While the internet is now weaved into so much of business and life, Google believes it’s time to reinforce security in what they are calling a “watershed moment.” That’s why the search giant is taking steps to remedy the situation.
In August, they met at the White House for a cyber security meeting where they shared recommendations to advance a proactive agenda.
Google is committed to spending $10 billion over the next five years, which includes training 100,000 people in fields like IT support, data privacy, and overall security for the web and the software that supports the infrastructure of the internet.
Google also plans to enhance its zero-trust programs and open-source security, as well as secure the software supply chain.
One of their main concerns was how organizations continue to rely on old software rather than upgrading to modern security practices. Even many governments still rely on all vendor contracts that restrict their choices while increasing costs, and at the same time creating privacy concerns.
They point out how cyber criminals target weaknesses in the software supply chains to breach systems, and many countries don’t have enough people trained to handle these instances. Thus, by training more people, Google hopes to fill the demand for experts to address these concerns.
Google has already begun working to make the web more secure. As they say on their blog, “We keep more users safe than anyone else in the world — blocking malware, phishing attempts, spam messages, and potential cyber attacks.”
The Zero-Trust Security Model
Zero-trust computing is what the name implies: it’s where any person, device, or network must earn trust before getting access to a system. It means never trusting anything inside or outside automatically, but first verifying everything to confirm it’s authentic before allowing it to interact with a website, or network etc.
Google said they’ve implemented this at the highest levels, including the White House. “This is necessary to address events like Solarwinds, where attackers used access to the production environment to compromise dozens of outside entities.”
Working to Secure the Software Supply Chain
The Solarwinds incident brought the industry a deeper realization of the risks of supply chain attacks.
Google mentions how the majority of modern software uses open source scripts. The search giant says that’s why they “worked with the Open Source Security Foundation (OpenSSF) to develop and release Supply-chain Levels for Software Artifacts (SLSA or ‘salsa’), a proven framework for securing the software supply chain. In our view, wide support for and adoption of the SLSA framework will raise the security bar for the entire software ecosystem.”
Google is also providing $100 million for foundations like OpenSSF to “manage open source security priorities and help fix vulnerabilities.”
This is a good reminder to website developers to verify vendors, to confirm they are trustworthy before implementing their software on websites.
Training 100,000 New IT and Security Workers
Google recognizes how full-scale cyber security relies on real people. It’s people who can design and execute the best security solutions. And it’s people who can make others aware of risks and the proper ways to protect websites and software in general.
Google’s three-year plan is to help 100,000 Americans earn Google career certificates to boost the security workforce. They mention how the certificates are industry recognized and designed to give students the skills they need for great-paying jobs in fast-growing careers.
Google will also train over 10 million Americans in digital skills from basic to advanced by 2023, emphasizing that, “Leading the world in cybersecurity is critical to our national security.”
What This Means for Your Website
You can start to strengthen the security of your website by implementing zero-trust security, and checking all the sources and vendors who supply services or software for your site. Make sure that all services and software are acquired through a reputable company.
One of the major issues Google noticed is that companies are using legacy software, so ensuring your various Applications are updated is a great way to boost security.
Also, keeping site software like WordPress and various plug-ins updated is essential for maintaining a secure site.
If you’re interested in learning more about how to boost the security for your site, feel free to reach out to the experts here at Hall.