Google Mandiant

Thomas Kurian became the CEO of Google Cloud Platform (GCP) with a modest mandate: Turn Google Cloud into an enterprise cloud platform behemoth. Easy, right? By 2019 “Google” was already a verb because of its search engine dominance and the company’s revenue was north of $136.8 billion. So, why have I been closely tracking Google Cloud’s progress on winning enterprise cloud business? Let’s back up.

When Kurian left Oracle and joined Google, the company was an extremely successful advertising company. At the time, over 85% of Google’s revenue came from advertising. The search engine, email service and lightweight office productivity apps all served the ultimate goal of keeping eyeballs on Google sites so that users could be served more advertisements and increasingly more personalized ads based on a user’s Google interactions.

If You Build it, Will They Come?

Enterprises Require More Than Just Technology From Their Cloud Providers

Google clearly has the scale, tools and technical expertise to provide businesses with what they need from a cloud vendor. When Kurian left Oracle, he was one of the highest-paid technology executives in the world (according to Oracle, his 2017 compensation package was around $36 million). So why would Google hire Thomas Kurian? Because enterprises require their technology and services partners to have more than just great tech. When advising enterprise clients, the following are the top three topics that come up when discussing the selection of a cloud vendor:

  • Industry Expertise: For the enterprise, understanding industry nuances is critical. I recently talked to an executive at a large airline company that fired their large, publicly-traded technology services company because the partners and the services company didn’t truly understand the airline industry. They weren’t using the right terminology and didn’t understand the business pain points.
  • Predictability: Why have large enterprises been hesitant to go all-in on the cloud? They need predictable technology. That doesn’t just mean “stable;” it means that costs, security, usability and service levels must all be predictable. Why, for example, is the mainframe still critically important for many enterprises? Because it is predictable and secure.
  • Ecosystem: Clouds can’t live in isolation. Cloud vendors must have an ecosystem to support enterprise client needs. My number two cloud prediction for 2022 is that we will see an increase in industry-specific ecosystems. Amazon Web Services (AWS), Microsoft Azure and IBM Cloud all have cloud ecosystem strategies focused on financial services.

Thomas Kurian is well aware of the need to play well with other cloud providers and enterprise cloud providers. In fact, the widely held belief is that Kurian left Oracle because he and Oracle CEO, Larry Ellison disagreed on Oracle’s multi-cloud strategy—Kurian wanted Oracle’s packaged applications to be available on other vendors’ cloud platforms.

What Does the Mandiant Acquisition Mean for Google?

It’s clear that Google Cloud is focused on the enterprise. Google has no shortage of DevOps, data, machine learning and artificial intelligence tools to satisfy developers and data scientists. However, what Google needs are more features that enterprises expect from a cloud partner.

Google Cloud isn’t new to cybersecurity—the company has been securing its own cloud since its foundation. In addition, the company has been gaining enterprise traction with Google Workspace and Gmail and the security around these SaaS offerings is paramount.

By acquiring Mandiant, Google Cloud can more closely partner with cloud customers throughout the entire life cycle: From code creation (through a combination of Google’s existing Google Chronicle tools) through testing, threat detection and advisory work around incident response.

My Analyst View

The debate around security and the cloud isn’t even close to being resolved. Many will tell you that cloud vendors invest millions upon millions of dollars more than any other company in the cloud. It’s imperative that cloud vendors don’t experience infrastructure or SaaS security breaches. However, security continues to be a roadblock for cloud adoption—and, most importantly, enterprise cloud adoption. While every enterprise is doing some work in the cloud, many are still reluctant to move critical workloads (especially their sensitive data) to the cloud.

Google Cloud should use Mandiant as the bedrock on which its enterprise cloud security business is built. Rather than having piecemeal parts and partners, businesses want their cloud providers to have opinionated frameworks and best practices. Mandiant has some of the best security minds in the industry and can help Google Cloud customers create secure instances. I expect Google Cloud to provide ready-to-provision cloud environments tailored for specific regulated industries by leveraging Mandiant’s expertise. Of course, customers aren’t going to want to necessarily adopt everything that Google Cloud suggests, and customers should be able to swap out components. However, many businesses are already overwhelmed with the number of cloud partners they have to engage with to create a secure cloud environment.

What Will Microsoft and AWS Do?

I expect AWS and Microsoft Azure will focus their attention on building out enterprise-focused security offerings. I recently wrote about why it made sense for Microsoft to purchase Mandiant. My general feeling was that Microsoft had many security offerings—ranging from simple consumer-grade virus scanning to enterprise offerings—but that the company lacked a cohesive enterprise security strategy. I still believe Microsoft needs to clearly define its enterprise security assets (and more coherently group them together) either through a reorganization and/or an acquisition. Like Microsoft, AWS has hundreds if not thousands of security offerings and partners. Although AWS is the cloud leader, the company is well behind Microsoft and Google in defining its cloud security strategy. The company needs to outline its enterprise cloud strategy, and cybersecurity needs to be one of the linchpins of that enterprise strategy.