Google Cloud’s security arm is stepping up its engagement with government departments as states explore establishing dedicated cybersecurity operations centres (SOCs) and seek structured threat-intel partnerships.
Public Sector Priority
The company has been working with central and state departments and has recently released a paper with Deloitte on state-level cyber shielding, aimed at helping governments build end-to-end visibility into their security landscape, Jyoti Prakash, head of security – Google Cloud, India & Saarc countries, told FE.
However, the pace of public sector transformation remains measured. “The movement has not been as fast as we have expected, but cloud adoption from government side is a complex exercise,” he said, adding large-scale digitisation must balance efficiency gains with national security sensitivities.
DPDP and Multi-Cloud Complexity
Simultaneously, the firm is seeing conversations triggered by the digital personal data protection (DPDP) law intensify across enterprises. While companies are beginning to plan for the 12-18-month compliance window, Prakash said the demand is less about buying new tools and more about understanding how to operationalise the law’s requirements.
“Product and tools will become very incidental,” he said, adding the DPDP framework needs to be viewed through the lens of outcomes rather than point solutions. With requirements such as encryption, masking, tokenisation and strict access controls — alongside the 72-hour breach notification rule — companies are prioritising monitoring depth, data visibility and timely signal detection. The emerging challenge, he noted, is scale.
Enterprises must maintain the ability to continuously track high-volume data flows, identify anomalies and generate the right alerts early enough to respond within stipulated timelines.
“Only once you know (of a security incident), can you go to the data protection board within 72 hours,” Prakash said.
Apart from DPDP-led conversations, he said that the firm is engaging with large conglomerates to solve their digital transformation needs. Large conglomerates — often spanning dozens of subsidiaries across sectors — require sector-specific use cases, domain understanding and advisory support that complements the technology stack. The firm has been running compromise assessments, incident-response assistance and consulting-led engagements across these organisations.
This is one of the areas where the divergence between legacy firms and digital natives becomes sharp. Digital-first companies have matured cloud adoption and are increasingly focused on securing AI-driven attack surfaces, Prakash noted, while conglomerates still require deeper domain alignment, process redesign and standardisation across business units.
Multi-cloud adoption adds another layer of complexity. Organisations using different cloud platforms are increasingly demanding a unified security posture, particularly as misconfigurations and cloud-origin vulnerabilities rise. “More than 60% of the risk and vulnerability that we are seeing is coming out of the cloud,” Prakash said, reiterating the need for a unified posture on cloud security as ecosystems become more complex as the scale of data processing continues to grow.
