Google is partnering with the Financial Services Information Security and Analysis Center's (FS-ISAC) Critical Provider Program, becoming the first and only major cloud provider to join the group. The new collaboration, announced Thursday, aims to enhance supply chain security in financial services by providing resources and services to defenders and leaders within the industry.
Consulting to members of FS-ISAC will be through the Google Cybersecurity Action Team. That team is composed of former industry CISO and global leaders that have a deep understanding of the financial ecosystem and the security challenges it faces, said David Stone, solution consultant at Google Cloud's Office of CISO.
The FS-ISAC consortium describes itself as "the only global cyber intelligence sharing community solely focused on financial services." The global organization represents 7,000 member financial firms across 70 countries.
The tech giant will also provide real-time incident response advisory, while sharing first-hand threat intelligence, including unique insights from Threat Horizon reports, to the community members.
"We acknowledge that the financial industry is a complex ecosystem. While Google has committed to bolstering security defense, our partnership with FS-ISAC aims to enhance resilience throughout financial organizations, from the boardroom to the practitioners. Ultimately, this should be displayed to customers to ensure the systems are secure and reliable across various aspects," Stone said.
Cybersecurity risks to the financial industry have continued growth in recent years despite the industry being heavily regulated to protect customers' data. In a February report, U.S. Treasury Department highlighted several security challenges as financial companies have increasingly moved their operations to cloud platforms. While acknowledging the benefits of cloud technology, the department said the financial sector needs to work with different parties to ensure a "safe and effective migration."
Chief among those risks are incidents tied to SolarWinds, Accellion, Kaseya, and Log4j, which highlights third-party suppliers risk, pointed out Ariel Weintraub, CISO and head of enterprise cyber security at MassMutual in an FS-ISAC Insight column.
"FS-ISAC partnership with Google forges deeper relationships between financial services institutions and critical providers of network infrastructure and security," Steve Silberstein, chief executive officer at FS-ISAC, told SC Media in an interview.
"We are seeing providers like Google Cloud recognize their significance in the financial services supply chain and operate to protect the sector. This contribution goes beyond a rigid definition of the safety of individual organizations and extends to engaging critical parts of the supply chain to reduce the risk of the entire ecosystem."
In August 2021, Google announced its commitment to invest $10 billion over the next five years to strengthen cybersecurity via the promotion of zero-trust programs, enhancing open-source security and hardening the underlying technologies tied to software supply chains.
Both Stone and Silberstein highlighted that reducing the supply chain risk is a "team sport" and encouraged more providers to step up.
Silberstein said that FS-ISAC is "in active discussion with a selected few other parties" regarding their participation in the Critical Provider Program but did not specify their names.
Formed in 1999, FS-ISAC was formed in response to Presidential Decision Directive 63 signed by President Clinton. The directive "mandated that public and private sectors share information about physical and cybersecurity threats and vulnerabilities to help protect the US critical infrastructure via Information Sharing and Analysis Centers (ISACs)," according to a description of the FS-ISAC.