WEBVTT - Google Cloud Chief Information Security Officer on Risk Mitigation

0:00:02.520 --> 0:00:10.160
<v Speaker 1>Bloomberg Audio Studios, podcasts, radio news. You're listening to Bloomberg

0:00:10.240 --> 0:00:13.840
<v Speaker 1>Business Week Daily with Carol Masser and Tim Stenebeck on

0:00:13.960 --> 0:00:15.040
<v Speaker 1>Bloomberg Radio.

0:00:15.720 --> 0:00:18.040
<v Speaker 2>Hey listen, I'd just fresh off his panel. They talked

0:00:18.040 --> 0:00:21.200
<v Speaker 2>about AI and security. Is Philip Vnables. He's chief information

0:00:21.280 --> 0:00:24.080
<v Speaker 2>security officer at Google Cloud. Joining us here in studio.

0:00:25.040 --> 0:00:26.279
<v Speaker 3>How are you all good.

0:00:26.440 --> 0:00:28.480
<v Speaker 4>It's a good day to be here, great place, great

0:00:28.560 --> 0:00:29.120
<v Speaker 4>a great event.

0:00:29.320 --> 0:00:30.120
<v Speaker 3>It is a great event.

0:00:30.160 --> 0:00:32.600
<v Speaker 2>Listen OURBI team they just kind of dig into really

0:00:32.680 --> 0:00:33.800
<v Speaker 2>the specifics of stuff.

0:00:34.600 --> 0:00:35.680
<v Speaker 3>I want to just first start.

0:00:35.680 --> 0:00:38.040
<v Speaker 2>We asked this from our other guest from the Bloomberg

0:00:38.080 --> 0:00:40.120
<v Speaker 2>AI event, and that is when you think about the

0:00:40.120 --> 0:00:42.360
<v Speaker 2>global macro. Here we are in a day where we

0:00:42.440 --> 0:00:45.920
<v Speaker 2>are obviously taking cues actually most days out of news

0:00:45.920 --> 0:00:49.559
<v Speaker 2>from Washington, and whether today it's on tariffs, what of

0:00:50.159 --> 0:00:53.080
<v Speaker 2>tariffs or the global macro think is really top of

0:00:53.120 --> 0:00:55.280
<v Speaker 2>mind for you in what you do on a daily basis.

0:00:55.320 --> 0:00:57.560
<v Speaker 4>So I'm not really kind of involved in the side

0:00:57.560 --> 0:01:00.840
<v Speaker 4>to really kind of talk about tarrorists, but we know

0:01:00.880 --> 0:01:03.880
<v Speaker 4>when you look at the kind of the global geopolitical situation,

0:01:04.360 --> 0:01:06.280
<v Speaker 4>one of the things we see all of our customers

0:01:06.319 --> 0:01:08.760
<v Speaker 4>around the world, they're looking to us for help on

0:01:09.160 --> 0:01:13.759
<v Speaker 4>defending their cyber security, whether it's from criminals or nation states.

0:01:13.800 --> 0:01:17.800
<v Speaker 4>And again they look in any conflict, now, all conflict

0:01:17.840 --> 0:01:20.840
<v Speaker 4>has a cyber security dimension, and so they're looking to

0:01:20.959 --> 0:01:23.800
<v Speaker 4>us as a leading security provider, whether it's on our

0:01:23.840 --> 0:01:25.880
<v Speaker 4>own platform or with our tools to help them.

0:01:25.920 --> 0:01:27.840
<v Speaker 2>Does it pick up because of the tensions that we're

0:01:27.840 --> 0:01:31.280
<v Speaker 2>seeing right now between the US and formally or still

0:01:31.280 --> 0:01:33.600
<v Speaker 2>it's allies, like, are you seeing any kind of uptick?

0:01:33.920 --> 0:01:37.160
<v Speaker 4>Not at this stage either. I mean, and that's not

0:01:37.240 --> 0:01:40.880
<v Speaker 4>necessarily a good news story because there's a constant backdrop

0:01:40.959 --> 0:01:44.320
<v Speaker 4>of cyber attacks all around the world that many companies

0:01:44.319 --> 0:01:46.280
<v Speaker 4>defend against, and so do we, and we help all

0:01:46.280 --> 0:01:47.720
<v Speaker 4>these companies defend themselves.

0:01:47.840 --> 0:01:51.080
<v Speaker 5>But have you've seen a change in perhaps nation states

0:01:51.080 --> 0:01:55.120
<v Speaker 5>such as Russia making attacks or trying to find vulnerabilities

0:01:55.160 --> 0:01:57.960
<v Speaker 5>in your system just in the last couple of months,

0:01:58.000 --> 0:02:01.480
<v Speaker 5>as we've seen a change in policy Russia from the

0:02:01.760 --> 0:02:03.080
<v Speaker 5>not any distinct new level.

0:02:03.120 --> 0:02:06.800
<v Speaker 4>But again there's a constant background level of attack you

0:02:06.960 --> 0:02:12.280
<v Speaker 4>do see, in particular see Russia targeting the supply chains

0:02:12.320 --> 0:02:16.840
<v Speaker 4>of organizations helping the Ukraine war effort. Interesting but that's

0:02:16.960 --> 0:02:20.240
<v Speaker 4>generally kind of all companies involved in that. We defend

0:02:20.240 --> 0:02:22.959
<v Speaker 4>our platform every day against the myriad of attacks.

0:02:23.120 --> 0:02:25.959
<v Speaker 5>Is would you say that there are certain geographies that

0:02:26.440 --> 0:02:31.600
<v Speaker 5>produce more of these attackers? Like where geographically are you defending?

0:02:31.600 --> 0:02:34.280
<v Speaker 4>I mean, I think organized criminals are all around the world.

0:02:34.320 --> 0:02:38.000
<v Speaker 4>There's various concentrations. The big four nations we look at

0:02:38.080 --> 0:02:41.800
<v Speaker 4>all the time as source of attacks Russia, China, North Korea, Iran,

0:02:42.200 --> 0:02:46.120
<v Speaker 4>But cyber offense is a global phenomenon, not just.

0:02:46.400 --> 0:02:48.280
<v Speaker 5>Those those who's the most sophisticated.

0:02:48.880 --> 0:02:51.280
<v Speaker 4>I think, you know, you look at China's attacks recently

0:02:51.320 --> 0:02:53.600
<v Speaker 4>and some of the well publicized events, the so called

0:02:53.639 --> 0:02:57.880
<v Speaker 4>vault typhoon and salt typhoon events that have originated in China.

0:02:58.360 --> 0:03:00.160
<v Speaker 4>I mean, I think a lot of these nations are

0:03:00.200 --> 0:03:03.160
<v Speaker 4>quite sophisticated. I think China has been the more aggressive

0:03:03.200 --> 0:03:06.200
<v Speaker 4>and assertive in recent times. Russia has got a history.

0:03:06.360 --> 0:03:09.640
<v Speaker 4>But they're all they're all still still maintaining their offense.

0:03:09.800 --> 0:03:11.640
<v Speaker 2>All right, So what does wiz brig you I got

0:03:11.639 --> 0:03:14.399
<v Speaker 2>to say when this deal crossed the Bloomberg term, of course,

0:03:14.440 --> 0:03:18.120
<v Speaker 2>you guys thirty two billion dollar acquisition. Whiz a startup

0:03:18.120 --> 0:03:19.919
<v Speaker 2>biggest cybersecurity focused.

0:03:19.560 --> 0:03:23.880
<v Speaker 3>Deal in history. Why do this deal? What does it

0:03:23.880 --> 0:03:24.359
<v Speaker 3>bring you guys?

0:03:24.400 --> 0:03:26.720
<v Speaker 4>Well, so it's all about multi cloud. So one of

0:03:26.760 --> 0:03:30.119
<v Speaker 4>the things we encounter in our support for our customers

0:03:30.280 --> 0:03:33.200
<v Speaker 4>is most of our customers are running on multiple clouds.

0:03:33.200 --> 0:03:36.480
<v Speaker 4>They have on premise environments, they have multiple SaaS companies,

0:03:36.800 --> 0:03:38.640
<v Speaker 4>and the big important thing is how do they maintain

0:03:38.680 --> 0:03:42.680
<v Speaker 4>a layer of security consistently across all of that. Wiz

0:03:42.720 --> 0:03:45.200
<v Speaker 4>has grown a tremendous product and business to do that.

0:03:45.560 --> 0:03:48.640
<v Speaker 4>We already have been focused on multi cloud security, multi

0:03:48.640 --> 0:03:51.800
<v Speaker 4>cloud operations, multi cloud tooling, and so it's a natural

0:03:51.840 --> 0:03:55.720
<v Speaker 4>affinity for us. How do we support customers where they

0:03:55.760 --> 0:03:58.040
<v Speaker 4>are in multiple clouds? That's the big impetus.

0:03:58.160 --> 0:04:00.760
<v Speaker 3>Is AI going to complicate all of this language models?

0:04:00.800 --> 0:04:02.800
<v Speaker 2>And it just feels like the buildout continues fill and

0:04:02.840 --> 0:04:04.240
<v Speaker 2>whether it's on premise or not.

0:04:04.520 --> 0:04:07.200
<v Speaker 4>I mean, we think AI actually gives a defenders a

0:04:07.280 --> 0:04:11.360
<v Speaker 4>more structure, structurally gives defenders an advantage versus attackers. Right now,

0:04:11.600 --> 0:04:16.479
<v Speaker 4>attackers are using AI, they're using it for misinformation, disinformation, frauds,

0:04:16.520 --> 0:04:20.920
<v Speaker 4>many things. But from a defensive purpose, AI empowers defenders

0:04:21.279 --> 0:04:23.760
<v Speaker 4>because we have the data, we have the context. We

0:04:23.839 --> 0:04:26.560
<v Speaker 4>have the ability to use it unique to our organization,

0:04:26.640 --> 0:04:28.839
<v Speaker 4>and our customers are finding that, and so there's a

0:04:28.920 --> 0:04:32.239
<v Speaker 4>structural advantage in how defenders use AI. Now, of course

0:04:32.279 --> 0:04:35.440
<v Speaker 4>they've got to take advantage of that advantage obviously, but

0:04:35.520 --> 0:04:38.680
<v Speaker 4>generally speaking, we're seeing more advances in the defensive use

0:04:38.720 --> 0:04:42.360
<v Speaker 4>of AI than we're currently seeing on offensive use of AI.

0:04:42.760 --> 0:04:45.040
<v Speaker 4>But the attackers are going to make use of AI

0:04:45.080 --> 0:04:45.880
<v Speaker 4>in the future as well.

0:04:46.120 --> 0:04:49.080
<v Speaker 5>Can you characterize how many steps in general you are

0:04:49.120 --> 0:04:51.880
<v Speaker 5>ahead of the most advanced attackers.

0:04:52.680 --> 0:04:54.800
<v Speaker 4>It's hard to do a kind of comparison like that

0:04:54.880 --> 0:04:57.400
<v Speaker 4>because you always have to look at specific attacks. But

0:04:57.520 --> 0:04:59.840
<v Speaker 4>the thing, main thing we're focused on with our threat

0:04:59.839 --> 0:05:04.680
<v Speaker 4>in intelligence capability, our defensive capability is just constantly, relentlessly

0:05:04.839 --> 0:05:09.560
<v Speaker 4>upgrading our infrastructure and then providing that security upgrade to

0:05:09.600 --> 0:05:11.800
<v Speaker 4>our customers through our platform and products.

0:05:11.800 --> 0:05:13.800
<v Speaker 5>How quickly are things moving right now, especially on the

0:05:13.839 --> 0:05:16.080
<v Speaker 5>AI front. I speak to some folks in the AI

0:05:16.120 --> 0:05:20.760
<v Speaker 5>world who say we're making leaps and bounds within twelve

0:05:20.839 --> 0:05:25.400
<v Speaker 5>week periods at this point. The piece of innovation is unbelievable.

0:05:25.440 --> 0:05:27.560
<v Speaker 4>Oh yeah, I mean, I think the pace of innovation

0:05:27.800 --> 0:05:32.159
<v Speaker 4>is increasing, whether it's on model development, whether it's on

0:05:32.240 --> 0:05:35.440
<v Speaker 4>the platforms that run the models, that contain the tooling

0:05:35.480 --> 0:05:37.239
<v Speaker 4>to let people get the best out of the models,

0:05:37.520 --> 0:05:39.320
<v Speaker 4>all the way up through what we're seeing now in

0:05:39.400 --> 0:05:42.800
<v Speaker 4>a revolution of how we're deploying AI agents to orchestrate

0:05:43.200 --> 0:05:47.320
<v Speaker 4>business processes and ultimately parts of our lives. And we're

0:05:47.360 --> 0:05:49.279
<v Speaker 4>all working very hard to look at how do we

0:05:49.360 --> 0:05:53.280
<v Speaker 4>make sure the agent environment is secured in the same

0:05:53.279 --> 0:05:54.520
<v Speaker 4>way that we would expect.

0:05:54.560 --> 0:05:58.159
<v Speaker 2>How fast is all of this happening, The changes, the

0:05:58.560 --> 0:06:01.160
<v Speaker 2>challenges like we keep up Deep Seek and how that

0:06:01.279 --> 0:06:03.200
<v Speaker 2>was you know earlier this year kind of a rethink

0:06:03.200 --> 0:06:06.640
<v Speaker 2>all of a sudden, And I'm just curious how you

0:06:06.640 --> 0:06:08.160
<v Speaker 2>guys are seeing it, because you're dealing with a day

0:06:08.200 --> 0:06:09.680
<v Speaker 2>in and day out. We obviously get the headlines, We

0:06:09.680 --> 0:06:12.000
<v Speaker 2>get the announcements from the different companies and try to

0:06:12.040 --> 0:06:13.800
<v Speaker 2>keep up and watch what investors are doing.

0:06:13.839 --> 0:06:14.640
<v Speaker 3>But I'm just curious.

0:06:14.680 --> 0:06:16.120
<v Speaker 4>So we're seeing it in terms, I mean, where one

0:06:16.120 --> 0:06:18.440
<v Speaker 4>of the few companies that has the whole stack of AI,

0:06:18.640 --> 0:06:21.520
<v Speaker 4>from the models to the hardware, to the software, to

0:06:21.600 --> 0:06:25.160
<v Speaker 4>the platform infrastructure, and so we see in every part

0:06:25.160 --> 0:06:29.680
<v Speaker 4>of what we do, constant innovation and meeting customer expectations

0:06:29.680 --> 0:06:32.320
<v Speaker 4>and future custom in demand. We also see it because

0:06:32.320 --> 0:06:35.800
<v Speaker 4>we host many other models on our platform. A big

0:06:35.839 --> 0:06:37.680
<v Speaker 4>part of the value is the platform we bring where

0:06:37.720 --> 0:06:40.200
<v Speaker 4>customers can choose not just our models, but other models

0:06:40.240 --> 0:06:40.599
<v Speaker 4>as well.

0:06:40.640 --> 0:06:42.919
<v Speaker 2>So what's right in the narrative that's being talked, certainly

0:06:42.920 --> 0:06:44.760
<v Speaker 2>in the investment world, what's maybe wrong?

0:06:46.320 --> 0:06:48.880
<v Speaker 4>I don't think and not really seeing anything that's wrong.

0:06:48.920 --> 0:06:52.120
<v Speaker 4>I think mainly people are looking across the environment and

0:06:52.160 --> 0:06:55.480
<v Speaker 4>seeing how can we make best use of this technology

0:06:55.800 --> 0:06:59.520
<v Speaker 4>to fit our particular business need. And we're seeing more

0:06:59.560 --> 0:07:03.080
<v Speaker 4>and more prizes with our help, getting more sophisticated about

0:07:03.120 --> 0:07:06.480
<v Speaker 4>how quickly they cannot just tap into the innovation but

0:07:06.520 --> 0:07:09.120
<v Speaker 4>make that innovation productive in their business.

0:07:09.680 --> 0:07:12.120
<v Speaker 5>You mentioned the agentic side of things, and I want

0:07:12.120 --> 0:07:15.040
<v Speaker 5>to talk there a little bit as far as defense

0:07:15.080 --> 0:07:18.720
<v Speaker 5>and offense go. Something that I could imagine concerning people

0:07:18.720 --> 0:07:21.760
<v Speaker 5>in your position would be the information that agents have

0:07:22.040 --> 0:07:24.480
<v Speaker 5>and the information that agents are given. How do you

0:07:24.600 --> 0:07:27.440
<v Speaker 5>ensure that what agents are doing, whether from a consumer

0:07:27.480 --> 0:07:30.720
<v Speaker 5>perspective it's booking a vacation or booking flights, which you

0:07:30.720 --> 0:07:32.880
<v Speaker 5>can do, you know, with Chad Shept's two hundred dollars

0:07:32.880 --> 0:07:35.880
<v Speaker 5>a month plan how do you make sure that the

0:07:35.920 --> 0:07:39.160
<v Speaker 5>information that they have stays safe, stays secure and it

0:07:39.200 --> 0:07:40.640
<v Speaker 5>really isn't used for bad stuff.

0:07:40.760 --> 0:07:43.640
<v Speaker 4>Well, so it all comes down to who's building those agents,

0:07:43.680 --> 0:07:45.560
<v Speaker 4>And this is why I think it's important in this

0:07:45.680 --> 0:07:46.400
<v Speaker 4>environment to.

0:07:46.360 --> 0:07:48.280
<v Speaker 3>Be well, the way it's going, everybody's going to be

0:07:48.280 --> 0:07:49.280
<v Speaker 3>able to know that's right.

0:07:49.120 --> 0:07:51.960
<v Speaker 4>And so ultimately you're going to have like the tools

0:07:52.000 --> 0:07:57.800
<v Speaker 4>we provide people help people build agents that have privacy properties,

0:07:57.840 --> 0:08:01.000
<v Speaker 4>are controlled, are secured. But ultimate we're all going to

0:08:01.000 --> 0:08:03.520
<v Speaker 4>be responsible for making sure we look at the you know,

0:08:03.560 --> 0:08:06.440
<v Speaker 4>the agents we choose to use should have a degree

0:08:06.440 --> 0:08:09.400
<v Speaker 4>of trust from the companies we get them from. Now,

0:08:09.440 --> 0:08:12.240
<v Speaker 4>we and many other companies are working on multiple different

0:08:12.240 --> 0:08:15.800
<v Speaker 4>standards and frameworks to equip everybody through the platforms with

0:08:15.840 --> 0:08:19.000
<v Speaker 4>the ability to run agents securely. But there's a lot

0:08:19.000 --> 0:08:20.880
<v Speaker 4>of work still to be done on how you would

0:08:20.880 --> 0:08:24.200
<v Speaker 4>delegate your privilege to an agent to act on your behalf,

0:08:24.240 --> 0:08:25.360
<v Speaker 4>and everybody's working on it.

0:08:25.640 --> 0:08:28.640
<v Speaker 2>Yeah, the autonomous right I mean in terms of agents

0:08:28.720 --> 0:08:31.040
<v Speaker 2>and like being able to kind of keep going and

0:08:31.200 --> 0:08:32.719
<v Speaker 2>make decisions and stuff like that.

0:08:32.880 --> 0:08:36.120
<v Speaker 4>True, well, and make decisions under the constraints you give it.

0:08:36.240 --> 0:08:38.439
<v Speaker 3>Right, the pull in stuff that you don't necessarily want

0:08:38.480 --> 0:08:39.280
<v Speaker 3>them to do right.

0:08:39.559 --> 0:08:43.040
<v Speaker 4>And how how a company constructs an agent to act

0:08:43.080 --> 0:08:45.600
<v Speaker 4>on your behalf and give you the transparency and feedback

0:08:45.600 --> 0:08:47.640
<v Speaker 4>about what you wanted to do is going to be

0:08:47.679 --> 0:08:49.760
<v Speaker 4>a key differentiator for companies that build these things.

0:08:49.800 --> 0:08:51.680
<v Speaker 5>Hey, thirty seconds before we let you go, I always

0:08:51.679 --> 0:08:54.000
<v Speaker 5>like to ask people in your position for one tip

0:08:54.040 --> 0:08:56.839
<v Speaker 5>on how we can stay safe in this new cyber world.

0:08:57.000 --> 0:09:00.880
<v Speaker 4>So use talking about gain here. Use the platforms and

0:09:00.960 --> 0:09:04.040
<v Speaker 4>the security defaults we built into the platforms. So we

0:09:04.120 --> 0:09:07.079
<v Speaker 4>spend a lot of time thinking about how we ship product,

0:09:07.120 --> 0:09:09.839
<v Speaker 4>how we ship platforms. We make the defaults as strong

0:09:09.840 --> 0:09:13.000
<v Speaker 4>as we can to protect people who come onto the platform.

0:09:13.280 --> 0:09:15.760
<v Speaker 4>Use the defaults, use the secure by design that we

0:09:15.840 --> 0:09:17.400
<v Speaker 4>provide and that people go along with.

0:09:17.640 --> 0:09:20.360
<v Speaker 3>All right, grit stuff, Thank you awesome, so appreciate it.

0:09:20.720 --> 0:09:24.559
<v Speaker 2>Phil Vennable's Chief Information security Officer, Google Cloud, joining us

0:09:24.559 --> 0:09:25.560
<v Speaker 2>here in studio