Ensuring compliance without compromising on IT modernization initiatives

Cloud providers can play a key role in modernizing how government agencies ensure compliance across their workloads, says security leader Jeanette Manfra.
Jeanette Manfra, Senior Director for Global Risk and Compliance, Google Cloud

Balancing the need to meet today’s security goals and existing compliance mandates demands a more modern approach to cloud workloads, says a former federal security leader now working at Google.

That is why Google Cloud is working to modernize the way it integrates compliance controls into its platform that can help government customers more easily integrate federal and DOD frameworks into their workloads.

“’Compliance without compromise’ means bringing the best of Google in a way that government can use because we are compliant with their various FedRAMP and DOD frameworks,” said Jeanette Manfra, senior director for global risk and compliance at Google Cloud. She made her remarks during an interview at the CyberTalks event in Washington, D.C., on Oct. 20.

Manfra shared three key goals Google has set to modernize the compliance process and support their government customers, including easing the friction between industry tools and government compliance standards, modernizing compliance at the workload to improve how controls are enforced, and facilitating access to modern tools that are compliant with government standards.

Google Cloud’s assured workloads for government provides agencies with a guided process to build compliance-centric workloads that will enable quick and easy control of environments where U.S. data location and personnel access controls are enforced.

Speaking from her prior experience of working as a security leader in at the Department of Homeland Security, she often felt frustrated working with compliance divisions. Manfra explained how to honor compliance regulations, it often “felt that you were making decisions that sometimes didn’t have the security outcomes that you were looking for. And they sometimes seem to be in conflict.”

Now in her new compliance-focused role at Google, Manfra said she can appreciate industry’s role in integrating those compliance requirements so that agencies don’t have to compromise on security in the applications they want to integrate.

This will be particularly important in the upcoming months as the White House Office of the National Cyber Director prepares to release its upcoming National Cybersecurity strategy.

Manfra stressed the importance of the National Cyber Director’s mission, “equipping and ensuring” that federal agencies that have a role to play in cybersecurity “have what they need, the direction that they need, and that resources are not missing.”

Manfra referred to when the White House released its federal zero trust strategy.

“When the executive order was put out, we had a lot of people coming to us and ask, ‘Okay, how do I do zero trust?’” She emphasized the importance that publishing additional guidance and frameworks played with helping agencies understand the journey they are on. However, it is also incumbent on industry players to do what they can to facilitate that journey.

Watch the full interview with Jeannette Manfra at CyberTalks and hear from other government leaders who spoke on how they are using cloud to achieve their mission outcomes at the recent Google Government Summit in Washington D.C.

This article was produced by Scoop News Group for CyberScoop and underwritten by Google Cloud.

Latest Podcasts