How Google Cloud helps government agencies stay ahead of security threats

Cybersecurity remains a top national concern, and Google Cloud is committed to providing government agencies with the security capabilities they need to accomplish their missions. At the annual Google Cloud Security Summit Today, we’re excited to share updates on how we’re helping governments around the world address their pressing security challenges and meet the demands of new and evolving cybersecurity mandates.

Introducing the Assured Open Source Software Service

Google Cloud announces its new Assured Open Source Software (OSS) service to help improve software supply chain security, a primary goal of White House Executive Order 14028 on improving the cybersecurity of the nation. Assured OSS can help make the open source ecosystem more secure and help government agencies identify, assess, and respond to cybersecurity risks at all levels of an organization’s supply chain, in accordance with guidance from the National Institute of Standards and Technology (NIST) in support of OE.

We continue to work closely with government leaders to innovate and develop initiatives and frameworks that strengthen open source software and the software supply chain. For example, Google launched the Supply Chain Levels for Software Artifacts in June 2021. Also known as the SLSA framework, it formalizes software supply chain integrity criteria to help industry and the open source ecosystem to secure the software development lifecycle. We also introduced Open Source Insights, which helps developers better understand the structure and security of the software they use. Assured OSS, which is expected to enter preview in Q3 2022, reflects our continued commitment to building more secure security practices across government.

Transform security analytics and operations

The Google Autonomic Security Operations (ASO) solution is available to help public sector agencies and government leaders meet the requirements outlined in EO 14028 and OMB M-21-31 for cybersecurity analysis and threat management.

Powered by Google Chronicle and Siemplify, ASO can enable agencies to comprehensively manage cybersecurity telemetry in an agency, support the event logging level requirements of White House guidelines, and ultimately, to transform the scale and speed of detecting and responding to threats. ASO can also help government agencies support continuous detection and continuous response so cybersecurity teams can increase productivity, reduce detection and response times, and stay one step ahead of attackers.

Expand our government compliance

To continue to meet the government’s security and compliance needs, we are extending guaranteed workloads to enable regulated workloads to run securely at scale in Google Cloud infrastructure. We are also pleased to announce that 14 new Google Cloud services1 supports FedRAMP Moderate and three services2 are added to support FedRAMP High – with more to come this summer.

To help meet the Zero Trust requirements outlined in EO 14028, Google Cloud provides a range of features to help federal agencies move toward a Zero Trust architecture. Google Cloud’s BeyondCorp Enterprise can improve government agencies’ ability to implement and scale Zero Trust secure access to applications and data on-premises or in any cloud. For the Defense Innovation Unit (DIU), Google Cloud is implementing a secure cloud management solution, which leverages Anthos, our container deployment and orchestration solution, to provide a scalable alternative and highly responsive to the Department of Defense’s current network boundary security architecture. Google Cloud also offers a range of professional services engagements to help accelerate agency adoption of cloud and Zero Trust architectures.

We are proud to help government agencies innovate safely, and we will continue to seek federal certifications to meet their needs. For more information about our work with the federal government and our security capabilities, please visit our Google Cloud for US Federal Cybersecurity webpage.

1 New FedRAMP Moderate services include: Anthos Config Management, Anthos Service Mesh, Assured Workloads, Binary Authorization, Certificate Authority Service, Cloud External Key Manager, Cloud Run for Anthos, Cloud Scheduler, Cloud Tasks, Connect Service Directory, Document AI, Game Servers , and Secret Manager2 New FedRAMP High services include: Cloud Admin Console, Cloud Data Loss Prevention and Cloud Logging



Google is a trusted technology partner that understands how to help agencies transition from legacy architectures and use their data to drive true mission success. Google Cloud Platform provides cloud-native infrastructure with layered security, machine learning, and web-scale analytics to innovate quickly and advance agency goals.

See more stories by Google

Ashley C. Reynolds