Partner POV | Google Public Sector achieves Top Secret and Secret cloud authorization
In this article
Article written by Leigh Palmer, Vice President, Technology, Strategy and Delivery, Google Public Sector.
Google Public Sector is dedicated to empowering digital transformation across the public sector. Customers throughout the federal government are using Google Cloud products — the Defense Innovation Unit (DIU) is deploying Google Cloud to develop AI models to assist augmented reality microscope (ARM) detection of certain types of cancer; the U.S. Air Force is using Vertex AI to overhaul their manual processes; and the U.S. Air Force Rapid Sustainment Office (RSO) is using Google Cloud technology for aircraft maintenance.
At Google Cloud Next, we're thrilled to announce another significant milestone for Google Public Sector: the authorization of Google Distributed Cloud Hosted (GDC Hosted) to host Top Secret and Secret missions for the U.S. Intelligence Community, and Top Secret missions for the Department of Defense (DoD). This authorization underscores Google Public Sector's commitment to empowering government agencies with secure, cutting-edge technology.
GDC Hosted is an air-gapped cloud solution built specifically for stringent security requirements, allowing U.S. intelligence and DoD agencies to host, control, and manage their infrastructure and services in a highly secure environment, while leveraging the power of advanced cloud capabilities like data analytics, machine learning (ML), and artificial intelligence (AI). Examples of Top Secret and Secret data include government personnel records, information around pending cyber threats, geospatial data used for maps, language translation in support of humanitarian efforts, and more.
Technology with security at its core
Public Sector customers require the highest level of assurances for data protection. With this in mind, Google developed GDC Hosted with a security-first approach, leveraging Zero Trust principles, Google best practices, and the latest federal guidelines. Some examples include:
- Application security: To protect against software supply chain attacks, all GDC Hosted software is developed in accordance with the Supply-chain Levels for Software Artifacts (SLSA) security framework.
- Hardware security: Hardware for the platform also meets strict supply chain requirements, and select components are assessed by a dedicated hardware security team to identify hardware-based vulnerabilities.
- Cryptography: The platform also uses CNSA 2.0 and FIPS 140-2/3 validated cryptography to protect data at rest and in transit, which means they have been rigorously tested for security and vetted by an independent, accredited laboratory.
- Mandiant Public Sector Security Operations: The team behind GDC Hosted's security is powered by Mandiant expertise, with industry-leading cyber advisement, detection and response, and proactive security engagement to meet the highest standards for GDC Hosted.
Next-gen cloud services for secure missions
GDC Hosted enables U.S. government customers to gain access to integrated cloud services, including compute, storage, and advanced AI tools from Google Cloud, such as:
- Vertex AI: Agencies can deploy Google Cloud's commercial-grade solution for pre-trained AI and ML models such as optical character recognition (OCR), translation API (with more than 200 languages), speech-to-text, and tooling for customers to build custom machine learning models in Workbench.
- Virtual Machine Manager and Google Kubernetes Engine: Government customers can provision and deploy virtual machines (VMs) and manage VMs through their life cycles. They can also deploy Kubernetes-native container applications that are widely consumed and supported on Google Kubernetes Engine (GKE) to GDC Hosted.
- Database services: Government agencies can use the GDC Hosted database service to support PostgreSQL and Oracle database engines (with customer-provided licenses).
- Storage: Agencies can tap into secure, reliable, durable, and low-latency block storage that VMs and containers can access like physical disks. GDC Hosted also offers object storage which can handle large amounts of unstructured data.
- Identity and Access Management: Government organizations' access to GDC Hosted is based on the principle of least privilege. GDC Hosted can integrate with an existing identity provider using SAML 2.0 and OIDC for federation. Role-based and attribute-based access control enables Google to authorize access to cloud infrastructure and enables customers to authorize access to cloud workloads.
- Key Management Service: Customers can centrally manage their own cryptographic keys in FIPS 140-2 key storage.
Built for openness
GDC Hosted is designed around Google Cloud's open cloud strategy and uses leading open source components in its platform and managed services. This openness includes support for managed open source services operated by our partners that are tightly integrated into the platform, providing a seamless user experience across management, billing, and support.
Empowering national security with cutting-edge technology
This authorization marks a significant step forward in Google Cloud's mission to support the U.S. government's modernization efforts. GDC Hosted offers agencies the ability to:
- Modernize IT infrastructure to improve their efficiency, communication, and security postures with advanced cloud solutions.
- Leverage AI and data tools to gain valuable insights and make informed decisions on ever-increasing volumes of data.
- Scale effortlessly to adapt to dynamic requirements with a scalable cloud infrastructure.
- Operate in a secure, air-gapped environment to ensure the safety of sensitive data with robust security measures.
GDC Hosted provides the U.S. government with a powerful and secure cloud solution to address its most critical missions. Google Cloud is committed to being a trusted partner and enabling public sector agencies to achieve their goals with the highest levels of security and innovation.