Google Cloud CISO Phil Venables on the future of cloud security

Can cloud providers help lift security's burden of endless compliance checklists and certifications?

In March 2021 Google Cloud announced a new offering called Risk Protection Program, which is designed to help its cloud customers reduce security risk and connect with Google’s insurer partners, Allianz Global Corporate & Specialty and Munich Re. The insurers created a specialized cyber insurance policy exclusively for Google Cloud customers, called Cloud Protection +.

The intent of the offering, which Google says is the first-of-its-kind partnership between a major cloud provider and leading cyber insurance companies, is to boost the confidence of organizations considering moving critical workloads to the cloud. The program includes a new security diagnostic tool called Risk Manager, which enables customers to measure and manage their risk on Google Cloud and obtain a report on their security posture and possibly pay less for more targeted cyber security insurance.

CSO recently spoke with Phil Venables, former CISO of Goldman Sachs and now vice president and CISO of Google Cloud, to discuss cloud security trends and the impact of services such as the new Google Cloud offering.

How much of an issue is it for CISOs to have to spend time filling out compliance questionnaires to certify their own cloud security posture for potential partners and customers?

Responding to customer, auditor, and regulator inquiries is a necessary part of operating any critical service. There has been a lot of progress in standardization of such assessment frameworks, not least in terms of the available certifications from ISO, SOC1/2 and more.