What the Mandiant acquisition says about IoT security

This September,  Google announced that it had acquired the cybersecurity firm Mandiant. While this may seem like a routine acquisition, we discuss the implications of this move on cloud security as a whole.

As of July 2022, Google had acquired over 240 companies for over USD 26 billion. So when Google announced that it was acquiring Mandiant for a whopping USD 5.4 billion, heads turned!

Why did Google want to spend a fifth of its acquisition total on a single company?

The answer to this question lies in the intricately complex world of cloud security, and in turn, IoT security.

The security woes of Google Cloud

Google Cloud is one of the biggest players in the IoT industry right now, alongside AWS, IBM, and Azure. With these giants competing, Google has not been able to rake in the market share with just its brand. Moreover, the target audience seems to care more about reliability than the brand when it comes to cloud solutions.

Security is one of the key factors by which the current cloud solutions are being evaluated. And Google has definitely had its share of security issues. Let us take a quick look at some of the common recent ones.

Data breach

Google has been at the receiving end of multiple hacks and data breaches. In 2018, Google faced a data breach that leaked the account information of over 800,000 Google cloud customers.

To be fair to Google (or literally any tech company), there is no such thing as foolproof security on the internet. As technology progresses, so do the means of hacking. The only way to stay ahead of the curve is to constantly review and update your security measures.

However, data breaches are considered to be one of the most likely security issues to occur on Google cloud, and Google is aware of this.

Misconfiguration

Recently, a cloud incident response firm Mitiga found a misconfiguration on Google Cloud that could allow hackers to target edge devices, and this flaw could not be stopped by firewalls either. Google responded to this report and ensured that while it was not a flaw, it could be dangerous.

With Google Cloud, there are various security risks that may come with even slight misconfigurations such as disabled logging and API key inventory.

Access management

As native systems have moved to cloud, access management has become complex. Physical servers are much easier to monitor as access can be restricted in obvious ways. However, with the widespread adoption of cloud, this process has changed significantly.

One would argue that the cloud should be able to offer a more customized access management solution. And while this is true, the admin are not always upskilled as businesses move to the cloud. Additionally, G Suite requires a cloud access security broker (CASB) to manage access for multiple users, and there are very few inbuilt access management features.

Account takeover

Another major issue with Google Cloud is account takeover. This is basically an elaborate hack where malicious actors get a hold of your account credentials and use them to take over your account. The problem with this is that it is nearly impossible to detect account takeover unless it is reported.

Google Cloud users have a lot 0of sensitive data on their accounts and data theft due to takeover can be a big blow to their business. Moreover, these compromised accounts are used in their botnet to mine cryptocurrency or target other accounts in a similar fashion

The Mandiant solution

Mandiant was known for intelligent security solutions even before Google acquired it. With a previous acquisition by FireEye in 2013 for USD 1 billion and a notorious report that presented evidence of cyber espionage by China, Mandiant wasn’t a small startup with potential that got lucky.

Mandiant’s acquisition by Google is a strategic step in order to combat the growing concerns over Google Cloud’s security. Mandiant enjoys strong goodwill among the tech community for its several reports that notify the community of security threats. Along with using Mandiant’s native expertise to improve security for Google Cloud solutions, Alphabet also plans to use Mandiant’s reputation to improve its credibility.

What remains to see is how well this strategy works out. Users have already started wondering how the acquisition will affect the reporting of Mandiant. One user on Hackernews expressed his opinions strongly,

“Now it's the time to start migrating away, Google will make it:

- more expensive

- more bloated

all while making it:

- less useful

- dumbed down

and in the end

- retire it with a short notice.”

We can just hope that this considerable investment in Mandiant will not go down as this user has predicted.

What this means for IoT security

As of now, Mandiant functions as a subsidiary of Google Cloud, as opposed to being merged with GC entirely. Given the way things have progressed so far, this acquisition can affect IoT security in the following ways.

Depending on how well Mandiant is assimilated into Google cloud, some changes may occur, such as:

• A more standardized approach to access management and user privileges
• A constantly evolving security protocol for evolving technologies.
• Outreach to users for better password and login security.
• Refined filters to weed out phishing attacks and spam.
• Improved edge security.
• A more complete security approach for IoT wherein all the layers of architecture are secured equally.

Given that Alphabet is in a unique position to make these improvements and establish standards, we can only hope for the best. However, cybersecurity needs to be a global responsibility, as opposed to that of a handful.