation objectives, including becoming more operationally efficient, providing a better customer experience, using technology that enables collaboration, and improving product development.
Figure 1. Cloud-first Policy for New Applications on the Rise
Organizations recognize the growing complexity across their IT environments and the ongoing cybersecurity skills gap is not making things any easier. In fact, 42% of respondents told Enterprise Strategy Group that cloud computing security was one of the most difficult roles for them to fill. They are looking for ways to efficiently manage risk to support the demands of their businesses with the move to the cloud.
This has serious implications for cybersecurity solution vendors. Organizations with mission- and business-critical workloads in the cloud need to be confident that they can control and secure their environment, and trust in their technology partners is key. ISVs need access to sophisticated tools to enhance their development efforts across the development lifecycle. ISVs should be looking for a partner that can provide capabilities and expertise that add value. A partner that offers not just infrastructure, but go-to-market support, network analytics, visibility, integration opportunities, and complementary security capabilities will let them focus on their core mission rather than tooling and support infrastructure.

The Google Cloud Security Ecosystem

Google Cloud is designed, built, and operated with security as a primary design principle to help protect its customers against threats in their environments. Google layers on security controls to enable organizations to meet their own policy, regulatory, and business objectives. Customers can leverage elements of Google’s compliance framework in their own compliance programs.

Google Cloud secures more than three billion users globally. To accomplish that, Google’s cloud infrastructure can’t rely on any single technology to make it secure. Google’s stack builds security through progressive layers designed to deliver true defense in depth, and at scale.

• Google Cloud’s hardware infrastructure is designed, built, controlled, secured, and hardened by Google.
• Google Cloud’s infrastructure—designed from the ground up to be multi-tenant—uses a zero trust model for applications and services, with multiple mechanisms to establish and maintain trust. This means that only specifically authorized services can run and only specifically authorized users and processes can access them.
• Data is automatically encrypted at rest and in transit and distributed for availability and reliability to help protect against unauthorized access and service interruptions.
• Strong authentication protects access to sensitive data with advanced tools like phishing-resistant security keys to verify identities, users, and services.
• Google’s network and infrastructure have multiple layers of protection that guard customers against denial-of-service attacks and communications over the internet to its public cloud services are encrypted in transit.
• At the top of the stack, Google develops and deploys infrastructure software using rigorous security practices, employing round-the-clock operations teams to detect and respond to threats to the infrastructure from both internal and external threat actors.
Google Cloud aligns with the needs of security ISVs and helps them deliver better, more capable offerings, faster. Google Cloud’s economies of scale, software-defined infrastructure, simplicity, shared responsibility, automation, and global reach help ISVs accelerate time to market and optimize the delivery of new products, enhancements, and updates.
Google operates from the precept that clients are always in control of their data. Google is committed to transparency in data handling. Google’s privacy commitments and data processing addendum clearly state that Google does not use cloud customer data for advertising, any AI model, or product improvement. Google adheres to their clients’ data storage, processing, and management preferences, so organizations control what happens to their data. In addition, all Google customers benefit from the privacy protections and fine-grained security controls built into Google Cloud by default.
Google’s products regularly undergo independent third-party audits with over two million control instances audited annually. Google maintains certifications, attestations of compliance, or audit reports against standards and regulations enforced across the globe. Google Cloud supports customer risk management and regulatory compliance needs with dedicated teams, offering compliance validation, support for due diligence, and security assessments, with an ongoing commitment to continuous assurance.
Google Cloud hardware infrastructure is custom designed by Google to precisely meet stringent requirements, including security. Google’s servers are designed for the sole purpose of providing Google services. Its servers are custom-built and don’t include unnecessary components that can introduce vulnerabilities. The same philosophy is imbued in Google’s approach to software, including low-level software and its operating system, which is a stripped-down, hardened version of Linux. Google designs and includes hardware specifically for security—Titan, its custom security chip, is purpose-built to establish a hardware root of trust in its servers and peripherals. Google also builds its own network hardware and software to optimize performance and security. Finally, Google’s custom data center designs include multiple layers of physical and logical protection. Owning the full stack enables Google to control the underpinnings of its security posture with far greater precision than is possible with third-party products and designs. Google can take steps immediately to develop and roll out fixes for vulnerabilities without waiting for another vendor to issue a patch or other remediation, greatly reducing exposure for Google and its customers.
Google was an early proponent, designer, and practitioner of zero trust computing. Google developed foundational concepts that underpin zero trust architectures with its Beyond Corp and Beyond Prod models. Operating this way has helped to protect its internal operations over the last decade. Google’s zero trust architecture ensures that only the individual with the correct identity, accessing only the machines specifically authorized by the correct code, is accessing just the data they are authorized to, in the correct context. Beyond Prod uses these same core principles to enable partners and Google Cloud customers to protect their operations in the same way, focusing on their own assets and resources and the entities and groups accessing them.
Layered over this foundation of trust are the tools and technologies that Google Cloud provides its partners— that they traditionally had to build in-house—to augment their capabilities. The Security Ecosystem uses Google Cloud capabilities to provide trusted security in the cloud, on-premises, at the edge, and everywhere in between.
Figure 2. Google Cloud Security Ecosystem Overview

Source: Enterprise Strategy Group, a division of TechTarget, Inc.

Google’s Data Cloud enables organizations to digitally transform with a unified, open, and intelligent data cloud platform.
• Data Cloud enables organizations to manage every stage of the data lifecycle, including databases, business intelligence (BI), data warehouses, data lakes, and streaming on a unified data platform.
• Data Cloud is open and standards-based for portability and flexibility with an extensive partner ecosystem, designed for multi-cloud environments.
• Data Cloud incorporates built-in intelligence and AI/ML, with comprehensive tools and processes. Organizations can leverage pre-trained models accessed via APIs and low-code custom training and solve real-world problems quickly with integrated analytics and an AI platform, BigQuery ML. ML model development and experimentation is fast-tracked with Vertex AI, an end-to-end ML platform.
• Security AI Workbench provides generative AI for security solutions. Security AI Workbench is a platform that enables security partners to extend generative AI to their products, bringing threat intelligence, workflows, and other critical functionality to customers, while retaining enterprise-grade data protection and sovereignty.
Google’s Open Cloud gives partners and customers the freedom to securely innovate and scale across data centers, edge locations, and the cloud on a transformative, open platform designed to be easy.
• Google has a long history of leadership in open source including projects like Kubernetes, TensorFlow, and others. Open source gives organizations the flexibility to deploy— and, if necessary, migrate— critical workloads across or off public cloud platforms.
• Google Open Cloud gives organizations the flexibility to build and run apps anywhere. Anthos, the modern application platform that extends Google Cloud services and engineering practices to hybrid and multi-cloud environments delivers portability that helps teams modernize apps faster and establish operational consistency across them.
• Open Cloud provides autonomy and control over infrastructure and data, enabling organizations to manage all their apps—both legacy and cloud-native—while meeting sovereignty, regulatory, and policy requirements.
Data protection is core to everything Google does. Trusted Cloud helps partners and customers protect what's important with advanced security tools.
• The Google Cybersecurity Action Team (GCAT) is Google’s security advisory team, with the singular mission of supporting the security and digital transformation of governments, critical infrastructure, enterprises, and small businesses.
• Google BeyondProd helps create trust between microservices—beyond what is possible with traditional network perimeter protections such as firewalls—using characteristics such as code provenance, service identities, and trusted hardware. This trust extends to software that runs in Google Cloud and software that is deployed and accessed by Google Cloud customers.
• Google has produced numerous foundational innovations. Google invented now-standard technologies such as Kubernetes and was an early proponent, designer, and practitioner of zero trust computing.
Support for DevSecOps includes secure software supply chain (S3C).
Google Workspace
Google Workspace has its own ecosystem of cybersecurity partners to extend its native security capabilities. This provides an opportunity for security ISVs to reach Google Workspace enterprise customers. Google Cloud is committed to helping customers achieve their security and risk mitigation goals, while enabling partners to deliver applications and capabilities that give customers greater security, agility, and resilience, all with significant cost savings. Google Cloud’s best practice guidance and tools help ISVs deliver their products securely and at scale.

Enterprise Strategy Group Technical Validation

Enterprise Strategy Group examined how Wiz works with Google Cloud to help organizations consolidate multiple cloud security solutions with agentless visibility across Kubernetes, container, and cloud environments.
Wiz for Google Cloud
Powered by Google Kubernetes Engine (GKE), Wiz helps identify assets, detect and prioritize threats, and automate response. Wiz integrates with Google’s native security capabilities to help organizations perform full-stack cloud inventories to identify all assets across multiple clouds and architectures, correlating exposed secrets, cloud keys, and certificates in cloud environments, workloads, and technologies to identify risks.
Wiz integrates with Google Cloud Security Command Center (SCC) to add context to cloud events and detected threats. This information is correlated against other cloud risk factors to synthesize a single, prioritized view of issues in the Wiz Security Graph. Wiz incorporates the rules from Google Cloud Identity Access Management Recommender to promote the use of least-privileges and reduce the risk of lateral movement between VMs or containers via a Google Cloud role with higher permissions.
Wiz detects misconfigurations and enables customers to automate the remediation using Google Cloud services such as Cloud Pub/Sub and Cloud Functions. Problem resolution is accelerated using automated least-privileges actions, and teams are alerted to detected issues via integration with Google Chat.
Figure 3. Wiz Security Graph Visualization

Source: Wiz and Enterprise Strategy Group, a division of TechTarget, Inc.

Wiz and Google Cloud work together to provide a complete cloud-native application protection platform (CNAPP) with multiple capabilities, including:
• Agentless cloud security posture management. Provides complete visibility across containers and Kubernetes, serverless environments, and the Data Cloud, including Vertex AI and Cloud SQL. Enables a partnership between developers and security to resolve issues across the application lifecycle.
• Compliance. Allows continuous automated compliance assessments and posture scores across more than 100 industry-standard compliance frameworks, including public sector, financial services, and healthcare. Custom frameworks and privacy regulations, such as GDPR, are also supported.
• Data security posture management. Scans for and protects sensitive data, such as personally identifiable information, protected health information, and payment card industry data, across the cloud environment with immediate alerts when exploitable exposure paths are exposed. Wiz protects AI investment by securing the data used by Vertex AI. Wiz identifies where AI data sets have sensitive data that could be exposed through misconfigured endpoints or permissions. Also, Wiz protects AI instances from data poisoning that could negatively influence models to produce incorrect and misleading results.
• Cloud detection and response. Correlates threats with the underlying cloud architecture, monitors human and machine identities, and prioritizes, investigates, and responds quickly to threats using cloud-native incident response. Wiz ingests threat events from SCC Event Threat Detection and adds context to them. Wiz correlates threat events against other cloud risk factors to synthesize a single, prioritized view of issues in the Wiz Security Graph.
• Cloud workload protection. Uses combined workload, cloud, and business context to quickly identify and address risks. The Wiz Runtime Sensor is an eBPF-based executable designed to offer real-time visibility into cloud and Kubernetes workloads. Wiz sensors monitor running processes, network connections, file activity, system calls, and more to detect malicious behavior affecting the workload.
• CI/CD, security infrastructure as code (IaC), VM/container image, and registry scanning. Brings developers and DevOps teams together into the risk remediation process with a platform that provides a single source of truth.
Figure 4. Wiz Compliance Heatmap

Source: Wiz and Enterprise Strategy Group, a division of TechTarget, Inc.

Google Cloud and Wiz deliver benefits to their mutual customers to address urgent cloud security and compliance needs:
• Mitigating risk. By eliminating blind spots in their multi-cloud environments, organizations can identify and prioritize vulnerabilities wherever they exist. Quickly remediating the most critical risks helps organizations protect their most important assets more effectively. Wiz provides the context required to accelerate threat detection and response and minimize the impact of detected incidents.
• Improving efficiency. Agentless scanning, powered by GKE, eliminates both the overhead of agents and the organizational friction of overcoming developer resistance. Automated response means that personnel can focus more effectively on core security priorities without the distraction of continuous alerts. Automated governance helps maintain security standards without diverting team focus. Wiz lets customers group cloud resources together into Wiz projects so each engineering team can focus on the risk in their own environment. This structure provides engineering teams with the context to remediate issues without security team oversight.
• Reducing costs. Organizations can replace many existing point security products—along with licensing, deployment, integration, and support costs—with a single solution that will scan the entire cloud environment, detect and analyze risks, and manage cloud entitlements and configurations.
• Accelerating digital transformation. Wiz integrates pre-deployment to scan container images, VM images, and IaC to prevent issues in production. This enables developers to focus on building services and driving integration without having to worry about security. Wiz CNAPP is agentless, eliminating the need for regression and impact testing, and helping security teams confidently identify risks across fast-evolving environments without impeding developers. Wiz helps organizations accelerate innovation by securing AI used in Google Cloud, ensuring that businesses have reliable and secure data to make decisions.

Why This Matters

The vast majority of modern organizations are leveraging the cloud to improve productivity, drive innovation, and gain or maintain competitive advantage.5 Modernizing applications and services with cloud technologies can outpace organizations’ ability to secure their environments. Organizations need to visualize and understand the relationships between the layers of configurations, networks, and identities that make up their environments.

Organizations typically adopt numerous point-based security tools to try to gain control in their effort to close visibility gaps, but this makes a unified, coherent view challenging, to say the least. Google Cloud provides Wiz with the agility and seamless scalability needed to provide rapid visibility into critical risks, including the context and actionable insights needed for immediate remediation for new customers within minutes of deployment.

Building its solutions using Google Kubernetes Engine on Google Cloud and leveraging Google Cloud-managed solutions and native security services means that Wiz can reduce the time and resources expended on infrastructure management and concentrate on developing new solutions that meet their customers’ specific needs.

Conclusion

Cloud services are an integral part of organizations’ efforts to increase productivity and drive innovation to serve their customers and organizations are increasingly adopting a cloud-first policy for new applications. Cloud services enable ISVs to modernize their application development processes to meet their digital transformation objectives.6 Finding and retaining skilled cloud security professionals is a significant challenge, which presents a market opportunity for cybersecurity ISVs who develop and deliver solutions to help customers efficiently manage risk and protect their businesses with the move to the cloud.
Cybersecurity vendors need a better way to scale with modern development cycles to address security issues and stay ahead of threats. They also need to be able to monitor cloud workloads to detect security issues and respond quickly to threats to protect their customers and their data.
Google’s cloud infrastructure stack builds security through progressive layers designed to deliver true defense in depth, which is how Google Cloud secures more than three billion users globally. Enterprise Strategy Group validated that Google Cloud aligns with the needs of security ISVs and helps them deliver better, more capable offerings, faster. The ISVs we interviewed confirmed that Google Cloud’s economies of scale, software-defined infrastructure, simplicity, shared responsibility, automation, and global reach help them accelerate time to market and optimize the delivery of new products, enhancements, and updates.
Enterprise Strategy Group validated that Google Cloud and Wiz work together to deliver simplified security to their customers, improving visibility and security for their environments and their data. “To serve our customers wherever they are, we built our environment using Google Kubernetes engine,” said Wiz’s vice president of development, Roy Reznik. “It was effortless to develop…we were up and running in less than a month,” added Yinon Costica, vice president of product. This focus on simplicity provides Wiz with the scalability and agility needed to significantly accelerate time to detection and remediation for new customers.
Google Cloud offers broad and deep infrastructure and security support for ISVs developing solutions to secure their customers’ applications across the globe. Organizations that fully leverage everything that Google Cloud has to offer will find themselves able to bring massive scale to their solutions while providing broader visibility, faster analysis, and more effective response to their clients, without adding complexity.

This Enterprise Strategy Group Technical Validation was commissioned by Google and is distributed under license from TechTarget, Inc.

©TechTarget, Inc. or its subsidiaries. All rights reserved. TechTarget, and the TechTarget logo, are trademarks or registered trademarks of TechTarget, Inc. and are registered in jurisdictions worldwide. Other product and service names and logos, including for BrightTALK, Xtelligent, and the Enterprise Strategy Group might be trademarks of TechTarget or its subsidiaries. All other trademarks, logos and brand names are the property of their respective owners.

Information contained in this publication has been obtained by sources TechTarget considers to be reliable but is not warranted by TechTarget. This publication may contain opinions of TechTarget, which are subject to change. This publication may include forecasts, projections, and other predictive statements that represent TechTarget’s assumptions and expectations in light of currently available information. These forecasts are based on industry trends and involve variables and uncertainties. Consequently, TechTarget makes no warranty as to the accuracy of specific forecasts, projections or predictive statements contained herein.

Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of TechTarget, is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact Client Relations at cr@esg-global.com.

About Enterprise Strategy Group

TechTarget’s Enterprise Strategy Group provides focused and actionable market intelligence, demand-side research, analyst advisory services, GTM strategy guidance, solution validations, and custom content supporting enterprise technology buying and selling.