Google’s cybersecurity leaders are cautiously optimistic, despite the heady state of threats in the industry. Executives made some predictions during a Wednesday virtual discussion with journalists that, if realized, could significantly alter the state of readiness and defense at large.
Encouraging advancements in identity authentication, inherent defenses in the cloud and a broader technological convergence could narrow pathways for attacks and upend how most organizations approach cyber defense today.
Top executives, including Google Cloud CISO Phil Venables and Heather Adkins, VP of security engineering, said they expect these predictions to materialize during the next five to 10 years.
These four predictions aren’t unique to those responsible for security at Google, but rather many cybersecurity professionals who believe the industry is poised to deliver on its mission with greater efficiency and effect.
Tech convergence will simplify security
A continued convergence of technologies will help simplify security, according to Adkins.
Security controls mandated in regulations and compliance frameworks are going to be built, by default, into all of the widely used operating systems and enterprise systems, Adkins said.
“The need will drive that convergence story and the automation that makes that happen,” she said.
These gains may not immediately change presumptions about the persistent and omnipresent threats facing the industry, but it could eventually have a more long-lasting and positive effect.
“The reality is that everyone's going to get hacked at some point, and the differentiator will become how quickly we recover from that,” Adkins said.
“We're going to raise the bar really high. We're going to make it really hard to hack us,” she said.
Adkins also hopes systems will become more resilient as more organizations take advantage of cloud computing.
Cloud will become a ‘digital immune system’
Consistent updates to cloud infrastructure based on data from vulnerability and threat research will strengthen defenses at scale, Venables said.
The cloud, aided by constant push updates, could act like a “digital immune system,” he said.
“For many organizations, just sitting back and taking those updates, they’re getting a regular increase in security without doing much,” Venables said.
Google’s global perspective on the threats and vulnerabilities it tracks, now aided further with intelligence from Mandiant, drive these security-centric updates in Google Cloud, he said.
Updates could play a significant role in tamping down the threat of ransomware as well, according to Adkins. She envisions reaching a point where organizations can recover quickly when a cloud instance is taken over by ransomware with the push of a button.
“It sort of starts to make some of these attacks fairly irrelevant,” Adkins said.
Deeper integration of security in tech
Royal Hansen, VP of privacy, safety and security at Google, expects security to be far more integrated with technology across the industry.
Instead of the horizontal approach by which much of security is implemented today, Hansen said security will be part of every individual’s experience with technology.
In this digitalized and data-saturated world, it will become progressively important for security to be deeply integrated with the reason someone uses a computer or data, he said.
“Let’s work on the human safety, not just the technical underpinnings,” Hansen said.
This will shift resources in multiple positive ways. Once the constant cycle of patching can be automated, for example, organizations can focus on the business.
This transition, like others, is already underway, according to Parisa Tabriz, VP of Chrome Browser at Google.
“An exciting thing for me is just how interdisciplinary cybersecurity has already gotten,” she said.
“We're kind of addressing some of society's problems as they've moved online, and that requires deep expertise in so many other fields,” Tabriz said. “I think we'll continue to see that because it's just going to be central to our lives and society and the world in general.”
Death of the password
One of the most impactful predictions shared by Google executives involves a core component of almost every security process in place today — passwords.
“I think we will see the death of the password,” Adkins said. “I think we're far enough along the milestones that in the next five to 10 years we'll continue to iterate on things like security keys and passkeys.”
This passwordless future, she said, will change the authentication experience for most individuals and enterprises for the better.