Modern Insurance Magazine Issue 65
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
INSURTECH<br />
2. Shared Fate<br />
We also touched on this idea of Shared Fate, where<br />
Google Cloud is going beyond the shared responsibility<br />
model which most cloud providers focus on. In the Shared<br />
Responsibility Model, a cloud provider is responsible for<br />
the security of the infrastructure, while the customer is<br />
responsible for maintaining a secure configuration on top<br />
of that.<br />
While the setup might be technically correct, this can<br />
create an ‘Us vs. Them’ model. Alternatively, Google<br />
instead wants to partner more deeply with customers,<br />
providing more default guidance and ensuring that<br />
security is built into our products and not ‘bolted on’.<br />
This will help us to tackle the broader cyber risk landscape<br />
together, partnering with the insurance industry to provide<br />
access to cyber insurance via a program that I oversee<br />
called the Risk Protection Program. Shared Fate is now<br />
really built into our ethos as a company, and you’ll see it<br />
in many things we do.<br />
3. Mandiant Expertise<br />
We also had our Mandiant Threat Intelligence and<br />
Mandiant Consulting teams speak at Cyber Day, and it’s<br />
truly incredible to hear firsthand from leaders on the front<br />
line. Mandiant talked through the latest trends in what<br />
they’re seeing by way of threat actor activity, and how<br />
organizations should best respond.<br />
As a Risk Manager, it’s important to work with incident<br />
response providers that are experienced in what they<br />
do. In insurance terms, this can reduce the frequency of<br />
an event by applying their threat intel and suggestions<br />
to harden an environment; however, it can also greatly<br />
reduce the severity of an event if you work with the right<br />
incident response provider from the start. The integration<br />
that Mandiant has with the insurance industry, and the<br />
impact they have when given the chance to remediate<br />
incidents quickly, was truly incredible to see.<br />
Q<br />
In this era of ‘work from anywhere’, how are providers<br />
like Google positioned to stave off cyberattacks that<br />
occur in the Cloud?<br />
We’ve put some Cloud Security Megatrends<br />
principles together, which will form the best general<br />
A reference material when it comes to discussing<br />
how cloud providers can help drive security. There’s lots<br />
of good content in there that speaks to how the divide<br />
between security in a cloud environment vs. an on-premise<br />
environment will widen over time, simply because these<br />
trends will compound.<br />
Monica leads business risk and insurance<br />
for Google Cloud, including managing<br />
insurance product development and<br />
partnerships for Google Cloud’s Risk<br />
Protection Program. Monica is also the<br />
Head of Actuarial, Analytics & Systems for<br />
Alphabet’s Business Risk & <strong>Insurance</strong> team.<br />
She is passionate about driving innovation<br />
in the industry through combining her<br />
experience in both tech and insurance. Prior<br />
to her current role at Google, she focused<br />
on managing new and emerging risks<br />
through working closely with Alphabet’s<br />
Other Bets.<br />
Responding to your question more specifically, there<br />
are layers to this. Google focus on developing what<br />
security practitioners call a ‘Zero Trust’ approach, which<br />
means that from a technical perspective, every network,<br />
device, person and service is untrusted until it proves<br />
itself. Access decisions consider multiple factors like<br />
user identity, device health, and context, making it more<br />
difficult for attackers who breach a single device to<br />
move with a network. You never trust and always verify,<br />
which enhances security and reduces the likelihood that<br />
attackers will get in. This is particularly important when<br />
your workforce is distributed and there’s no physical<br />
boundary to where employees are logging in from.<br />
Additionally, we often talk in depth about the importance<br />
of defense, which focuses on multiple layers of<br />
controls and capabilities to protect against the impact<br />
of configuration errors and attacks. This helps with<br />
cyberattacks in the sense that it stops them happening<br />
in the first place, and prevents attackers from moving<br />
laterally.<br />
Monica Shokrai,<br />
FCAS, MAAA, Head of Business Risk and<br />
<strong>Insurance</strong>, Google Cloud<br />
MODERN INSURANCE | 69