Skip to Content

Unleash your business edge with a “shared fate” approach to cloud security

Michael Wasielewski Jr
23 Sep 2024

Exploring how embracing cloud security on Google Cloud Platform can transform your business in an interconnected world. 

Many companies are prepared for the security challenges that will come their way, but others are far from ready – and that is a risky divide. Data security can literally make or break a business, but so many enterprises view it solely as a defensive practice. And the threats are significant. The global damage total from cybercrime is expected to reach $10.5 trillion by 2025. This is only made worse by ongoing global skills shortage, geopolitical challenges, and supply chain vulnerabilities.  

The rise of artificial intelligence improves and complicates the situation. Security teams can leverage AI to enhance compliance, data analysis, and defense strategies, but malicious actors will benefit too. AI-driven phishing scams, for example, will threaten both personal information and corporate defenses. Our recent report  concluded that “48 percent of business executives rate data protection and privacy concerns as among the biggest risks associated with generative AI.”

While security for generative AI use cases is still a work in progress, any organization using Gen AI applications must consider the security implications and put measures in place – whether using Gen AI tools for specific business use cases, or looking at preventing Gen AI-powered malicious activities.  

Security is essential for preventing threats but the tendency to see it only as a defense can create negative perceptions and may cause businesses to act out of fear. 

There is a different approach: security can be deployed as a business enabler. Of course, security operations and compliance are essential defensive practices as well, but enterprises that consider security operations to be more than just a necessary part of doing business can begin to leverage security as a tool for strategic growth. 

Transforming business security: Google Cloud Platform’s “shared fate” approach 

Unlike other hyperscalers that provide customers with security components but let them assemble these themselves—often leading to errors—Google Cloud Platform (GCP) adopts a more collaborative approach with its clients. 

This starts with the build and deployment and continues through the lifecycle of their applications. Google takes a “shared fate” approach to security, meaning the company invests heavily in client outcomes – providing more prescriptive guidance and blueprints, which optimizes security in an opt-out approach that reduces overall risk as services in the cloud are built and migrated. Google also provides tools like Risk Manager at no additional cost to help clients manage ongoing security and compliance.  

We bring GCP into the fold along with our best-in-class tools to manage our clients’ total estate – whether Google is the sole security vendor or one of many. Then we layer in a nuanced approach based on domain expertise and sector-specific needs. For example, thanks to our in-depth expertise in the unique security needs of the financial services sector, we can bring more specific control blueprints for things like SEC regulation compliance in the US, while also keeping an eye toward the future on new regulations like DORA in the EU. And this is equally the case in a wide range of sectors – from manufacturing to healthcare to aerospace and defense. 

While GCP’s security blueprints provide very good baselines, our experience and expertise in industry empowers us to bring more granular and audit-proven security controls for client-specific verticals. We build on top of GCP security solutions to add our compliance and regulatory expertise and augment risk transfer solutions by way of continuous compliance, which allows clients a real-time understanding of their security state. 

This level of granularity often relieves security concerns at the board level and enables enterprises to better optimize their cyber insurance posture, to keep insurance costs down while maintaining advanced coverage. 

Security can be an accelerator for business, paving the way for innovation and growth by fostering trust and confidence. That’s why we go beyond safety and compliance: we aim to deliver security solutions that allow our partners to grow and thrive. Here’s how. 

Security operations as a business enabler 

Capgemini’s approach to building and delivering cloud security solutions is both progressive and pragmatic – and driven by four key principles. 

  1. Cloud infrastructure as an enabler – Cloud infrastructure enables all facets of security operations to be accomplished faster, more transparently, and more completely. Cloud security tools offer flexibility and agility, which ultimately improves security. 
  2. Security is as much about culture as it is about strategy – When building and implementing a cloud security strategy, we believe it’s important to create support at all layers of the organization. Security needs to be an embedded partner and cannot be perceived as outside the team. 
  3. The importance of starting with a solid foundation – Security has a critical role to play in overall delivery velocity, and automation here is key. But when you’re building automation, you need to have the right foundation first. 
  4. Consider the future carefully – You don’t necessarily need to immediately adopt new security paradigms such as Zero Trust, self-healing apps, or AI for Security, but you do need to understand how they may change your business in the long run. 

We take a lifecycle approach to our cloud security portfolio, ensuring we fulfill clients’ needs no matter where they are on their journey to a secure cloud. For example, clients in the beginning of their cloud maturity model often benefit from quickly establishing effective governance and building appropriate compliance tooling. We work with them to establish their security foundations, while clients that already have governance or a consolidated cloud team often look for validation and ongoing assessment support. For them we look at cloud adoption, modern framework and workload assessments, and ongoing support as they establish their cloud security best practices.  

We leverage our experiences across more than 3,900 customers and 15 operations centers, as well as the best of GCP’s tools, such as Chronicle SecOps’ speed and scale, threat hunting capabilities, and advanced analytics to ensure comprehensive security protocols are in place for all Gen AI applications and use cases. Together with Capgemini’s 24×7 monitoring and expertise with almost 100 playbooks, it’s a winning combination to help our clients achieve concrete business outcomes – over and over again. 

Interested in exploring the “shared fate” approach to cloud security with Google Cloud Platform? Contact us for more information and an assessment – googlecloud.global@capgemini.com 

Author

Michael Wasielewski Jr

Global Head of Cloud Security Services, Capgemini
Michael is responsible for global cloud security and next-gen secure architecture portfolio development. He brings a robust background ranging from network operations and engineering to running global information security teams and modernizing enterprises through their cloud and workplace journeys, as well as executing as a global cloud security specialist for AWS. When not playing video games with his two kids or struggling to learn French, you can often find Michael arguing about what zero trust really means, why you are almost always more secure in the cloud, and why New York-style pizza is the best.