How Google Cloud AI and Assured Workloads can enhance public sector security, compliance and service delivery at scale

The public sector’s IT modernization journey into the cloud is taking a new and revolutionary turn as agency leaders grapple with how to harness AI’s power to help them securely manage the volume and velocity of their workloads.

One challenge that remains at the forefront of those efforts is ensuring that today’s increasingly dynamic and distributed IT environments continue to meet the government’s complex security, regulatory and data privacy compliance rules — while learning how best to capitalize on AI’s potential to serve the public.

Google Cloud’s understanding and recognition of those challenges was widely reflected in a series of sweeping announcements at last week’s Google Cloud Next ’24, that promise new levels of security, flexibility and AI-assisted capabilities to Google Cloud’s public sector customers.

Building AI capabilities within protected workspaces

When it comes to securely managing public sector data, agencies using Google Cloud gain immediate benefits by building on top of its foundational architecture. Because the architecture was built for the cloud and also incorporates a substantial portion of federal security controls, it’s possible to demonstrate security compliance and obtain operating authority in weeks instead of months when folding in applications like Workspace or AI models like Gemini.

Another way agencies can enhance the security of their workloads is by using the Google Cloud Assured Workloads, which also have foundational government security compliance assurances built in, according to a panel of technology experts speaking at Google Cloud Next ’24.

The panelists, representing NASA, Palo Alto Networks, SAP and Google Cloud, argued that using zero-trust and compliance-as-a-code technologies has become essential to creating and maintaining easily reproducible compliant workload environments. That’s in part because of the diversity of government agency compliance requirements, from FedRAMP to the Department of Defense Impact Level 2, 4, and 5 security controls. 

By deploying workloads in pre-certified, software-defined environments set up to limit activity to compliant products and restrict where data can flow and who can access it, agencies can better ensure their workloads meet government requirements.

“Moving to Assured GCP is not just an upgrade; it’s a transformational leap forward,” said Collin Estes, the CIO of MRI Technologies working at NASA.

He pointed to two benefits: The “ability to generate compliant documentation as both a product of these large language models as well as helping us produce very well-structured definitions of what we’re doing, based on your actual implementations within Google Cloud. It is not a human saying, here’s what we do. It is us generating what we do from our environment. I think that’s going to really change the game in terms of how federal agencies manage risk across these portfolios.”

Among other benefits, the panelists pointed to:

Streamlining software development – Transitioning to Assured GCP allows government bodies to leverage and deploy cutting-edge technologies and methodologies, such as containerization and microservices, with unprecedented ease.

Focusing on the mission – By moving to Assured GCP, organizations can shift their focus from the backend to what truly matters—their mission. This shift represents not just an operational change but a philosophical one, where technology becomes an enabler rather than a hurdle in support of agency missions.

According to Palo Alto Networks Senior Manager Michael Clark, another reason for adopting Assured Workloads is the volume of data and the compute intensity with all this data. “We’re at that critical pivot point. We’ve been using this data to learn new threats and find zero-day threats so that we can enforce zero trust, improve security protection mechanisms, and map into new areas of innovation for threat detection and automated remediation.”

When building a compliant environment, SAP’s NVP Architecture and Product Launch, Hunter Downey, urged session attendees “to build it within a framework that I can ensure controls are in place, so I can rinse and repeat across 20 to 100 different teams, potentially touching 1,000 or 5,000 developers. If you start with the lowest common denominator, you’re going to fail. The reason why we partnered with GCP Assured Workloads is because you’re able to control the flow of information and messages. The minute the data goes global, it’s a different jurisdiction.”

Among other AI-related developments announced at Google Cloud Next ‘24:

• Google Public Sector achieves Top Secret and Secret cloud authorization. 

• Gemini for Google Cloud is a new generation of AI assistants for developers, Google Cloud services and applications that help users work and navigate security challenges more effectively.
• See more announcements here. 

Learn more about how Google Public Sector can help your organization “Kickstart your AI and security journey”.

This article was produced by Scoop News Group and sponsored by Google Public Sector. Google Public Sector is an underwriter of AI Week.