Mandiant Incident Response Visit the Mandiant Incident Response page
Support Visit the Google Cloud Support hub
Careers Browse open positions at Chronicle
Chronicle Return to the Chronicle homepage
Security Operations Platform arrow_forward expand_more
Security Operations Platform

Explore the Security Operations Platform for the modern SOC.

Security Operations Platform
Overview Detect, investigate, and respond to cyber threats with speed, scale, and precision.
Detect Detect threats with confidence by storing and analyzing all your security telemetry at Google scale.
Investigate Get faster insights with context and depth of investigation to stay ahead of the latest breaches.
Respond Orchestrate tools, build automation, and collaborate with ease to respond in minutes.
Solutions arrow_forward expand_more
Solutions

Reimagine your security operations with affordable solutions.

Solutions
Mandiant Hunt for Chronicle Uncover hidden attacks with elite threat hunters by your side.
SOC Modernization Protect your organization against modern-day threats.
Cloud detection & response Improve investigation and response to cloud-based threats.
Service providers Attract new customers and keep existing ones coming back.
Chronicle CyberShield Helping Governments Defend Against Modern Threats
Why Chronicle arrow_forward expand_more
Why Chronicle

Rely on a modern approach to threat detection and response.

Why Chronicle
How we’re different Add Google speed, scale and intelligence to your SOC.
Our customers Discover how modern security teams use Chronicle.
Partners arrow_forward expand_more
Partners

We work together with our partners to help our customers protect themselves.

Partners
Overview Through product integrations and security expertise, together we bring more effective solutions to market.
Solutions for Small to Mid-Sized Business Expert resources for organizations with up to 2000 employees
Resources arrow_forward expand_more
Resources

Get to know us better. Find out what we’ve learned, what’s new, and what’s next.

Resources
Blog Get an inside view of the digital security landscape.
Knowledge Base Sortable whitepapers, datasheets, videos, and more.
Community Join security pros sharing SecOps content and best practices
Contact us Visit the contact us page
Chronicle Return to the Chronicle homepage
Security Operations Platform arrow_forward expand_more
Security Operations Platform

Explore the Security Operations Platform for the modern SOC.

Security Operations Platform
Overview Detect, investigate, and respond to cyber threats with speed, scale, and precision.
Detect Detect threats with confidence by storing and analyzing all your security telemetry at Google scale.
Investigate Get faster insights with context and depth of investigation to stay ahead of the latest breaches.
Respond Orchestrate tools, build automation, and collaborate with ease to respond in minutes.
Solutions arrow_forward expand_more
Solutions

Reimagine your security operations with affordable solutions.

Solutions
Mandiant Hunt for Chronicle Uncover hidden attacks with elite threat hunters by your side.
SOC Modernization Protect your organization against modern-day threats.
Cloud detection & response Improve investigation and response to cloud-based threats.
Service providers Attract new customers and keep existing ones coming back.
Chronicle CyberShield Helping Governments Defend Against Modern Threats
Why Chronicle arrow_forward expand_more
Why Chronicle

Rely on a modern approach to threat detection and response.

Why Chronicle
How we’re different Add Google speed, scale and intelligence to your SOC.
Our customers Discover how modern security teams use Chronicle.
Partners arrow_forward expand_more
Partners

We work together with our partners to help our customers protect themselves.

Partners
Overview Through product integrations and security expertise, together we bring more effective solutions to market.
Solutions for Small to Mid-Sized Business Expert resources for organizations with up to 2000 employees
Resources arrow_forward expand_more
Resources

Get to know us better. Find out what we’ve learned, what’s new, and what’s next.

Resources
Blog Get an inside view of the digital security landscape.
Knowledge Base Sortable whitepapers, datasheets, videos, and more.
Community Join security pros sharing SecOps content and best practices
Mandiant Incident Response Visit the Mandiant Incident Response page
Support Visit the Google Cloud Support hub
Careers Browse open positions at Chronicle
IDC Study: Customers cite 407% ROI with Google Chronicle. Learn More IDC Study: Customers cite 407% ROI with Google Chronicle. .
What can you learn from this Google-commissioned survey on cloud risk?
Dan Kaplan
Content Marketing, Google Cloud Security
July 20, 2022

Earlier this year, Google Cloud CISO Phil Venables authored a defining blog post about eight industry “megatrends” that are helping to drive cloud adoption. All eight, he explained, also intensify the security advantage of cloud versus on-premises environments – for example, the cloud encourages more eager security innovation, operates with a “shared fate” model, and accommodates speedier security features in updates.

But cloud is unfamiliar territory for many organizations, especially when it comes to detection and response because it is an environment – and attack surface – that can look quite a bit different than protecting the traditional data center.

How does that affect how a company perceives and addresses risk? Google recently partnered with Cloud Security Alliance to create a survey evaluating methods for measuring risk and risk governance.

These were the major findings of the survey, taken directly from the report, which you can download here:

1. As organizations adopt cloud, they are challenged to evaluate risk.

Internal data classification schemes and manual digital asset management methods are still the primary ways organizations are collecting, tracking, and organizing cloud assets. There is little consistency in how data is classified across cloud platforms and services.

2. Cloud risk evaluation faces challenges with growing business adoption of cloud

With cloud adoption numbers increasing, respondents shared that services are often evaluated at procurement only and not re-evaluated as product features or business environments change.

3. Tools for quantifying and measuring risk need to improve

Popular risk scoring tools for quantifying and measuring risk are not meeting expectations but there is a distinction of what tools are working better than others.

4. Monitoring, measuring, and reporting risk is difficult

A lack of reliable risk measurement has caused organizations to use more qualitative and less quantitative risk measurement methods.

Of course, any technological transformations as broad in scope as cloud deployment require an adjustment to the risk, compliance and audit practices that ensure they’re safely managed. But you shouldn’t assume that adopting cloud computing means there is more risk to manage, or that it will result in a net increase in risk at all. Cloud is as much a means of managing your security, resilience and other risks as it is a risk in its own right.

This Google Cloud whitepaper, “Risk Governance of Digital Transformation in the Cloud,” offers excellent suggestions for reducing risk in the cloud, including prioritizing organizational readiness, communicating with boards, and extending continuous monitoring.

It is that last recommendation which speaks to Autonomic Security Operations and its principle of continuous detection and continuous response (CD/CR). ASO is a combination of philosophies, practices, and tools that improve an organization's ability to withstand security attacks.

From a strictly detection and response perspective, an unfortunate common theme of many cloud migrations is that security operations requirements get deprioritized when organizations have tight timelines and budgets to drive their teams to the cloud.

This is because most SOC teams are too busy fighting proverbial fires and don’t have the spare cycles to focus on adapting their use cases to cloud workloads and modernizing their own infrastructure. However, moving to the cloud should be looked at as not only an opportunity to modernize the business, but a clean slate to revolutionize your security operations and the tech stack you use to support it. You can learn more by visiting chronicle.security.

Cloud Computing

Let’s work together

Ready for Google-speed threat detection and response?

Contact us Visit the contact us page