A comprehensive cloud security approach for state and local governments

While the digitization of government services and operations has helped enhance the constituent experience, it has also increased the cyber threat surface for governments of all sizes. In 2020, 79 ransomware attacks hit government organizations, amounting to nearly $19 billion in downtime and recovery costs¹. Other research indicates 34% of local governments worldwide were hit by ransomware in 2022². This year, the National Association of State Chief Information Officers (NASCIO) ranked "harmonizing disparate federal cybersecurity regulations" as their number one priority. To that end, Google Cloud is here to help government leaders develop a more  comprehensive approach to security – to help protect against attacks now and in the future.

We recently commissioned a cybersecurity survey asking workers—including government workers—how they feel about their cloud security solutions. The study reported that government employees are “very” concerned about cyberattacks and showed a lack of satisfaction with legacy software with more than 50% of the government workers responding that other products and services could help them do their jobs better. These concerns and challenges highlight some of our best opportunities for improved innovation.   

Build a comprehensive security approach

Historically, many state and local governments have implemented security measures on an as-needed basis due to limited resources, which can lead to overlooked vulnerabilities, inconsistent standards, and increased maintenance costs. As the threat landscape continues to evolve, government leaders need partners that can provide in-depth security to help protect, detect, and mitigate security breaches. 

Here are some of the ways that Google Cloud helps our state and local government customers maintain a strong security posture:

Never trust, always verify. We've taken a zero trust approach to our operations and are helping our government customers do the same with a secure, transparent platform that can give customers control over their data. We are delivering a proven zero trust architecture that allows our customers to operate with confidence. BeyondCorp follows the zero trust model that we’ve pressure-tested ourselves at Google; it's built for all levels of government security needs. 

“You don’t have to re-architect everything. You don’t have to start from scratch. You can make common-sense changes that can help you be better protected and less vulnerable to the most common attacks.” At Google Cloud, we're helping enable security policies within existing architectures while embedding cybersecurity as a core component in new ones,” says Chris Hein, Director of Customer Engineering, State and Local Government and Education.

Shift from reactive to proactive prevention.  The detection and mitigation of vulnerabilities and bad actors is an ongoing struggle to reduce response time.  Google relentlessly analyzes the global threat landscape for our customers, its own operations and the planet where discoveries from the likes of Project Zero and the Threat Analysis Group are applied in actively protecting everyone. Our Invisible Security initiative seeks to engineer-in our learnings to stem the tide and change its direction towards an offensive posture. 

To overcome agency challenges, our Chronicle Security combines on-premise and public cloud environment data with our global observations to rapidly detect threats. On the other end of the spectrum, examples like our software supply chain initiatives are helping public sector eliminate voids that later become embedded vulnerabilities. 

Continuous, autonomous detection. Google Cloud can help protect data with automatic detection, prevention, and management tools that are integrated into security systems. Our data analytics and warehousing tools are scalable for agencies of different sizes and budgets, enabling  state and local governments to gain valuable insights to help protect their data and applications.  Autonomic security operations helps government leaders monitor security both on premises and in the cloud. New York City Cyber Command (NYC3), for example, built a secure and scalable data pipeline to detect and respond to threats faster with Google Cloud, with the ability to ingest data from agencies’ cloud and on-premises sources. As a result, the City was able to continue providing critical services and help residents be safer in their digital lives.

Supporting state and local government

Google is investing $10B to advance cybersecurity and remains committed to helping our government customers stay ahead of security threats.  We know that government technology environments are complex, often including cloud, on-premises and hybrid systems. We also want to invite users to challenge us and other cloud providers to redefine trust requirements. The cloud environment offers many possibilities for government to use their data to further their mission, so protecting that data is of the utmost importance. With compliance requirements such as FedRAMP High and CJIS in place across many of our solutions, we're able to help our state and local government customers meet constituent needs while improving their overall security.  

For more information, watch GovTech’s ICYMI with Chris Hein, Head of Customer Engineering for Public Sector at Google Cloud, or explore the 2022 Google Cloud Security Summit sessions on demand.

References: 

1. _{https://www.comparitech.com/blog/information-security/government-ransomware-attacks}
2. _{https://cdn.statescoop.com/state-of-ransomware-in-government-2021.pdf}