Monday, February 17, 2025

How NIS2 Helps Google Cloud Clients Compliance Cybersecurity

The EU’s implementation of NIS2 strengthens cyberthreat protection for citizens, businesses, and governments. In key European economic sectors, NIS2 will ensure security and resilience.

NIS2 also signifies a radical change in the duties and expectations placed on commercial organisations to follow cybersecurity best practices and take security into account when making routine business decisions. To reach a stronger overall security baseline, NIS2 may necessitate significant investments in security systems, personnel, and procedures for European organisations, including Google Cloud clients. Customers should view this as a chance to streamline compliance and manage risk by utilising the cloud as a platform.

Building secure and resilient applications, controlling cyber risks, responding to incidents, and enabling innovative business models built on top of a secure foundation are just a few of the ways that Google Cloud and Google Workspace can assist clients in achieving their NIS2 compliance objectives.

NIS2: Opportunity or problem for compliance?

Tens of thousands of vital and significant organisations in vital industries like energy, transportation, healthcare, financial services, and digital infrastructure are subject to enhanced security criteria outlined in NIS2. Adopting risk management procedures, creating business continuity plans, improving supply chain security procedures, creating cyber hygiene and training initiatives, and putting in place stricter basic security measures are all requirements for covered companies.

Entities are also required to notify the appropriate national authorities of “significant” cyber events. Enforcement actions, such as expensive fines and harm to one’s reputation, may result from noncompliance.

Spending on cybersecurity is already increasing as a result of NIS2 and other laws. ENISA predicts European companies to spend 9% of IT budgets on security in 2024, up from 7.1% in 2023.

Companies struggle to acquire and retain cybersecurity expertise. Organisations that simplify and lower NIS2 compliance costs will be competitive.

At Google Cloud, they are dedicated to helping clients as a reliable partner on their security and compliance journeys because believe in a shared fate. It give clients access to the best technologies in the business to improve visibility into their online assets and manage risks.

By implementing robust inherited controls, such encryption and multi-factor authentication (MFA), it can assist clients in reaching a higher security baseline. For instance, a research by cyber-insurer At Bay found that clients of Google Workspace had three times fewer issues than those of Microsoft 365.

Additionally, streamline IT lifecycle management so that clients can concentrate on running their companies rather than worrying about technical debt. In order to foster confidence and provide on-demand help for customers’ regulatory compliance needs, it also maintain close partnerships with regulators.

In order to achieve their compliance objectives, European clients should give Google Cloud serious consideration.

How Google Cloud can help its customers achieve their NIS2 goals

Google Cloud provides a range of tools and services to assist clients in navigating the NIS2 compliance process.

Risk management

In accordance with worldwide and European standards, covered organisations are required by NIS2 to establish suitable information risk management procedures, such as conducting risk assessments and putting a risk treatment strategy into action.

First, provide a variety of free educational tools on risk governance, such as best practice guides and its Insights Hubs for CISOs and boards of directors, as management is now responsible for managing cyber risks under NIS2. Businesses can use Risk Assessment and important Asset Discovery tool to assess their present IT risks, locate important assets, and see suggestions for enhancing their security posture and resilience even before they move to the cloud.

Customers may use Google Cloud Monitoring to see the availability, performance, and overall health of their infrastructure and apps in real time once they’re in the cloud. Security Command Centre Enterprise gives businesses insight into their security posture and gives them the ability to identify and fix errors and vulnerabilities.

Customers can also benefit from comprehensive compliance capabilities, best practices, and convenient access to documents by partnering with Google Cloud. The security, privacy, and compliance measures outlined in frameworks like ISO/IEC 27001, which are in line with the NIS2 requirements cited in the draft ENISA Implementing Guidance, are regularly independently verified for its products.

Despite not using Google Cloud, organisations can benefit from Mandiant Consulting’s risk management services, including cybersecurity due diligence, penetration testing, and security program audits.

Handling incidents

NIS2 requires covered entities to monitor cyberthreats, report major incidents to national authorities within 24 hours, file a detailed incident report within 72 hours, and publish a thorough final report within a month.

Even the most advanced security teams will be put to the test by these standards in terms of their capacity to identify incidents, collect evidence, and submit reports by the due date all while containing and removing the threat. Google Cloud provides materials and tools to help security teams improve readiness planning, expedite incident response operations, and create collaborative incident management processes.

Google Security Operations (SecOps) provides security professionals with a cutting-edge platform for threat monitoring, detection, investigation, and response for cloud incident management. With the SecOps platform, businesses can use insights from Google Threat Intelligence to monitor new threats, analyse petabytes of information, and work together on cases all on one platform. To speed up reaction and reporting, built-in generative AI enables the creation of personalised incident playbooks on-demand.

Mandiant Incident Response services are available to both Google Cloud customers and non-customers for comprehensive forensic investigation, crisis management assistance, and recovery activities.

Google Cloud will use automated notifications through Personalised Service Health Dashboard and public dashboards to inform customers of service interruptions affecting the underlying goods and services they depend on. Additionally, Google Cloud uses Advisory Notifications to alert users to security and privacy incidents.

Business continuity

NIS2 requires organisations to set up incident response teams and backups to ensure business continuation in the event of major cyberattacks.

The benefits of cloud-based technology for operational resilience are becoming apparent to customers and governments. Google Cloud disaster recovery testing ensures infrastructure will work in numerous catastrophic scenarios. An independent audit confirmed data centres as ISO/IEC 22301 compliant.

Consumers looking for direction on developing dependable apps and strong disaster recovery capabilities can use the Google Cloud Architecture Framework as a starting point. Provide a variety of disaster recovery and managed backup options to shield client workloads from dangers like ransomware. In addition to being a very dependable and secure email and collaboration tool in and of itself, businesses can set up Google Workspace as a fallback in case their main email system is hijacked.

Minimum security requirements

NIS2 mandates that covered organisations implement fundamental security technologies and procedures, including identity and access management, MFA, and encryption.

Google Cloud whitepaper explains how we build security into Google Cloud infrastructure from the ground up, and customers may read it. In order to safeguard Google data centres and network infrastructure, its security strategy begins with overlapping physical protection measures. To confirm the integrity of the software components and authenticate genuine Google devices, employ Titan hardware security chips that have been specially created.

The foundation of Google Cloud’s security strategy is zero trust: in order to stop lateral network movement, infrastructure constantly authenticates and authorises each identity, device, and service. It encrypt connections between data centres as well as client data while it’s in transit.

Additionally, it strengthening security by requiring MFA for all Google Cloud users globally by 2025. For instructions on creating cloud apps that are safe by default, users can also consult the Google Cloud Architecture Framework.

Google Cloud’s strategy for NIS2 compliance

As a covered entity, Google Cloud will be in charge of fulfilling NIS2’s standards for incident handling and cyber risk management while assisting Google Cloud clients with their compliance processes. To show the robustness of its security approach and adherence to all NIS2 criteria, we are collaborating closely with national authorities.

Strong supply chain risk management procedures must be put in place by covered businesses in accordance with NIS2, which also mandates that service level agreements and supplier contracts include minimum security criteria. Customers can examine Cloud Data Processing Addendum to learn more about Google Cloud’s contractual obligations for subprocessor security, vulnerability management, incident notification, physical security, and employee skills and training. For more information, please get in touch with your Google Cloud agent.

Considering the future

Google Cloud is dedicated to fostering a robust and safe digital ecosystem in Europe. It is offering a range of dependable cloud options and sovereign controls as part of Cloud on Europe’s Terms strategy to help clients achieve digital transformation and unleash AI innovation.

We’ve given out thousands of scholarships for the Google Cybersecurity Certificate program to assist European companies in hiring and educating the next generation of cybersecurity experts. Additionally, as part of Cybersecurity Seminars initiative, Google.org will provide $15 million over the course of the next year to promote experiential cybersecurity education at institutions in the Middle East, Africa, and Europe.

Google cloud also pleased to assist the European Union and its member states in their fight against malevolent cyberattacks that target European governments, companies, and citizens. More than a dozen European states already work closely with cybersecurity professionals to exchange intelligence and neutralise threats. It provide free threat analysis materials on Google cloud Threat Intelligence blog for clients and partners of all sizes.

NIS2 is a critical advancement in enhancing the collective cyber resilience of Europe. As a security pioneer and technology supplier, Google Cloud will keep helping its clients as collaborate to create a safer Internet.

Thota nithya
Thota nithya
Thota Nithya has been writing Cloud Computing articles for govindhtech from APR 2023. She was a science graduate. She was an enthusiast of cloud computing.
RELATED ARTICLES

Recent Posts

Popular Post

Govindhtech.com Would you like to receive notifications on latest updates? No Yes