Cloud Security Podcast by Google EP273 From CISA to Cloud: AI Assurance, Concentration Risk, and the New Regulatory Frontier
Apr 20, 2026
Jeanette Manfra, VP and Head of Risk and Compliance at Google Cloud and former CISA leader, reflects on cloud security, privacy, and regulation. She explores how cloud reshapes security vs privacy, concentration and systemic risks, the fate of shared responsibility, AI helping map rules to controls, and balancing logging with privacy.
AI Snips
Chapters
Books
Transcript
Episode notes
Cloud Democratizes Security For Organizations
- Cloud democratizes advanced security by delivering economies of scale and built-in capabilities that many organizations couldn't afford on their own.
- Jeanette Manfra moved from government to Google Cloud after seeing cloud's potential to improve security, transparency, and audibility for critical organizations.
Think Of Centralization As Layered Concentration Risk
- Centralization is better framed as concentration risk across layers: provider market, customer dependency, and regional reliance.
- Regulators focus on operational and systemic resilience, prompting firms to map single points of failure across functions and supply chains.
Decompose Systems To Find Hidden Single Points Of Failure
- Decomposing critical systems by function reveals unexpected common software dependencies and single points of failure.
- That functional view helps regulators and companies design systemic resilience beyond assessing individual organizations.
