Search the Community

AWS Resilience Hub is pleased to announce two new service enhancements, including Payment Card Industry (PCI) certification and AWS Migration Acceleration Program 2.0 (MAP 2.0) availability. View the full article

Log centralization and analysis are crucial for organizations in troubleshooting system errors, identifying cybersecurity threats, and adhering to various regulations such as The Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Payment Card Industry Data Security Standards (PCI), Cybersecurity Maturity Model Certification (CMMC), and more. While contemporary SIEM solutions have simplified log management, features like threat intelligence and advanced event correlation are often restricted to paid, closed-code systems. This article will walk you through deploying log collectors, a comprehensive log management solution, and correlation rules using UTMStack, an open source and free SIEM and XDR solution, for effective threat detection, system error identification, and automated remediation. Technology and Architecture Overview Deploying UTMStack for log centralization and analysis involves three main components: log collectors aka agents, a central server for log centralization, and correlation rules for detection and incident response. Agents: These collect logs from systems and execute local and remote incident response commands. Agents can also function as proxies for collecting syslog and netflow logs from network devices. Central Server: This server stores and correlates logs from various assets like other servers and firewalls to identify potential threats and orchestrates incident responses across the IT ecosystem. Correlation rules and Incident Response: These detect possible threats to system security and availability by correlating logs from multiple systems with threat intelligence and predefined malicious sequences of behaviors and compromise indicators. Once a correlation rule evaluates a group of logs as potentially malicious, an alert triggers the incident response command. Deploying the Open Source Security Stack Log Centralization Server The log centralization server can be deployed using an ISO image from the utmstack website for simplicity. For advanced installation options, please visit the official GitHub repository https://github.com/utmstack/UTMStack Here are the instructions for installing without the ISO on Ubuntu Linux 22.04 LTS. After installation, access the server via a browser using the server’s IP address or DNS name and the random secure password provided by the installer. Deploying Log Collectors Navigate to the “Integrations” section and select the appropriate agent for your operating system. Additional integrations can be configured as needed. Defining Correlation Rules and Incident Response Correlation rules form the core of a log management system, defining which logs or combinations thereof should trigger an alert or incident. UTMStack uses these rules as a basis for Incident Response playbooks. Let’s take, for instance, a brute-force attack. This type of cybersecurity threat attempts to guess a user’s password by trying massive random combinations of characters until the correct sequence matches the user’s credentials. These types of attacks usually leave behind a trail of logs that indicate a user has failed to log into a system several times in a short period of time. You can access the complete list of prebuilt correlation rules and the guide to creating new ones from the official UTMStack repository. For this guide, we’ll create a sample correlation rule to detect brute-force attacks. UTMStack correlation rules are written in plain YAML and have three main components. Threat documentation that describes the rule, defines a tactic category of attack, severity and name of the rule. The second component is the logic and frequency block, where the rules for triggering this alert are defined. Finally, the alert information block, where the information is extracted from the logs and saved into the alert item. These YAML rules can be saved as text files and copied into the correlation rules folder via the Web User interface. Any rules uploaded there will be processed by the correlation engine automatically. All logs the system receives are aggregated and correlated for indicators of compromise (IOCs) using several open threat intelligence feeds. This feature is enabled by default, and there is no need for custom correlation rules or configurations. Finally, to deploy the incident response playbooks, navigate to the incident response automation section and drop a command to disable future login attempts from the offender host. This can be done by blocking its IP in the firewall or disabling the victim user until further investigation can be done. UTMStack’s Incident response commands use dynamic variables to handle the execution of commands with different targets. Here are some examples. Command to block a user: usermod -L ${source.user} Command to block an IP iptables -A INPUT -s ${source.ip} -j DROP Summary Log centralization and analysis are essential for security, availability, and compliance. Open source tools can deliver advanced flexibility and rich feature sets to meet complex use cases and deliver an enterprise-ready experience. The UTMStack open source project is a powerful SIEM and XDR system that can deliver log management, threat detection and incident response by correlating and aggregating logs in real-time. Advanced features such as IOC detection, threat intelligence, and compliance are built-in features of the security stack. Join Our Community and Contribute We’re always looking for passionate individuals to contribute to our project. Whether you’re a developer, security expert, or just enthusiastic about cybersecurity, your input is valuable. Here’s how you can get involved: GitHub Repository: Visit our GitHub repository to explore our code, submit issues, or contribute enhancements. Your code contributions can help us improve and expand UTMStack’s capabilities. Discord Channel: Join our Discord community to discuss with fellow contributors, share ideas, and collaborate on projects. It’s a great place to learn from others and contribute your expertise. Online Chat and Forums: For quick questions or discussions, use the online chat feature on our official website or the forums. It’s a direct line to our team and community for real-time interactions. Your contributions, big or small, play a crucial part in the development and improvement of UTMStack. Together, we can build a stronger, more secure open-source SIEM & XDR solution. Join us today and help shape the future of cybersecurity! Author Rick Valdes Founder, UTMStack The post Achieving Log Centralization and Analysis with Open Source SIEM and XDR: UTMStack appeared first on Linux.com. View the full article

Today, AWS Audit Manager announces support for the Payment Card Industry Data Security Standard v4.0 (PCI DSS v4.0) for automated evidence collection. This new standard framework can be leveraged by customers that store, process, or transmit cardholder data or sensitive authentication data to help them prepare for audits using a prebuilt collection of controls and automated evidence sources. View the full article

PCI DSS (Payment Card Industry Data Security Standard) is a global standard that establishes technical and operational criteria for protecting payment data. The PCI Security Standards Council announced PCI DSS v4.0 on March 31, 2022. Now organizations have until March 31, 2025 to comply with the new standard. HashiCorp Vault can play a significant role in helping your organization attain PCI DSS certification by providing secure and compliant management of sensitive data, including cardholder data. This post will give a brief overview of the areas where Vault can help your organization comply with the new standards in time... View the full article

In the first blog of our series on Azure Security, we discussed our approach to tackling cloud vulnerabilities. Our second blog highlighted our use of variant hunting to detect patterns and enhance security across our services. The third blog in the series introduced game-changing architecture to improve built-in security. In this installment, we share our integrated response strategy which provides a continuous learning model, leveraging big data, to improve response, detections, preventative controls, and governance to measure and improve effectiveness. Azure Security’s “Integrated Response” is the function of incorporating security risk mitigation strategies into a durable security program, seamlessly coordinating across federated security functions to learn, share, and adapt effective strategies to address top risks and threats at hyper-scale. As new threats and security risks emerge from a variety of sources, we address them by evaluating root causes and developing security controls as a learning feedback system. Our learnings from proactive and reactive analysis turn into product updates and threat intelligence enhancements in our security products. To maintain trust and accelerate response timelines, our closed-loop feedback cycle incorporates both internal and external risk drivers to improve each stage of our security response pipeline. Regularly reviewing security incidents is key to our ability to continuously improve our agility and response time to mitigate security risks for our customers. Each of our institutional processes, such as the Security LiveSite Review (SLR), Security Health Reviews (SHR), and our Security Operation Reviews (SOR) highlight and prioritize opportunities for improvement at all levels of Azure’s engineering organizations. Let’s dive into what each of these phases means and how they connect to each other. Fostering a secure culture: A deeper look at Azure’s rigorous comprehensive protection and response In a Cloud-First world, our customers trust us with their data, intellectual property, and critical business applications. To meet these expectations, we take a holistic approach to govern security and create an Integrated Response which incorporates a feedback cycle of identifying risk drivers and ensuring we drive the appropriate security controls to properly protect, detect and respond to threats. In addition, we ensure all products meet our security standards, such as Microsoft Cloud Security benchmarks. Here are the components of our Integrated Response: First response on new threats: Microsoft Security Response Center (MSRC) and Cyber Defense Operations—Operating with an “Assume Breach” mindset, we have honed our ability to quickly and effectively respond to security incidents and drive rapid security mitigation and improvements. We engage customers, industry partners, and Microsoft product teams alike to work in this continuous feedback loop. MSRC is an integrated part of the defender community operating on the front line of security response for our Azure customers and for other products within Microsoft. For more than twenty years, MSRC has served to detect, respond, and recover from security vulnerabilities. Our decades of experience defending a wide range of technologies have shown us that continually learning and evolving, both inside and out, is essential to staying ahead of the ever-changing threat landscape. Learn from every Security Incident: Security Live Site Reviews (SLR)—Following a security incident originating from MSRC or Red Team Operations, after the immediate remediation activity concludes, we prioritize conducting SLRs to drive 5-why analysis with product teams and executive leadership. Deeply focusing every single week from the Executive VP level down on deconstructing incidents down to their contributing root cause(s) drives Microsoft’s strategies on identifying process gaps, security control updates, and product improvements to improve Azure’s security posture. As discussed earlier in the series, throughout the investigation, we identify additional patterns beyond the specific incident to ensure we address beyond the symptom to the holistic solution. We track these repair items through all phases of our product and service development lifecycle including operations, engineering workflow, and security governance processes. Ensure security culture and improve operational rigor: Security Operations Review (SOR)—To improve security for operational hygiene and foster a deep security culture, we conduct regular SOR. These reviews bring together executive leaders and product teams to share best practices and review behavioral trends, security control performance, and demonstrate a proven ability to maintain security SLAs as a proactive process. Understand and reduce holistic security risk: Security Health and Risk Reviews (SHR)—Understanding the security risk of various requirements are an important element to maintaining a proper security-first mindset. We rationalize control performance and risk in the aggregate to conduct deep dives with product teams, creating a joint security-review conversation to learn and drive strategies to address emerging threats more broadly. The SHR provides a deep link to emerging risk by merging Azure Security perspectives with strategic product improvements to ensure we meet our customers’ needs now and into the future, providing confidence that we are investing in groundbreaking security innovation for tomorrow’s threats. Govern effectively and drive security standards: Azure Security Governance—Always following a growth mindset, we drive security governance at scale across more than six thousand unique products, driving security baseline compliance, ensuring our customers have the right security capabilities integrated into our products before release as documented in Microsoft Cloud Security Benchmark (MCSB), which helps customers ensure their service configurations of Azure and other clouds meet the security specification defined in frameworks such as the Center for Internet Security, the National Institute of Standards and Technology, and the Payment Card Industry. MCSB provides an efficient alignment approach for customers to leverage as controls are pre-mapped to these industry benchmarks. Internally, this governance function measures and provides insights and trends around behavioral and security control performance across our products, integrating new controls in SDL to stay relevant and mitigating emerging risks, while also empowering leaders with security optics to help them understand their security posture and drive security-first culture within their teams. We track security key performance Indicators (KPIs), at scale, and prioritize controls effective at mitigating threats based on real-world findings from root cause analysis of malicious attacks, RED Team discovery, MSRC findings, and industry incidents. Many are broadly identified as the industry’s best practices and requirements of Microsoft Security Policy (SDL/OSA) as well as regulatory compliance standards. These security KPIs are measured with Microsoft security technologies which have expanded and matured over time. Embracing continual learning: How Azure’s Integrated Response strategy innovates security for a changing world Our Integrated Response strategy provides a holistic approach to incorporate risk drivers with security controls and ensure products meet Microsoft Cloud Security benchmarks, leveraging measurement at scale and governance to identify and mitigate risks end-to-end. Microsoft combines our strong internal security response program with a broad and diverse ecosystem of security partners to supply world-class protection for billions of customers and the broader market. We recognize that security is a culmination of product and process and that Defense-in-Depth is a layered approach to both. As such, we embrace feedback and iterate improvements by measuring for effect. Our decades of experience defending a wide range of technologies have shown us that continually learning and evolving, both inside and out, is essential to staying ahead of the ever-changing threat landscape. Learn more Read additional blogs in this series to learn how Azure leverages cloud variant hunting, secure multitenancy, Confidential Compute, and Rust to layer protection throughout every phase of design, development, and deployment. Learn more about the out-of-the-box capabilities embedded in our platforms. Learn more about how Microsoft Azure can help strengthen your security posture. The post Always learning, always adapting: Unpacking Azure’s continuous cybersecurity evolution appeared first on Azure Blog. View the full article

AWS Mainframe Modernization is now Payment Card Industry Data Security Standard (PCI DSS) compliant, enabling customers to use AWS Mainframe Modernization for applications that store, process, and transmit information for use cases such as payment processing that are subject to PCI DSS. View the full article

Amazon Connect Contact Lens now provides screen recording capabilities, making it easy for you to help agents improve their performance. With screen recording, you can identify areas for agent coaching (e.g., long contact handle duration or non-compliance with business processes) by not only listening to customer calls or reviewing chat transcripts, but also watching agents’ actions while handling a contact (i.e., a voice call, chat, or task). Screen recording is Payment Card Industry Data Security Standard (PCI) compliant and in scope for System Organization Controls (SOC 1 and SOC 2). View the full article

Today, AWS is announcing a new service, AWS Payment Cryptography. This service simplifies your implementation of cryptography operations used to secure data in payment processing applications for debit, credit, and stored-value cards in accordance with various payment card industry (PCI), network, and American National Standards Institute (ANSI) standards and rules. Financial service providers and processors can replace their on-premises hardware security modules (HSMs) with this elastic service and move their payments-specific cryptography and key management functions to the cloud. View the full article

Cryptography is everywhere in our daily lives. If you’re reading this blog, you’re using HTTPS, an extension of HTTP that uses encryption to secure communications. On AWS, multiple services and capabilities help you manage keys and encryption, such as: AWS Key Management Service (AWS KMS), which you can use to create and protect keys to encrypt or digitally sign your data. AWS CloudHSM, which you can use to manage single-tenant hardware security modules (HSMs). HSMs are physical devices that securely protect cryptographic operations and the keys used by these operations. HSMs can help you meet your corporate, contractual, and regulatory compliance requirements. With CloudHSM, you have access to general-purpose HSMs. When payments are involved, there are specific payment HSMs that offer capabilities such as generating and validating the personal identification number (PIN) and the security code of a credit or debit card. Today, I am happy to share the availability of AWS Payment Cryptography, an elastic service that manages payment HSMs and keys for payment processing applications in the cloud. Applications using payments HSMs have challenging requirements because payment processing is complex, time sensitive, and highly regulated and requires the interaction of multiple financial service providers and payment networks. Every time you make a payment, data is exchanged between two or more financial service providers and must be decrypted, transformed, and encrypted again with a unique key at each step. This process requires highly performant cryptography capabilities and key management procedures between each payment service provider. These providers might have thousands of keys to protect, manage, rotate, and audit, making the overall process expensive and difficult to scale. To add to that, payment HSMs historically employ complex and error-prone processes, such as exchanging keys in a secure room using multiple hand-carried paper forms, each with separate key components printed on them. Introducing AWS Payment Cryptography AWS Payment Cryptography simplifies your implementation of cryptographic functions and key management used to secure data in payment processing in accordance with various payment card industry (PCI) standards. With AWS Payment Cryptography, you can eliminate the need to provision and manage on-premises payment HSMs and use the provided tools to avoid error-prone key exchange processes. For example, with AWS Payment Cryptography, payment and financial service providers can begin development within minutes and plan to exchange keys electronically, eliminating manual processes. To provide its elastic cryptographic capabilities in a compliant manner, AWS Payment Cryptography uses HSMs with PCI PTS HSM device approval. These capabilities include encryption and decryption of card data, key creation, and pin translation. AWS Payment Cryptography is also designed in accordance with PCI security standards such as PCI DSS, PCI PIN, and PCI P2PE, and it provides evidence and reporting to help meet your compliance needs. You can import and export symmetric keys between AWS Payment Cryptography and on-premises HSMs under key encryption key (KEKs) using the ANSI X9 TR-31 protocol. You can also import and export symmetric KEKs with other systems and devices using the ANSI X9 TR-34 protocol, which allows the service to exchange symmetric keys using asymmetric techniques. To simplify moving consumer payment processing to the cloud, existing card payment applications can use AWS Payment Cryptography through the AWS SDKs. In this way, you can use your favorite programming language, such as Java or Python, instead of vendor-specific ASCII interfaces over TCP sockets, as is common with payment HSMs. Access can be authorized using AWS Identity and Access Management (IAM) identity-based policies, where you can specify which actions and resources are allowed or denied and under which conditions. Monitoring is important to maintain the reliability, availability, and performance needed by payment processing. With AWS Payment Cryptography, you can use Amazon CloudWatch, AWS CloudTrail, and Amazon EventBridge to understand what is happening, report when something is wrong, and take automatic actions when appropriate. Let’s see how this works in practice. Using AWS Payment Cryptography Using the AWS Command Line Interface (AWS CLI), I create a double-length 3DES key to be used as a card verification key (CVK). A CVK is a key used for generating and verifying card security codes such as CVV, CVV2, and similar values. Note that there are two commands for the CLI (and similarly two endpoints for API and SDKs): payment-cryptography for control plane operation such as listing and creating keys and aliases. payment-cryptography-data for cryptographic operations that use keys, for example, to generate PIN or card validation data. Creating a key is a control plane operation: aws payment-cryptography create-key \ --no-exportable \ --key-attributes KeyAlgorithm=TDES_2KEY, KeyUsage=TR31_C0_CARD_VERIFICATION_KEY, KeyClass=SYMMETRIC_KEY, KeyModesOfUse='{Generate=true,Verify=true}' { "Key": { "KeyArn": "arn:aws:payment-cryptography:us-west-2:123412341234:key/42cdc4ocf45mg54h", "KeyAttributes": { "KeyUsage": "TR31_C0_CARD_VERIFICATION_KEY", "KeyClass": "SYMMETRIC_KEY", "KeyAlgorithm": "TDES_2KEY", "KeyModesOfUse": { "Encrypt": false, "Decrypt": false, "Wrap": false, "Unwrap": false, "Generate": true, "Sign": false, "Verify": true, "DeriveKey": false, "NoRestrictions": false } }, "KeyCheckValue": "B2DD4E", "KeyCheckValueAlgorithm": "ANSI_X9_24", "Enabled": true, "Exportable": false, "KeyState": "CREATE_COMPLETE", "KeyOrigin": "AWS_PAYMENT_CRYPTOGRAPHY", "CreateTimestamp": "2023-05-26T14:25:48.240000+01:00", "UsageStartTimestamp": "2023-05-26T14:25:48.220000+01:00" } } To reference this key in the next steps, I can use the Amazon Resource Name (ARN) as found in the KeyARN property, or I can create an alias. An alias is a friendly name that lets me refer to a key without having to use the full ARN. I can update an alias to refer to a different key. When I need to replace a key, I can just update the alias without having to change the configuration or the code of your applications. To be recognized easily, alias names start with alias/. For example, the following command creates the alias alias/my-key for the key I just created: aws payment-cryptography create-alias --alias-name alias/my-key \ --key-arn arn:aws:payment-cryptography:us-west-2:123412341234:key/42cdc4ocf45mg54h { "Alias": { "AliasName": "alias/my-key", "KeyArn": "arn:aws:payment-cryptography:us-west-2:123412341234:key/42cdc4ocf45mg54h" } } Before I start using the new key, I list all my keys to check their status: aws payment-cryptography list-keys { "Keys": [ { "KeyArn": "arn:aws:payment-cryptography:us-west-2:123421341234:key/42cdc4ocf45mg54h", "KeyAttributes": { "KeyUsage": "TR31_C0_CARD_VERIFICATION_KEY", "KeyClass": "SYMMETRIC_KEY", "KeyAlgorithm": "TDES_2KEY", "KeyModesOfUse": { "Encrypt": false, "Decrypt": false, "Wrap": false, "Unwrap": false, "Generate": true, "Sign": false, "Verify": true, "DeriveKey": false, "NoRestrictions": false } }, "KeyCheckValue": "B2DD4E", "Enabled": true, "Exportable": false, "KeyState": "CREATE_COMPLETE" }, { "KeyArn": "arn:aws:payment-cryptography:us-west-2:123412341234:key/ok4oliaxyxbjuibp", "KeyAttributes": { "KeyUsage": "TR31_C0_CARD_VERIFICATION_KEY", "KeyClass": "SYMMETRIC_KEY", "KeyAlgorithm": "TDES_2KEY", "KeyModesOfUse": { "Encrypt": false, "Decrypt": false, "Wrap": false, "Unwrap": false, "Generate": true, "Sign": false, "Verify": true, "DeriveKey": false, "NoRestrictions": false } }, "KeyCheckValue": "905848", "Enabled": true, "Exportable": false, "KeyState": "DELETE_PENDING" } ] } As you can see, there is another key I created before, which has since been deleted. When a key is deleted, it is marked for deletion (DELETE_PENDING). The actual deletion happens after a configurable period (by default, 7 days). This is a safety mechanism to prevent the accidental or malicious deletion of a key. Keys marked for deletion are not available for use but can be restored. In a similar way, I list all my aliases to see to which keys they are they referring: aws payment-cryptography list-aliases { "Aliases": [ { "AliasName": "alias/my-key", "KeyArn": "arn:aws:payment-cryptography:us-west-2:123412341234:key/42cdc4ocf45mg54h" } ] } Now, I use the key to generate a card security code with the CVV2 authentication system. You might be familiar with CVV2 numbers that are usually written on the back of a credit card. This is the way they are computed. I provide as input the primary account number of the credit card, the card expiration date, and the key from the previous step. To specify the key, I use its alias. This is a data plane operation: aws payment-cryptography-data generate-card-validation-data \ --key-identifier alias/my-key \ --primary-account-number=171234567890123 \ --generation-attributes CardVerificationValue2={CardExpiryDate=0124} { "KeyArn": "arn:aws:payment-cryptography:us-west-2:123412341234:key/42cdc4ocf45mg54h", "KeyCheckValue": "B2DD4E", "ValidationData": "343" } I take note of the three digits in the ValidationData property. When processing a payment, I can verify that the card data value is correct: aws payment-cryptography-data verify-card-validation-data \ --key-identifier alias/my-key \ --primary-account-number=171234567890123 \ --verification-attributes CardVerificationValue2={CardExpiryDate=0124} \ --validation-data 343 { "KeyArn": "arn:aws:payment-cryptography:us-west-2:123412341234:key/42cdc4ocf45mg54h", "KeyCheckValue": "B2DD4E" } The verification is successful, and in return I get back the same KeyCheckValue as when I generated the validation data. As you might expect, if I use the wrong validation data, the verification is not successful, and I get back an error: aws payment-cryptography-data verify-card-validation-data \ --key-identifier alias/my-key \ --primary-account-number=171234567890123 \ --verification-attributes CardVerificationValue2={CardExpiryDate=0124} \ --validation-data 999 An error occurred (com.amazonaws.paymentcryptography.exception#VerificationFailedException) when calling the VerifyCardValidationData operation: Card validation data verification failed In the AWS Payment Cryptography console, I choose View Keys to see the list of keys. Optionally, I can enable more columns, for example, to see the key type (symmetric/asymmetric) and the algorithm used. I choose the key I used in the previous example to get more details. Here, I see the cryptographic configuration, the tags assigned to the key, and the aliases that refer to this key. AWS Payment Cryptography supports many more operations than the ones I showed here. For this walkthrough, I used the AWS CLI. In your applications, you can use AWS Payment Cryptography through any of the AWS SDKs. Availability and Pricing AWS Payment Cryptography is available today in the following AWS Regions: US East (N. Virginia) and US West (Oregon). With AWS Payment Cryptography, you only pay for what you use based on the number of active keys and API calls with no up-front commitment or minimum fee. For more information, see AWS Payment Cryptography pricing. AWS Payment Cryptography removes your dependencies on dedicated payment HSMs and legacy key management systems, simplifying your integration with AWS native APIs. In addition, by operating the entire payment application in the cloud, you can minimize round-trip communications and latency. Move your payment processing applications to the cloud with AWS Payment Cryptography. — Danilo View the full article

System hardening means locking down a system and reducing its attack surface: removing unnecessary software packages, securing default values to the tightest possible settings and configuring the system to only run what you explicitly require. Let’s take an example from daily life. A jewellery store and a grocery shop are located next to each other, but of course, you would expect that the jewellery store has much beefier bars and stronger locks that are shut when the shop is closed for the night as the contents are more valuable. In this case, the jewellery shop building has been hardened to protect precious products and deter thieves. We can take a very similar approach to computer systems too. When software such as an operating system is published, anyone can download it and use it for playing games, running an online bank, and everything in between. But for running the bank, we need to take some additional precautions to harden the system above and beyond the default configuration. Hardening a system aims to decrease its exposure in order to make it more difficult to hack, and to lessen the potential collateral damage in the event of a compromise. Why is system hardening important? Anyone who runs computer infrastructure they rely upon should be concerned about hardening their systems. This is especially important where user data such as Personally Identifiable Information or financial records are involved, as there are significant fines facing organisations who suffer a data breach in these cases, not to mention the reputational damage caused by the damning headlines. What are the types of system hardening? Server hardening Each layer and component of an IT system needs to be hardened to ensure that they provide a secure base for the next layer. This all starts with the hardware, the foundation of the application stack, so the first place we will look is at server hardening. The idea is to make the server as robust as possible against local attacks, i.e. people with physical access to the machine, and prevent them from snooping on the data on the server or introducing malicious code. These are the main server hardening steps to take: Update the BIOS. Manufacturers frequently release new BIOS versions to address security issues, and it’s important to keep on top of these by updating to the latest version as soon as is reasonable. Enable SecureBoot. This uses digital signatures to ensure that the system boots genuine signed code, and means that it is harder for an attacker with physical access to the server to subvert the boot process. Set BIOS and remote management passwords. Features such as SecureBoot can be disabled in the BIOS, so it’s important to set a BIOS password to prevent that. Remote management interfaces also offer a wealth of low-level system access, and these should be password protected, and only be accessible via a trusted management subnet. Disable unused USB ports. If the server doesn’t need to use certain hardware features, these can often be disabled in the BIOS, to further prevent physical attacks against the system. Configure the disks with full disk encryption. Disk encryption means that someone can’t take the disks out of the machine and access or modify the contents offline. In cloud environments and virtual machines, disk encryption also prevents a malicious actor at the hypervisor level from accessing your virtual disks. Operating system hardening Once the server hardware has been locked down, the next step is to configure the operating system. This is where the majority of the hardening procedures can be applied, as the operating system is a generic canvas that needs to be customised to each individual use case; for instance, a development environment has a very different security posture to a production server. There are a number of avenues to follow when hardening the operating system, which can be broken down into the following categories: Remove unnecessary and unused components. A Linux OS such as Ubuntu contains packages to cover a very wide range of use cases, but it’s likely that a production system will only have a small number of critical workloads. Any package not supporting these workloads should be removed. Tighten default settings and enforce encryption. Ensure directories are configured to allow only the minimum privileges required to run the production workloads, and encrypt file systems. Configure logging and integrity checks. All system and application logs should be stored on a remote server to ensure that in the event of a hack the attacker can’t delete the logs to cover their tracks. File integrity monitoring software should be deployed to provide warnings if any unexpected changes occur which might be indicative of an attack. Keep software patched and up-to-date. The majority of system compromises occur because attackers exploit known vulnerabilities that have not been patched. It is essential that all security patches are applied quickly and automatically. Regularly scan for vulnerabilities using third-party scanning software, to identify any weaknesses in the overall system integrity. Implement operational best practices, particularly when it comes to user account management. In any organisation, users will come and go and change roles; user accounts need to be kept in sync, and access revoked when users no longer need the same levels of access. Application security and hardening When it comes to application security, it is more difficult to be prescriptive about hardening as each application has its own security requirements. However, there are general security and hardening principles that can be applied to most applications: Enforce strong encryption, and use a trusted PKI to ensure authenticity. For example, web-based applications use TLS, for which certificates can be provisioned through Let’s Encrypt. Reduce privilege levels to the minimum required. Ensure that regular users don’t have full administrative access. Configure logging, and monitor logs for anomalies. Application logs should be aggregated remotely to ensure that they can’t be altered or destroyed by an attacker, and the logs should be analysed to detect anomalous behaviour which could reveal the start of an active attack. Check dependencies for vulnerabilities. Most applications have a large number of software libraries and dependencies, any of which might have security vulnerabilities – all components need to be kept patched and up to date. For any application it is important to build on solid foundations, which means that the operating system is secured and hardened properly first. The next step is to look at the software supply chain that the application builds upon, and an excellent place to begin here is to consume software components from a trusted source. Ubuntu gives everybody access to the widest range of open source software libraries and applications within the industry, backed by a ten year security maintenance guarantee with a Pro subscription, which gives your application security and hardening the strongest foundations possible. CIS benchmarks Because system hardening is so important to so many organisations, industry standards have been developed to gather the best practices from across the world and formulate a common approach to hardening. The Center for Internet Security (CIS) publishes hardening benchmarks for many common software applications and operating systems, including Ubuntu, and if you implement the suggestions in these hardening profiles then you can be assured of a comprehensive level of security. CIS benchmarks have broad applicability across a wide range of industries, and are useful for any organisation deploying services on the internet. Some industry sectors carry specific regulatory requirements which mandate system hardening, such as PCI-DSS, the Payment Card Industry Data Security Standard. PCI-DSS version 4 requires that “System components are configured and managed securely” and “are consistent with industry-accepted system hardening standards or vendor hardening recommendations”, with specific reference to the CIS benchmarks. Automated cyber security tools with Ubuntu Security Guide (USG) At Canonical, we recognise the need for hardening, whilst also acknowledging that implementing the hundreds of rules within the CIS benchmarks is an arduous task, therefore we provide the Ubuntu Security Guide, an automated cyber security tool for system hardening, remediation and auditing. USG is available as part of Ubuntu Pro, which is free for personal use on up to 5 machines. With USG installed, hardening your Ubuntu system to the CIS standards is as straightforward as running a command: usg fix cis_level1_server For a quick start with Ubuntu Security Guide for CIS or DISA-STIG consider using this tutorial. A comprehensive guide We published a detailed guide to Infrastructure Hardening covering all the steps and procedures outlined here, plus more. Download Canonical has published a detailed guide to Infrastructure Hardening covering all the steps and procedures outlined here, plus more. Conclusion Hardening your infrastructure and systems is a vital step in creating a production environment, but can be a daunting prospect to tackle from scratch. Taking advantage of industry standards, such as the CIS benchmarks, and using the automated cyber security tools available with Ubuntu Pro, can make this a much more manageable proposition. For more information contact us here. To learn more about Canonical and what we do around security and compliance: Visit our webpage Read more on this topic in our blog Download our comprehensive guide on infrastructure hardening View the full article

Amazon Managed Workflows for Apache Airflow (MWAA) is now Payment Card Industry Data Security Standard (PCI DSS) compliant. Amazon MWAA is a managed orchestration service for Apache Airflow that makes it easier to set up and operate end-to-end data pipelines in the cloud. Customers can now use Amazon MWAA to manage workflows that store, process, and transmit information for use cases such as payment processing that are subject to PCI DSS. View the full article

Want to know the latest from Google Cloud? Find it here in one handy location. Check back regularly for our newest updates, announcements, resources, events, learning opportunities, and more. Tip: Not sure where to find what you’re looking for on the Google Cloud blog? Start here: Google Cloud blog 101: Full list of topics, links, and resources. Week of Dec 12 - Dec 16, 2022 Storage Transfer Service now offers Preview support for event-driven transfers - serverless, real-time replication from AWS S3 to Cloud Storage, and between Cloud Storage buckets. With this new capability, you can accelerate your event-driven analytics pipeline, enable automatic replication across Cloud Storage buckets, create a backup copy of data in a different region or project, or perform live migration. Read more here. Learn about Memorystore for Redis best practices to achieve the optimal performance and availability with your implementation. Prescriptive guidance around monitoring your Memorystore instance is also provided. Read more about these topics here. Week of Dec 5 - Dec 9, 2022 A Google Cloud first-party supported open-source Kafka Connector for Pub/Sub and Pub/Sub Lite is now generally available. See how it enables an easy drop-in solution for moving data between Kafka clusters and Pub/Sub and Pub/Sub Lite here. Eventarc support for customer-managed encryption keys (CMEK) is generally available (GA). Pub/Sub Lite now offers export subscriptions to Pub/Sub. This new subscription type writes Lite messages directly to Pub/Sub - no code development or Dataflow jobs needed. Great for connecting disparate data pipelines and migration from Lite to Pub/Sub. Learn more. Week of Nov 28 - Dec 2, 2022 Zeotap partnered with Google Cloud to build a next-generation customer data platform with focus on Privacy, Security and Compliance. This blog post describes their journey using Google Data Cloud including BigQuery, BI Engine, Vertex AI to build customized Audience segments at scale. Read more here. Week of Nov 14 - Nov 18, 2022 Apigee has been named aleader in the 2022 Gartner Magic Quadrant for API Management, marking the seventh time in a row we’ve earned this recognition. We remain the top API Management vendor in our Ability to Execute, with a strong product offering, customer experience, and sales execution. Please help us share the good news via Twitter,Facebook, andLinkedIn. Connected-Stories has built an end-to-end creative management platform on Google Cloud including BigQuery, Vertex AI to develop, serve and optimize interactive video and display Ads that scale across any channel. Read more here. Week of Nov 7 - Nov 11, 2022 No-cost access to some of our popular training is available on Coursera until December 31,2022. Get hands-on experience to enhance your technical skills in the cloud environment for the most in-demand job roles. Training is available for both technical and non-technical professionals and spans foundational to advanced content. You’ll also earn a shareable certificate. Learn more about this training offer today. Private Marketplace functionality is now available in preview for Google Cloud Marketplace to help organizations scale compliant product discovery. Learn more here. Week of Oct 31 - Nov 4, 2022 True Fit, a data-driven personalization platform built on Google Data Cloud describe their data journey to unlock Partner growth. True Fit publishes a number of BigQuery dataset for its Retail partners using Analytics Hub. Data sharing using Google Cloud has elevated True Fit’s business using real-world data in real-time. They achieved this in conjunction with the Built with BigQuery program from Cloud Partner Engineering. Read more Google Cloud Workstations is now in public preview. IAM Deny, a security guardrail to help Google Cloud customers harden their security posture at scale, is now Generally Available (GA). IAM Deny policies manage access to Google Cloud resources based on principal, resource type, and permissions they're trying to use. It enables administrators to harden their cloud security posture easily and at scale. Week of Oct 24 - Oct 28, 2022 Google Cloud and Sibros Technology with their award winning Deep Connected Platform is enabling vehicle manufacturers and suppliers to reach the next level in their use of data to gain valuable insights that should mitigate risks, reduce costs, add innovative products, drive sustainability and introduce value-added use cases services in the automotive industry. Read more. Data Exploration Workbench in Dataplex is now Generally Available - it offers a Spark-powered serverless data exploration experience with one-click access to Spark SQL scripts and Jupyter notebooks. With the workbench, Data Consumers can spend more time generating insights rather than integrating different tools and platforms.Learn more Week of Oct 17 - Oct 21, 2022 Google Cloud Spanner launches Lock insights and transaction insights - easily troubleshoot lock contentions using pre-built dashboards. This is the 2nd milestone launch for Spanner insights. Learn more. Google Cloud Migration Center is now in public preview. Check out our blog for more information. Using Envoy to create cross-region replicas for Cloud Memorystore: Learn how you can create multi-regional deployments with Cloud Memorystore by using the Envoy proxy. This blog provides a step by step walkthrough which demonstrates how you can adapt your existing application to serve multiple regions or failover to a secondary region in case of a regional outage. Google Cloud Logging’s Log Analytics team is hosting an external webinar to talk about Log Analytics powered by BigQuery and how our top customers have adopted them to save time and cost. Register here. Week of Oct 3 - Oct 7, 2022 Rapid Vulnerability Detection, a zero configuration service in Security Command Center Premium that detects vulnerabilities like exposed admin interfaces, weak credentials, and incomplete software installations, is now available in Public Preview. When it comes to advanced log analysis using BigQuery, Log Analytics offers a simple, cost-effective and easy-to-operate alternative to managing your own log export to BigQuery. Use this migration guide to help you write or convert your SQL queries and make switching to Log Analytics easy. Week of Sept 26 - Sept 30, 2022 Google Cloud Logging launches Log Analytics powered by Big Query. The feature allows Log users to use the power of BQ within Cloud Logging to perform Analytics on Logs. You can update your existing Log Buckets to start using Log Analytics. It does not require complex data pipeline configurations to ingest data. Learn more. BigQuery ML enables Faraday to make predictions for any US consumer brand . Faraday.ai is a Partner of Google Cloud enabling companies to unlock the patterns hidden in their data using BigQuery ML, such as increasing conversion of leads to subscribe customers via personalization, allowing scoring of leads, spend forecasting and Lon-to-value ratio identification for customers. They achieved this in conjunction with the Built with BigQuery program from Cloud Partner Engineering. Week of Sept 19 - Sept 23, 2022 Google Cloud Learning launches a new dedicated cloud training program to support 10,000 Ukrainian businesses and IT professionals, starting October 4, 2022. Learn more. Cloud Load Balancing now supports Cross-Project Service Referencing with Internal HTTP(S) Load Balancing and Regional External HTTP(S) Load Balancing. This new capability allows organizations to configure one central load balancer and route traffic to hundreds of services distributed across multiple different projects. Organizations can thus optimize the number of load balancers needed to deploy your application, and lower manageability, operational costs, and quota requirements. Learn more Datastream now supports direct replication into BigQuery in public preview. Datastream for BigQuery , leverages the new BigQuery CDC (UPSERT) Write API, making replication from operational database sources such as AlloyDB, PostgreSQL, MySQL, and Oracle, directly into BigQuery seamless. Learn more. Datastream now supports PostgreSQL as a source in public preview. Datastream introduces volume-based tiered pricing that makes it more affordable for customers moving larger volumes of data. Volume-based tiered pricing will be applied automatically based on actual usage. And for the next 6 months customers will also receive 1TB/month free backfill. Learn more. Cloud CDN now supports dynamic compression using Brotli and gzip algorithms, which can reduce data sent over the network by 60-80% for compressible content. Enabling dynamic compression can help you achieve faster page load times, speed up playback speed for video content, and optimize egress costs. Google Cloud launches the Fly Cup Challenge, created in partnership with The Drone Racing League (DRL) and taking place at Next ‘22 to usher in the new era of tech-driven sports. Learn more. Accelerate migration from self-managed object storage to Google Cloud Storage by using Storage Transfer Service. It’s designed to move 100s of TB data and offers security, simplicity, and scale-out performance out of the box. Read the full blog here. In addition to sync files from Git repositories, Config Sync just brought GitOps to a next level with the support of two new formats: OCI artifacts and Helm charts. Learn more. Cloud Dataflow - PerfKit Benchmarker (PKB) has expanded support for benchmarking your own Dataflow pipelines. You can now more easily test your Dataflow pipelines for performance optimization, capacity planning, regression testing and TCO estimation. Watch the Beam Summit talk and demo, or read the detailed walkthrough. Cloud Deploy now supports the ability to verify your deployment. Learn More Week of Sept 12 - Sept 18, 2022 Pub/Sub monitoring dashboards are now part of the Pub/Sub UI in Google Cloud Console. Pub/Sub users can easily monitor the health of their real-time streaming applications by reading charts of insightful metrics. Customization on these provided charts and dashboard is also supported. Learn more. Database Migration Service now supports seamless migrations to AlloyDB. With this public preview launch, customers can migrate their most demanding enterprise PostgreSQL databases to AlloyDB in an easy-to-use, secured, and serverless manner. Read the full blog here. Google Cloud Deploy now supports application delivery to Cloud Run. Learn More Artifact Registry now supports store Kubeflow pipeline templates in a Kubeflow Pipelines repository. Learn more Google Cloud Deploy has enabled +14 additional regions, bringing Cloud Deploy to regional support parity with Cloud Build. Learn More Week of Sept 5 - Sept 9, 2022 We held our biggest storage event of the year on Sept 8 where we announced a number of new product innovations including: enhanced optimization and intelligence for Cloud Storage, new Filestore capabilities, the next generation of Persistent Disk called Hyperdisk, and the unveiling of our new Google Cloud Backup and DR service. Watch all the sessions on demand or read the full recap. Storage Transfer Service now offers Preview support for moving data from S3-compatible storage to Cloud Storage. This feature builds on recent Cloud Storage launches, namely support for Multipart upload and List Object V2, which makes Cloud Storage suitable for running applications written for the S3 API. With this new feature, customers can seamlessly copy data from self-managed object storage to Google Cloud Storage. For customers moving data from AWS S3 to Cloud Storage, this feature provides an option to control network routes to Google Cloud, resulting in considerably lower egress charges. See Transfer from S3-compatible sources for details. Kubernetes control plane metrics are now Generally Available for Google Kubernetes Engine. You can now configure GKE clusters with control plane version 1.23.6-gke.1500 or later to export to Cloud Monitoring certain metrics emitted by the Kubernetes API server, scheduler, and controller manager. These metrics are stored in Cloud Monitoring in a Prometheus-compatible format. They can be queried by sending either a PromQL or MQL query to the Cloud Monitoring API. They can also be used anywhere within Cloud Monitoring, including in custom dashboards or alerting rules. Week of Aug 29 - Sept 2, 2022 The network that powers Google Cloud grows with our customers, and we are committed to providing them with the resilience and performance they need and expect. Google is investing alongside regional partners in two additional submarine cables — IAX andMIST — which will support growing demand in the APAC region. We expect these two cables to be ready for service by the end of 2023. Apigee is introducing a new Pay-as-you-go pricing model to enable customers to unlock Apigee’s API management capabilities with no upfront commitment, control their own costs and pay only for what they are use. This new pricing model is offered as a complement to the existing Subscription plans (or) the ability to evaluate it for free. Learn more Week of Aug 22 - Aug 26, 2022 Join us August 30th for the “Power your business with modern cloud apps” webinar to learn strategies to leverage scalable cloud apps on Google Cloud using products like Google Kubernetes Engine, Cloud Run, Apigee, and Anthos. Don’t miss this opportunity to discover best practices for: Accelerating developer productivity Improving business innovation Boosting resource efficiency while ensuring security and regulatory compliance Why all retailers should consider leveraging Google Cloud Retail Search - Cloud Retail Search, part of Discovery Solutions For Retail portfolio, helps retailers significantly improve the shopping experience on their digital platform with ‘Google-quality’ search. Users now expect the same robust and intuitive search features as are offered by Google.com and other popular web platforms, who seem to have the uncanny ability to intelligently interpret and yield relevant results to complex search queries. Cloud Retail Search offers advanced search capabilities such as better understanding user intent and self-learning ranking models that help retailers unlock the full potential of their online experience. Learn more. Week of Aug 15 - Aug 19, 2022 Cloud SQL now supports deletion protection for MySQL, Postgres and SQL Server instances. With the deletion protection flag, you can now protect your instance from unintended deletions. The flag is enabled by default in the Cloud Console and when enabled, delete is blocked and the flag has to be disabled before an instance can be deleted. To disable the deletion protection flag, the user must have at least Cloud SQL Editor role.With the deletion protection flag, you now have added protection that will prevent accidental or malicious deletion of databases that can create expensive outages for applications. To learn more about deletion protection refer to Cloud SQL documentation Google Cloud Deploy the default Skaffold LTS version has been upgraded to 1.39.1 Skaffold Release notes Google Cloud Deploy Skaffold Docs Week of Aug 8 - Aug 12, 2022 Artifact Registry now supports use of organization policies that can require Customer Managed Encryption Keys (CMEK) protection and can limit which Cloud Key Management System CryptoKeys can be used for CMEK protection. Learn More Google Cloud Deploy documentation has been re-formatted to make it easier to find information being sought.Docs Google Cloud Deploy new blog post describing many new features and benefits added over the first half of the year. Blog Google Cloud Deploy new GUI update that surfaces information related to a target’s execution environment. Developers can now easily find and confirm where Google Cloud Deploy render and deploy operations take place in addition to worker pool type, execution environment, service account, and artifact storage location. Learn More Week of Aug 1 - Aug 5, 2022 Join us August 30th for the “Power your business with modern cloud apps” webinar. We will be sharing best practices and strategies for how to simplify, streamline, and secure your application development using Google Cloud services like GKE, Apigee API, Anthos, and Cloud Run. Register today! Bigtable-BigQuery federation is now Generally Available. Query Bigtable directly from BigQuery and combine with other data sources for real-time analytical insights. No ETL required. Learn more Week of July 25 - July 29, 2022 BigLake enables you to maximize the true potential of your data spread across clouds, storage formats, data lakes, and warehouses. It is now Generally available, and you can use it to build multi-cloud data lakes that work across GCP and OSS query engines, in a secure and governed manner. Learn more. Cloud Healthcare API is now available in 4 additional regions allowing customers to serve their own users faster, more reliably, and securely. The Cloud Healthcare API provides a managed solution for storing and accessing healthcare data in Google Cloud, providing a critical bridge between existing care systems and applications hosted on Google Cloud. Learn More. asia-southeast2 (Jakarta) us-east1 (South Carolina) us-west1 (Oregon) us-west3 (Salt Lake City) Cloud Deploy - You can now view and compare Kubernetes and Skaffold configuration files for releases, using Google Cloud Console. Learn More. Cloud Deploy now offers an Easy Mode option that creates a skaffold.yalm file automatically from a Kubernetes manifest. The feature is accessed from the command line by adding --from-k8s-manifest=FROM_K8S_MANIFEST to the gcloud deploy releases create command. The generated skaffold.yaml is suitable for onboarding, learning, and demonstrating Google Cloud Deploy. Learn More Cloud Pub/Sub is introducing a new type of subscription called a “BigQuery subscription” that writes directly from Cloud Pub/Sub to BigQuery. You no longer have to write or run your own pipelines for data ingestion from Pub/Sub into BigQuery. This new extract, load, and transform (ELT) path will be able to simplify your event-driven architecture. Learn more. Week of July 18 - July 22, 2022 Launched three major new Dataflow features to General Availability: Dataflow Go GA, Dataflow Prime GA, and Dataflow ML GA. The Data Engineer Spotlight is THIS WEEK! Register today to experience four technical sessions, expert speakers, a q&a session, and tons of on demand content. Speed up your workflow executions by running steps concurrently! Workflows now supports parallel steps, which can reduce the overall execution time for workflows that include long-running operations like HTTP requests and callbacks. Our latest codelab shows you how to more quickly process a dataset by parallelizing multiple BigQuery jobs within a workflow. Read more in our blog post. Google Cloud introduces Batch. Batch is a fully-managed service which helps you run batch jobs easily, reliably, and at scale. Without additional software, Batch dynamically and efficiently manages resource provisioning, scheduling, queuing, and execution, freeing up time for you to focus on analyzing results. It is free, and you only pay for the resources used, but you can further reduce cost with Spot VMs and Custom Machine Types. Read more in the launch blog. Run your Arm workloads on Google Kubernetes Engine (GKE) with Tau T2A VMs in preview. Arm nodes come packed with key GKE features, including the ability to run using GKE Autopilot. We’ve also updated many popular Google Cloud developer tools and partnered with leading CI/CD, observability, and security ISVs to simplify running Arm workloads on GKE. Week of July 11 - July 15, 2022 Cloud Deploy users can now suspend a delivery pipeline. Suspending a pipeline is useful for situations when there’s a problem with a release and you want to make sure no further actions occur. Suspended pipelines also allow teams to pause releases for a defined time period like holidays, busy seasons, etc. Cloud Deploy users can now permanently abandon a release . An abandoned release has the following restrictions - it cannot be promoted, it cannot be rolled back, and it cannot be unabandoned. Some reasons to abandon a release include a serious bug or bugs in the release, a major security issue in the release, or the release includes a deprecated feature. Week of July 4 - July 8, 2022 Blue-green upgrade mechanism for upgrading GKE node pools is now generally available. With blue-green upgrades, you now have more control over the upgrade process for highly available production workloads. GKE creates a new set of nodes, moves your workloads and gives you “soak” time before committing the upgrade. You can also quickly rollback in the event your workloads cannot tolerate the upgrade. Get a deep dive into managing traffic fluctuations with Google Cloud. European travel group REWE explores the value of Cloud Spanner In mitigating and supporting traffic surges and optimizing the consumer experience during peak travel seasons. Differentiation brings great customer experiences. Differentiation achievements help customers select a partner with confidence, knowing that Google Cloud has verified their skills and customer success across our products, horizontal solutions and key industries. Week of June 27 - July 1, 2022 Launched Query Insights for Cloud Spanner - a new visualization tool for visualizing Query performance metrics and debugging Query Performance issues in the Cloud console! Now in preview, BigQuery BI Engine Preferred Tables. Preferred tables enable BigQuery customers to prioritize specific tables for acceleration by BI Engine to ensure predictable performance and optimized use of resources (blog) MITRE ATT&CK® mappings for Google Cloud security capabilities through our research partnership with the MITRE Engenuity Center for Threat-Informed Defense. Learn more. Launched a new way of accessing billing information — from the Cloud Console mobile app. Now, with your Android or iOS mobile device, you can access not only your resources (App Engine, Compute, Databases, Storage or IAM), logs, incidents, errors, but also your billing information. With these enhanced billing features, we are making it easier for you to understand your cloud spend. Eventarc adds support for Firebase Realtime Database. Now you can create Eventarc triggers to send Firebase Realtime Database events to your favorite destinations that Eventarc supports. PostgreSQL interface for Cloud Spanner is generally available. The PostgreSQL interface for Spanner combines the scalability and reliability of Spanner that enterprises trust with the familiarity and portability of PostgreSQL that development teams love. Devops teams that have scaled their databases with brittle sharding or complex replication can now simplify their architecture with Spanner, using the tools and skills they already have. Get started today, for as low as $65 USD/month. Learn more. Cloud Deploy is now available in 5 additional regions improving performance and flexibility Learn More asia-east2 (Hong Kong) europe-west2 (London) europe-west3 (Frankfurt) us-east4 (N. Virginia) us-west2 (Los Angeles) Cloud Deploy deployment of containers to Anthos user clusters using Connect gateway is now generally available. Learn more Time-sharing GPUs on GKE are generally available. Time-sharing allows multiple containers to share a single physical GPU attached to a node. This helps achieve greater cost effectiveness by improving GPU Utilization and workload throughput. Dual-stack networking is now available (preview) for GKE. With this feature, you can now allocate dual-stack IPv4 and IPv6 addresses for Pods and nodes. For Services, you can allocate single-stack (IPv4 only or IPv6 only) or dual-stack addresses. View your GKE costs directly in Cloud Billing. Now in preview, you can view a detailed breakdown of cluster costs directly in the Google Cloud console or the Cloud Billing export to BigQuery. With this detailed information, you can more easily allocate the costs of your GKE clusters and workloads across different teams. Week of June 20 - June 24, 2022 Read the latest Cloud Data Hero Story! This edition focuses on Francisco, the founder of Direcly, a Google Cloud partner. Francisco immigrated from Quito, Ecuador and founded his company from the ground up, without any external funding. Now, he’s finding innovative ways to leverage Google Cloud’s products for companies like Royal Caribbean International. Week of June 13 - June 17, 2022 Launched higher reservation limits for BigQuery BI Engine! BigQuery BI Engine now supports a default maximum reservation of 250GB per project for all customers. Previously this was at 100GB. You can still request additional BI Engine reservations for your projects here. This is being rolled out in the Google Cloud Console over the next few days to all customers. Alternatively, all customers can already use DDL statement as follows ALTER BI_CAPACITY `<PROJECT_ID>.region-<REGION>.default` SET OPTIONS(size_gb = 250); Don’t miss our first ever Google Cloud Sustainability Summit on June 28, 2022. Learn how business and technology leaders are building for the future, and get insights to help you enact sustainable change within your organization. At this digital event, you’ll have a chance to explore the latest tools and best practices that can help you solve your most complex challenges. And you’ll be among the first to find out about product updates across Google Cloud, Earth Engine, and Google Workspace. Register today for this no-cost, solution-packed event. On June 14, 2022, we are unveiling the winners of this year’s Google Cloud Customer Awards.We received an unprecedented number of entries and every participant can be proud of what their organization is achieving in the cloud today. The second annual Google Cloud Customer Awards celebrates organizations around the world who have continued to flex and adapt to new demands, while turning new ideas into interesting realities. Check out the results (blog post). The Cloud Digital Leader track is now part of the Google Cloud career readiness program, available for eligible faculty preparing their students for a cloud-first workforce. Students will build cloud literacy and learn the value of Google Cloud in driving digital transformation while also preparing for the Cloud Digital Leader certification exam. Learn more. Week of June 6 - June 10, 2022 Artifact Registry - Audit logs for Maven, npm, and Python repositories are now available in Cloud Logging. Documentation Cloud Deploy New Region - Cloud Deploy is now available in the australia-southeast1 (Syndey) region. Release Notes Cloud Deploy Terraform provider support. Cloud Deploy declarative resources, Delivery Pipeline and Target, are now available via the Google Cloud Deploy Terraform Provider. Documentation Anthos on VMware user cluster lifecycle from the Google Cloud Console is in GA now! You will now be able to create, delete, update, and see Anthos on VMware user clusters from the Google Cloud Console. To learn more about the feature, check out the Anthosdocumentation. Granular instance sizing for Cloud Spanner is now generally available. Get started for as low as $40 per month and take advantage of 99.999% availability and scale as needed without downtime. With granular instance sizing, at a much lower cost you can still get all of the Spanner benefits like transparent replication across zones and regions, high-availability, resilience to different types of failures, and the ability to scale up and down as needed without any downtime. Learn more. Week of May 30 - June 3, 2022 Did you notice the new “Protect” tab in Google Kubernetes Engine? Protect for GKE automatically scans, identifies and suggests fixes for workload configuration risks by comparing your running workload config against industry best practices like the Kubernetes Pod Security Standards. (docs) Google Cloud just made it easier to compare the cost of modernization options. Want to look at Lift & Shift vs. Containerization options? The latest version of our fit assessment now includes cost guidance. [Release Notes] Google Cloud makes data warehouse migrations even easier with automated SQL translation as part of the BigQuery Migration Service. (blog post) Google Cloud simplifies customer verification and benefits processing with Document AI for Identity cards now generally available. Automate identity verification and fraud detection workflows by extracting information from identity cards with a high degree of accuracy. (blog post, landing page) Google Cloud Deploy support for Skaffold version 1.37.1 has been updated to version 1.37.2, which is now the default Skaffold version. (Skaffold Docs) Week of May 23 - May 27, 2022 Business Messages announces expansion of its partner ecosystem to includeTwilio, Genesys, and Avaya - each widely recognized global platforms for customer care and communications. Read how they help businesses implement both AI Bot and Live Agent chat solutions to stay open for conversations and advance customers through the purchase funnel. And be sure to check out the new Business Messages partner directory! Learn how to set up metrics and alerts to monitor errors in Cloud SQL for SQL Server error log using Google Cloud’s Operation Suite with this blog post. Artifact Registry now supports new repository types. Apt and Yum repositories are now generally available. Release Notes Artifact Registry now is available in more regions. Artifact Registry is now available in the following regions - europe-west9 (Paris, France), europe-southwest1 (Madrid, Spain), and us-east5 Columbus, United States). Release Notes Change streams for Cloud Spanner is now generally available.With change streams, Spanner users are now able to track and stream out changes (inserts, updates, and deletes) from their Cloud Spanner database in near real-time. Learn more. Week of May 16 - May 20, 2022 Machine learning is among the most exciting, fastest-moving technology disciplines. Join us June 9th for Google Cloud Applied ML Summit, a digital event that brings together some of the world’s leading ML and data science professionals to explore the latest cutting-edge AI tools for developing, deploying, and managing ML models at scale. Join us virtually on June 2nd at the Google Cloud Startup Summit where you’ll hear the latest announcements about how we’re investing in and supporting the startup ecosystem. You'll also learn from technology experts about streamlining your app development and creating better user experiences, and get insights from innovative venture capitalists and founders to help your startup grow. This event is headlined by our keynote with Google Cloud CEO Thomas Kurian and Dapper Labs Co-Founder and CEO Roham Gharegozlou as they discuss the paradigm changes being brought by web3 and how startups can prepare for this shift. Google Cloud Managed Service for Prometheus introduced a new high-usage pricing tierto bring more value for Kubernetes users who want to move all of their metrics operations to the service, and dropped the pricing for existing tiers by 25 percent. Hear from the SRE team at Maisons du Monde detail their journey from building open source Prometheus to deciding that Managed Service for Prometheus was the best fit for their organization. Google Cloud has launched Autonomic Security Operations (ASO) for the U.S. public sector, a solution to modernize threat management, in line with the objectives of the White House Executive Order 14028 and Office of Management and Budget M-21-31. ASO is a transformational approach to security operations, powered by our Chronicle and Siemplify, to comprehensively detect and respond to cyber telemetry across an agency while meeting the Event Logging Tier requirements of the EO. Week of May 9 - May 13, 2022 We just published a blog post announcing the latest Google Cloud’s STAC-M3™ benchmark results. Following up on our 2018 STAC-M3 benchmark audit, a redesigned Google Cloud architecture achieved significant improvements: Up to 18x faster, Up to 9x higher throughput, and New record in STAC-M3.ß1.1T.YRHIBID-2.TIME. We also published a whitepaper on how we designed and optimized the cluster for API-driven cloud resources. Security Command Center (SCC) released new finding types that alert customers when SCC is either misconfigured or configured in a way that prevents it from operating as expected. These findings provide remediation steps to return SCC to an operational state. Learn more and see examples. Week of May 2 - May 6, 2022 The Google Cloud Future of Data whitepaper explores why the future of data will involve three key themes: unified, flexible, and accessible. Learn about BigQuery BI Engine and how to analyze large and complex datasets interactively with sub-second query response time and high concurrency. Now generally available. Announcing the launch of the second series of the Google Cloud Technical Guides for Startups, a video series for technical enablement aimed at helping startups to start, build and grow their businesses. Solving for food waste with data analytics in Google Cloud. Explore why it is so necessary as a retailer to bring your data to the cloud to apply analytics to minimize food waste. Mosquitoes get the swat with new Mosquito Forecast built by OFF! Insect Repellents and Google Cloud. Read how SC Johnson built an app that predicts mosquito outbreaks in your area. As part of Anthos release 1.11, Anthos Clusters on Azure and Anthos Clusters on AWS now support Kubernetes versions 1.22.8-gke.200 and 1.21.11-gke.100. As a preview feature, you can now choose Windows as your node pool image type when you create node pools with Kubernetes version 1.22.8. For more information, check out the Anthos multi cloud website. Week of April 25 - April 29, 2022 We're excited to announce the general availability of Media CDN — a content and media distribution platform with unparalleled scale. New Google Cloud research shows shoppers are paying closer attention to the values of consumer goods brands and care more about eco-friendly products. Meditech’s cloud EHR gives clinicians time back with patients helping them make better decisions and diagnoses. Cloud is supercharging 5G development, transforming every industry along the way. How 5G and Cloud will change every industry, including yours. Google’s Area 120 incubator shares 5 lessons on sustaining innovation at scale. Introducing SWIFT on Google Cloud - modernize your payments by bringing it to the cloud. Advance your technical skills and boost your career by getting hands-on practice with Google Cloud projects. Discover how the Google Workspace Administrator role has evolved and why certification training is vital for this in-demand position. Week of April 18 - April 22, 2022 Announcing the Climate Innovation Challenge—grants to provide scientists with Google Cloud research credits, so they can better address our urgent climate challenge. Read more. Our first-ever Google Workspace Summit: Get the latest on the keynote, breakout sessions, and product innovations for our first-ever Google Workspace Summit on May 4, 2022. Here are 9 sessions you don't want to miss. Climate scientists rely on cloud-based tools like Google Earth Engine to detect changes, map trends, and quantify differences on the Earth's surface. Read how Natural Resources Canada uses Google Earth Engine. Urban Outfitter’s rental business, Nuuly, shows how being cloud-first also means being sustainability-first, with the agility and insights going green requires. Read how technology is weaving sustainability into the future of retail at Nuuly. Clean energy projects begin to power Google data centers. Read about investments Google has made toward clean energy projects to power and protect our global data centers are coming online around the world. The Cloud Engineer Learning Path is an effective way to prepare for the Associate Cloud Engineer certification and launch your new cloud career. Here's how to prepare for Google’s Associate Cloud Engineer exam. Week of April 11 - April 15, 2022 Machine learning company Moloco uses Cloud Bigtable to process 5+ million ad bid requests per second. Learn how Moloco uses Bigtable to keep up in a speedy market and process ad requests at unmatched speed and scale. Data Cloud Summit ‘22 recap blog on April 12: Didn’t get a chance to watch the Google Data Cloud Summit this year? Check out our recap to learn the top five takeaways - learn more about product announcements, customer speakers, partners, product demos and check out more resources on your favorite topics. The new Professional Cloud Database Engineer certification in beta is here. By participating in this beta, you will directly influence and enhance the learning and career path for Cloud Database Engineers globally. Learn more and sign up today. Learn how to use Kubernetes Jobs and cost-optimized Spot VMs to run and manage fault-tolerant AI/ML batch workloads on Google Kubernetes Engine. Expanding Eventarc presence to 4 new regions — asia-south2, australia-southeast2, northamerica-northeast2, southamerica-west1. You can now create Eventarc resources in 30 regions. The Broad Institute of MIT and Harvard speeds scientific research with Cloud SQL. One of our customers, the Broad Institute, shares how they used Cloud SQL to accelerate scientific research. In this customer story, you will learn how the Broad Institute was able to get Google’s database services up and running quickly and lower their operational burden by using Cloud SQL. Week of April 4 - April 8, 2022 Join us at the Google Data Cloud Summit on Wednesday, April 6, at 9 AM PDT. Learn how Google Cloud technologies across AI, machine learning, analytics, and databases have helped organizations such as Exabeam, Deutsche Bank, and PayPal to break down silos, increase agility, derive more value from data, and innovate faster. Register today for this no cost digital event. Announcing the first Data Partner Spotlight, on May 11th We saved you a seat at the table to learn about the Data Cloud Partners in the Google Cloud ecosystem. We will spotlight technology partners, and deep dive into their solutions, so business leaders can make smarter decisions, and solve complex data challenges with Google Cloud. Register today for this digital event Introducing Vertex AI Model Registry, a central repository to manage and govern the lifecycle of your ML models. Designed to work with any type of model and deployment target, including BigQuery ML, Vertex AI Model Registry makes it easy to manage and deploy models. Learn more about Google’s unified data and AI offering. Vertex AI Workbench is now GA, bringing together Google Cloud’s data and ML systems into a single interface so that teams have a common toolset across data analytics, data science, and machine learning. With native integrations across BigQuery, Spark, Dataproc, and Dataplex data scientists can build, train and deploy ML models 5X faster than traditional notebooks. Don’t miss this ‘How to’ session from the Data Cloud Summit. Week of Mar 28 - April 1, 2022 Learn how Google Cloud’s network and Network Connectivity Center can transform the private wires used for voice trading. Anthos bare metal 1.11 minor release is available now. Containerd is the default runtime in Anthos clusters on bare metal in this release. Examples of the feature enhancements are as below: Upgraded Anthos clusters on bare metal to use Kubernetes version 1.22; AddedEgress Network Address Translation (NAT) gateway capability to provide persistent, deterministic routing for egress traffic from clusters Enabled IPv4/IPv6 dual-stack support Additional enhancements in the release can be found in the the release note here Week of Mar 21 - Mar 25, 2022 Eventarc adds support for Firebase Alerts. Now you can create Eventarc triggers to send Firebase Alerts events to your favorite destinations that Eventarc supports. Google Cloud’s Behnaz Kibria reflects on a recent fireside chat that she moderated with Google Cloud’s Phil Moyer and former SEC Commissioner, Troy Paredes at FIA Boca. The discussion focused on the future of markets and policy, the new technologies that are already paving the way for greater speed and transparency, and what it will take to ensure greater resiliency, performance and security over the longer term. Read the blog. Now you can control how your alerts handle missing data from telemetry data streams using Alert Policies in the Cloud Console or via API. In cloud ecosystems there are millions of data sources, and often, there are pauses or breaks in their telemetry data streams. Configure how this missing data influences your open incidents: Option 1: Missing data is treated as “above the threshold”- and your incidents will stay open. Option 2: missing data is evaluated as “below the threshold” and the incident will close after your retest window period. Week of Mar 14 - Mar 18, 2022 Natural language processing is a critical AI tool for understanding unstructured, often technical healthcare information, like clinical notes and lab reports. See how leading healthcare organizations are exploring NLP to unlock hidden value in their data. A handheld lab: Read how Cue Health is revolutionizing healthcare diagnostics for COVID-19 and beyond—all from the comfort of home. Providing reliable technical support for an increasingly distributed, hybrid workforce is becoming all the more crucial, and challenging. Cloud Customer Care has added a range of new offerings and features for businesses of all sizes to help you find the Google Cloud technical support services that are best for your needs and budget. #GoogleforGames Dev Summit is NOW LIVE. Watch the keynote followed by over 20 product sessions on-demand to help you build high quality games and reach audiences around the world. Watch → g.co/gamedevsummit Meeting (and ideally, exceeding) consumer expectations today is often a heavy lift for many companies—especially those running modern apps on legacy, on-premises databases. Read how Google Cloud database services provide you the best options for industry-leading reliability, global scale & open standards, enabling you to make your next big idea a reality. Read this blog. Week of Mar 7 - Mar 11, 2022 Learn how Google Cloud Partner Advantage partners help customers solve real-world business challenges in retail and ecommerce through data insights. On a mission to accelerate the world's adoption of a modern approach to threat management through Autonomic Security Operations, our latest update expands our ASO technology stack with Siemplify, offers a solution to the latest White House Executive Order 14028, introduces a community-based security analytics repository, and announces key R&D initiatives that we’re investing in to bolster threat-informed defenses worldwide. Read more here! Account defender, available today in public preview, is a feature in reCAPTCHA Enterprise that takes behavioral detection a step further. It analyzes the patterns of behavior for an individual account, in addition to the patterns of behavior of all user accounts associated with your website. Read more here. Maximize your Cloud Spanner savings with new committed use discounts. Get up to 40% discount on Spanner compute capacity by purchasing committed use discounts. Once you make a commitment to spend a certain amount on an hourly basis on Spanner from a billing account, you can get discounts on instances in different instance configurations, regions, and projects associated with that billing account. This flexibility helps you achieve a high utilization rate of your commitment across regions and projects without manual intervention, saving you time and money. Learn more. Introducing Community Security Analytics, an open-source repository of queries for self-service security analytics. Get started analyzing your own Google Cloud logs with BigQuery or Chronicle to detect potential threats to your workloads, and to audit usage of your data. Learn more. In many places across the globe, March is celebrated as Women’s History Month, and March 8th, specifically, marks the day known around the world as International Women’s Day. Google Cloud, in partnership with Women Techmakers, has created an opportunity to bridge the gaps in the credentialing space by offering a certification journey for Ambassadors of the Women Techmakers community. Learn more. Learn how to accelerate vendor due diligence on Google Cloud by leveraging third party risk management providers. Hybrid work should not derail DEI efforts. If you’re moving to a hybrid work model, here’s how to make diversity, equity and inclusion central to it. Learn how Cloud Data Fusion provides scalable data integration pipelines to help consolidate a customer’s SAP and non-SAP datasets within BigQuery. Hong Kong–based startup TecPal builds and manages smart hardware and software for household appliances all over the world using Google Cloud. Find out how. Eventarc adds support for Firebase Remote Config and Test Lab in preview. Now you can create Eventarc triggers to send Firebase Remote Config or Firebase Test Lab events to your favorite destinations that Eventarc supports. Anthos Service Mesh Dashboard is now available (public preview) on the Anthos clusters on Bare Metaland Anthos clusters on VMware . Customers can now get out-of-the-box telemetry dashboards to see a services-first view of their application on the Cloud Console. Micro Focus Enterprise Server Google Cloud blueprint performs an automated deployment of Enterprise Server inside a new VPC or existing VPC. Learn more. Learn how to wire your application logs with more information without adding a single line of code and get more insights with the new version of the Java library. Pacemaker Alerts in Google Cloudcluster alerting enables the system administrator to be notified about critical events of the enterprise workloads in GCP like the SAP solutions. Week of Feb 28 - Mar 4, 2022 Announcing the Data Cloud Summit, April 6th!—Ready to dive deep into data? Join us at the Google Data Cloud Summit on Wednesday, April 6, at 9 AM PDT. This three-hour digital event is packed with content and experiences designed to help you unlock innovation in your organization. Learn how Google Cloud technologies across AI, machine learning, analytics, and databases have helped organizations such as Exabeam, Deutsche Bank, and PayPal to break down silos, increase agility, derive more value from data, and innovate faster. Register today for this no cost digital event. Read about how Google Cloud addresses concerns about how its customers might be impacted by the invasion of Ukraine. Eventarc is now HIPAA compliant— Eventarc is covered under the Google Cloud Business Associate Agreement (BAA), meaning it has achieved HIPAA compliance. Healthcare and life sciences organizations can now use Eventarc to send events that require HIPAA compliance Eventarc trigger for Workflows is now available in Preview. You can now select Workflows as a destination to events originating from any supported event provider Error Reporting automatically captures exceptions found in logs ingested by Cloud Logging from the following languages: Go, Java, Node.js, PHP, Python, Ruby, and .NET, aggregates them, and then notifies you of their existence. Learn moreabout how USAA partnered with Google Cloud to transform their operations by leveraging AI to drive efficiency in vehicle insurance claims estimation. Learn how Google Cloud and NetApp’s ability to “burst to cloud”, seamlessly spinning up compute and storage on demand accelerates EDA design testing. Google Cloud CISO Phil Venables shares his thoughts on the latest security updates from the Google Cybersecurity Action Team. Google Cloud Easy as Pie Hackathon, the results are in. VPC Flow Logs Org Policy Constraints allow users to enforce VPC Flow Logs enablement across their organization, and impose minimum and maximum sampling rates. VPC Flow Logs are used to understand network traffic for troubleshooting, optimization and compliance purposes. Google Cloud Managed Service for Prometheus is now Generally Available. Get all of the benefits of open source-compatible monitoring with the ease of use of Google-scale managed services. Google Cloud Deploy now supports Anthos clusters bringing opinionated, fully managed continuous delivery for hybrid and multicloud workloads. Cloud Deploy provides integrated best practices, security, and metrics from a centralized control plane. Learn Google Workspace’s vision for frontline workers and how our Frontline solution innovations can bridge collaboration and productivity across workforce in-office and reAnthos ASM dashboard Anthos clusters on Bare Metal support on the Week of Feb 21 - Feb 25, 2022 Read how Paerpay promotes bigger tabs and faster, more pleasant transactions with Google Cloud and the Google for Startups Cloud Program. Learn about the advancements we’ve released for our Google Cloud Marketplace customers and partners in the last few months. BBVA collaborated with Google Cloud to create one of the most successful Google Cloud training programs for employees to date. Read how they did it. Google for Games Developer Summit returns March 15 at 9AM PT! Learn about our latest games solutions and product innovations. It’s online and open to all. Check out the full agenda g.co/gamedevsummit Build a data mesh on Google Cloud with Dataplex (now GA ). Read how Dataplex enables customers to centrally manage, monitor, and govern distributed data, and makes it securely accessible to a variety of analytics and data science tools here While understanding what is happening now has great business value, forward-thinking companies like Tyson Foods are taking things a step further, using real-time analytics integrated with artificial intelligence (AI) and business intelligence (BI) to answer the question, “what might happen in the future?” Join us for the first Google Cloud Security Talks of 2022, happening on March 9th. Modernizing SecOps is a top priority for so many organizations. Register to attend and learn how you can enhance your approach to threat detection, investigation and response! Google Cloud introduces their Data Hero series with a profile on Lynn Langit, a data cloud architect, educator, and developer on GCP. Building ML solutions? Check out these guidelines for ensuring quality in each process of the MLOps lifecycle. Eventarc is now Payment Card Industry Data Security Standard (PCI DSS)-compliant. Week of Feb 14 - Feb 18, 2022 The Google Cloud Retail Digital Pulse-Asia Pacific is an ongoing annual assessment carried out in partnership with IDC Retail Insights to understand the maturity of retail digital transformation in the Asia Pacific Region. The study covers 1304 retailers across eight markets & sub-segments to investigate their digital maturity across five dimensions - strategy, people, data , technology and process to arrive at a 4-stage Digital Pulse Index, with 4 being the most mature. It provides great insights in various stages of digital maturity of asian retailers, their drivers for digitisation, challenges, innovation hotspots and the focus areas with respect to use cases and technologies. Deploying Cloud Memorystore for Redis for any scale: Learn how you can scale Cloud Memorystore for high volume use cases by leveraging client-side sharding. This blog provides a step by step walkthrough which demonstrates how you can adapt your existing application to scale to the highest levels with the help of the Envoy Proxy. Learn more. Check out how six SAP customers are driving value with BigQuery. This Black History Month, we're highlighting Black-led startups using Google Cloud to grow their businesses. Check out how DOSS and its co-founder, Bobby Bryant, disrupts the real estate industry with voice search tech and analytics on Google Cloud. Vimeo leverages managed database services from Google Cloud to serve up billions of views around the world each day. Read how it uses Cloud Spanner to deliver a consistent and reliable experience to its users no matter where they are. How can serverless best be leveraged? Can cloud credits be maximized? Are all managed services equal? We dive into top questions for startups. Google introduces Sustainability value pillar in GCP Active Assist solution to accelerate our industry leadership in Co2 reduction and environmental protection efforts. Intelligent carbon footprint reduction tool is launched in preview. Event Monitoring with Explanations on the Google Cloud. We describe a new production machine learning solution to monitor events in IT and industrial operations and explain their symptoms. This solution is used for a variety of industrial applications including proactively monitoring IT operations infrastructure, monitor events in the Industrial Internet of Things (IoT) connected devices, and predictive monitoring to any IT operations management component such as hyperconverged, Clouds, virtual infrastructure, applications, networks and microservices. Read more. Traffic Director client authorization for proxyless gRPC services is now generally available. Combine with managed mTLS credentials in GKE to centrally manage access between workloads using Traffic Director. Read more. Cloud Functions (2nd gen) is now in public preview. The next generation of our Cloud Functions Functions-as-a-Service platform gives you more features, control, performance, scalability and events sources. Learn more. Central States health insurance CIO Pat Moroney shares highs and lows from his career transforming IT. Read more Week of Feb 7 - Feb 11, 2022 Now announcing the general availability of the newest instance series in our Compute Optimized family, C2D—powered by 3rd Gen AMD EPYC processors. Read how C2D provides larger instance types, and memory per core configurations ideal for customers with performance-intensive workloads. Learn more. Digital health startup expands its impact on healthcare equity and diversity with Google Cloud Platform and the Google for Startups Accelerator for Black Founders. Rear more. Storage Transfer Service support for agent pools is now generally available (GA) . You can use agent pools to create isolated groups of agents as a source or sink entity in a transfer job. This enables you to transfer data from multiple data centers and filesystems concurrently, without creating multiple projects for a large transfer spanning multiple filesystems and data centers. This option is available via API, Console, and gcloud transfer CLI. The five trends driving healthcare and life sciences in 2022 will be powered by accessible data, AI, and partnerships. Learn how COLOPL, Minna Bank and 7-Eleven Japan use Cloud Spanner to solve their scalability, performance and digital transformation challenges. Week of Jan 31 - Feb 4, 2022 Google Workspace is making it easy for employees to bring modern collaboration to work, even if their organizations are still using legacy tools. Essentials Starter is a no-cost offer designed to help people bring the apps they know and love to use in their personal lives to their work life. Learn more. We’re now offering 30 days free access to role-based Google Cloud training with interactive labs and opportunities to earn skill badges to demonstrate your cloud knowledge. Learn more. Security Command Center (SCC) Premium adds support for additional compliance benchmarks, including CIS Google Cloud Computing Foundations 1.2 and OWASP Top 10 2017 & 2021. Learn more about how SCC helps manage and improve your cloud security posture. Storage Transfer Service now offers Preview support transfers from self-managed object storage systems via user-managed agents. With this new feature, customers can seamlessly copy PBs of data from cloud or on-premise object storage to Google Cloud Storage. Object Storage sources must be compatible with Amazon S3 APIs. For customers migrating from AWS S3 to GCS, this feature gives an option to control network routes to Google Cloud. Fill this signup form to access this STS feature. Pub/Sub Lite goes regional. Pub/Sub Lite is a high-volume messaging service with ultra-low cost that now offers regional Lite topics, in addition to existing zonal Lite topics. Unlike zonal topics which are located in a single zone, regional topics are asynchronously replicated across two zones. Multi-zone replication protects from zonal failures in the service. Read about it here. Week of Jan 24-Jan 28, 2022 Storage Transfer Service now offers Preview support for moving data between two filesystems and keeping them in sync on a periodic schedule. This launch offers a managed way to migrate from a self-managed filesystem to Filestore. If you have on-premises systems generating massive amounts of data that needs to be processed in Google Cloud, you can now use Storage Transfer Service to accelerate data transfer from an on-prem filesystem to a cloud filesystem. See Transfer data between POSIX file systems for details. Storage Transfer Service now offers Preview support for preserving POSIX attributes and symlinks when transferring to, from, and between POSIX filesystems. Attributes include the user ID of the owner, the group ID of the owning group, the mode or permissions, the modification time, and the size of the file. See Metadata preservation for details. Learn how Sabre leveraged a 10-year partnership with Google Cloud to power the travel industry with innovative technology. As Sabre embarked on a cloud transformation, it sought managed database services from Google Cloud that enabled low latency and improved consistency. Sabre discovered how the strengths of both Cloud Spanner and Bigtable supported unique use cases and led to high performance solutions. Bigtable Autoscaling is Generally Available (GA): Bigtable Autoscaling automatically adds or removes capacity in response to the changing demand for your applications. With autoscaling, you only pay for what you need and you can spend more time on your business instead of managing infrastructure. Learn more. Week of Jan 17-Jan 21, 2022 Sprinklr and Google Cloud join forces to help enterprises reimagine their customer experience management strategies. Hear more from Nirav Sheth, Nirav Sheth, Director of ISV/Marketplace & Partner Sales. Firestore Key Visualizer is Generally Available (GA): Firestore Key Visualizer is an interactive, performance monitoring tool that helps customers observe and maximize Firestore’s performance. Learn more. Like many organizations, Wayfair faced the challenge of deciding which cloud databases they should migrate to in order to modernize their business and operations. Ultimately, they chose Cloud SQL and Cloud Spanner because of the databases’ clear path for shifting workloads as well as the flexibility they both provide. Learn how Wayfair was able to migrate quickly while still being able to serve production traffic at scale. Week of Jan 10-Jan 14, 2022 Start your 2022 New Year’s resolutions by learning at no cost how to use Google Cloud. Read more to find how to take advantage of these training opportunities. 8 megatrends drive cloud adoption—and improve security for all. Google Cloud CISO Phil Venables explains the eight major megatrends powering cloud adoption, and why they’ll continue to make the cloud more secure than on-prem for the foreseeable future. Week of Jan 3-Jan 7, 2022 Google Transfer Appliance announces General Availability of online mode. Customers collecting data at edge locations (e.g. cameras, cars, sensors) can offload to Transfer Appliance and stream that data to a Cloud Storage bucket. Online mode can be toggled to send the data to Cloud Storage over the network, or offline by shipping the appliance. Customers can monitor their online transfers for appliances from Cloud Console.

Contact centers today handle all types of sensitive information including Personally Identifiable Information (PII), Protected Health Information (PHI), Payment Card Industry (PCI) data, and other confidential information (CI) as part of their day-to-day operations. This information can make its way into call recordings, call logs, agent notes, and application logs. It may also be used directly by Conversational AI platforms like Google Dialogflow CX to route inbound calls and chats, or to automatically service transactions. Such data must be secured and, in most cases, redacted before storage in logs to protect customers and employees. Personal Identifiable Information (PII) is data that can be used to directly or indirectly identify a user. Users may be identified through partial combinations of their personal and transactional information, particularly with their names, dates of birth, phone numbers, addresses, postal codes, social security numbers, social insurance numbers, and also through specific / obscure information like their educational history, etc. Depending on the context, as a caller (or chatbot user) converses with a Virtual Agent built on Dialogflow CX, the user and the Virtual Agent may need to supply PII and other sensitive information to service the interaction. Such information is typically introduced in several points of the Dialogflow CX conversation architecture: as Intent or Form Parameters extracted from end users during the conversation, as Session Parameters set by upstream systems calling the Dialogflow CX API, set by Webhooks, or as part of the design of a route, event handler, or form reprompt as payload data supplied by Webhooks interacting with downstream services Ideally, sensitive information should be identified and redacted at source so that it does not propagate into downstream logs, data warehouses, data lakes, analytics, or reporting systems. Below, we describe an approach to redaction used in production by large enterprises deploying Google Contact Center AI (CCAI). Redacting Intent and Form Parameters For Intent or Form Parameters, redaction is built-in. Simply select the checkbox “Redact in logs” in the Parameter section within the Intent or Page Parameter settings of the console. Redacting Session Parameters, Webhook data, and Response Messages For Session Parameters, Webhook data, and other data logged by Dialogflow CX, including Fulfillment Response Messages, the approach to redact such information relies on Cloud Data Loss Prevention (DLP) inspection templates. Session Parameters are often used to personalize the conversation with user data from an upstream system. For example, an upstream contact center platform may fetch the user’s profile from a CRM, and pass in the first name, demographic data, and market segment information into Dialogflow CX. A conversation designer may then tailor the Flow design by changing Intent training phrases, Entity synonyms, and responses (e.g. different durations, volume, pitch, or rate of speech) to fit the user’s unique requirements. Similarly, Webhook data is important in conversation design because it enables rich, dynamic responses to the user supported by backend systems. For example, let’s say a customer is moving to a new apartment, so your Dialogflow CX Virtual Agent asks the user to say their new street address. A Webhook would be used to validate the captured address against an external service like the Google Maps Places API, which may also autocomplete the city, state / province, zip / postal code, and country fields. It’s risky if we capture the wrong address, so the Virtual Agent says full address back to the end user for confirmation. In both examples above, PII data is stored as one or more Session Parameters and Webhook payloads. Additionally, the Response Messages played back to the user are logged. If we don’t take action to identify and redact this data, it will make its way into Google Cloud Logging (formerly Stackdriver) and any listeners subscribing to the log stream. Below, we demonstrate how we can configure security settings in Dialogflow CX to use a Cloud Data Loss Prevention Inspection Template to redact sensitive information before it gets into downstream logging systems (i.e. redaction at source). This ensures sensitive information will be unavailable downstream while still allowing the information to be used in the design of the Virtual Agent. Key Components Data Loss Prevention (DLP) Inspection Templates Our solution uses Google Cloud Data Loss Prevention (DLP), which is a service that can identify, mask, obfuscate, de-identify, transform, or tokenize sensitive information in text using NLP- and rules-based methods. To leverage DLP to redact all log data from Dialogflow CX at source, we create configurations (also known as Inspection Templates) that can identify and transform unstructured text information in a document. In our case, the documents are the log messages that contain the Session Parameters, Webhook data, Fulfillment Response Messages and any other interaction data. To identify PII, PCI, PHI, or CI, we can set the configuration to use a pre-trained machine learning model (i.e. built-in infoTypes) or a custom string search (i.e. word lists or regex). Speech Synthesis Markup Language (SSML) Our solution uses Speech Synthesis Markup Language (SSML). A brief explanation of SSML is included in the paragraph below: When working with Text-to-Speech (TTS) systems, it is difficult to know how the system will say the final utterance to a user. This is where SSML is useful. SSML is a WC3 standard that uses XML tags to describe, at various points, how the TTS system must say the phrase. You can change the pitch, pronunciation, speaking rate, and volume among many other properties. For example, if you have a phone number and it is written as “555-6666” then you likely would like it said as “five five five six six six six” instead of “five hundred and fifty five minus six thousand six hundred and sixty six”. You can give these precise instructions to the TTS system adding the following SSML: <say-as interpret-as="telephone">555-6666</say-as> Contact Center AI (CCAI) Security Settings CCAI Security Settings allows you to apply a DLP Inspection Template between Dialogflow CX and Google Cloud Logging. The DLP system can then find and redact the sensitive information before being published to Stackdriver. Solution The required security settings can be applied in various ways such as through the Google Cloud Console, using Google Cloud API’s, and using Terraform. Below, we outline two approaches: 1) using the Google Cloud Console and 2) using Terraform. Important Considerations The first seemingly obvious, but flawed solution is to use DLP or a similar system to redact sensitive information in the first downstream system that consumes the Dialogflow CX log messages. Perhaps there is a log sink flowing to a Cloud Storage bucket, BigQuery table, Pub/Sub topic, or other destination (e.g. Splunk) where such redaction will occur before any other consumers will have access to the data. In practice, data in Cloud Logging is easily viewable and propagates to other monitoring applications, this increases the surface area for unintentional or intentional privacy breaches by both internal and external parties. As such, please consider this an anti-pattern. Another important note is that the solution we select should still enable sensitive information, including PII data, to be usable in responses to the end user and should remain compatible with SSML. Instructions - Google Cloud Console Now that we understand the requirements and all the components involved, the first step is to return all Session Parameter and Webhook data that is to be redacted with the SSML mark tag shown below. This is configured at the webhook level. <mark name="redact-start"/>123 Main Street<mark name="redact-end"/> This SSML tag is selected because it is a reserved tag in the SSML WC3 specifications which will not affect speech output by TTS systems. This ensures the data can be used in Response Messages by the Dialogflow CX Agent. Note that the “name” attribute can be anything and should match your convention. Next, define a string pattern in a DLP inspection template as an infoType that will search for these tags. Below is the configuration with the search tag of “<mark name="redact-start"/>.*<mark name="redact-end"/>”. Next, we define a DLP Inspection Template and reference the custom infoType. Shown below is the Inspection Template: 1. Create DLP Template 2. Define the Template ID and location 3. Configure the detection by selecting the “Manage InfoTypes” 4. Create Security Settings inside of CCAI by going to https://ccai.cloud.google.com. Reference the DLP Inspection Template from the previous step and select the redaction strategy. 5. Use the Security Settings inside of your Dialogflow CX Agent Instructions - Terraform Terraform is an open source tool that enables provisioning of Google Cloud resources with declarative configuration files. Terraform's infrastructure-as-code (IaC) approach is a DevOps best practice for change management. Complex relationships between cloud services can be defined in config files, checked into source control, and can support teams in identifying and correcting for drift relative to ideal provisioning states for production and lower environments. The above instructions can be applied using Terraform by creating a restapi_object resource. The restapi_object Terraform resource will create the DLP Template and apply it to the Dialogflow CX Agent. The below assumes that the Google Cloud provider has already been correctly configured. First we create the DLP inspection template: code_block [StructValue([(u'code', u'resource "google_data_loss_prevention_inspect_template" "dialogflow-cx-inspection-regex" {\r\n provider = google.global\r\n parent = "projects/${var.project_id}/locations/${var.your_agent_location}"\r\n description = "Redacts data coming from webhooks to dialogflow cx"\r\n display_name = "dialogflow-cx-inspection-regex"\r\n inspect_config {\r\n custom_info_types {\r\n info_type {\r\n name = "DIALOGFLOW_CX_INSPECTION_REGEX"\r\n }\r\n likelihood = "VERY_UNLIKELY"\r\n regex {\r\n pattern = "<mark name=\\"dfc-redact-start\\"\\\\/>.*<mark name=\\"dfc-redact-end\\"\\\\/>"\r\n }\r\n }\r\n min_likelihood = "VERY_UNLIKELY"\r\n content_options = ["CONTENT_TEXT"]\r\n }\r\n}'), (u'language', u''), (u'caption', <wagtail.wagtailcore.rich_text.RichText object at 0x3e584a136e10>)])] Next, we must create the Dialogflow CX security settings. As of writing, there is no Terraform resource for this purpose, so we use a more general approach with a restapi_object which will create it for us. We declare the provider along with the resource configuration. code_block [StructValue([(u'code', u'required_providers {\r\n restapi = {\r\n source = "fmontezuma/restapi"\r\n version = "1.14.1"\r\n }\r\n }\r\n}\r\n\r\nprovider "restapi" {\r\n alias = "security-settings"\r\n uri = "https://northamerica-northeast1-dialogflow.googleapis.com/v3/"\r\n id_attribute = "name"\r\n write_returns_object = true\r\n headers = {\r\n Authorization = "Bearer ${var.google_rest_access_token}"\r\n }\r\n}'), (u'language', u''), (u'caption', <wagtail.wagtailcore.rich_text.RichText object at 0x3e583b671dd0>)])] Then we create the resource: code_block [StructValue([(u'code', u'resource "restapi_object" "dialogflow-cx-security-settings" {\r\n provider = restapi.security-settings\r\n path = "" # Can be left blank, as the following will be substituted /projects/${var.project_id}/locations/${var.your_agent_location}/securitySettings/<security settings ID>"\r\n create_path = "/projects/${var.project_id}/locations/${var.your_agent_location}/securitySettings"\r\n data = jsonencode({\r\n displayName = "dialogflow-cx-parameters-security"\r\n redactionStrategy = "REDACT_WITH_SERVICE"\r\n redactionScope = "REDACT_DISK_STORAGE"\r\n inspectTemplate = google_data_loss_prevention_inspect_template.dialogflow-cx-inspection-regex.id\r\n purgeDataTypes = "DIALOGFLOW_HISTORY"\r\n })\r\n}'), (u'language', u''), (u'caption', <wagtail.wagtailcore.rich_text.RichText object at 0x3e583b671490>)])] Lastly, we assign the dialogflow-cx-security-settings to the dialogflow-cx agent and reference the security settings from above code_block [StructValue([(u'code', u'resource "google_dialogflow_cx_agent" "my_dialogflow_cx_agent_resource" {\r\n provider = google.your_gcp_provider\r\n project = var.project_id\r\n display_name = "My Agent Name"\r\n location = var.your_agent_location\r\n default_language_code = var.agent_default_language\r\n supported_language_codes = ["en-ca"]\r\n time_zone = "America/New_York"\r\n description = "Your Agent Description"\r\n avatar_uri = "https://cloud.google.com/_static/images/cloud/icons/favicons/onecloud/super_cloud.png"\r\n enable_stackdriver_logging = true\r\n security_settings = restapi_object.dialogflow-cx-security-settings.id\r\n}'), (u'language', u''), (u'caption', <wagtail.wagtailcore.rich_text.RichText object at 0x3e5849f15950>)])] After completing the steps, you will have the following conceptual flow of data: Conclusion In this blog post, we demonstrated how to redact sensitive information via CCAI Security Settings and DLP. Furthermore, we demonstrated how this can be achieved through Google Cloud Console or Terraform. As a Dialogflow CX developer, the above solution makes redaction easy to configure. Remember that before data is applied to a Session Parameter, it should be surrounded by the <mark name=”redact-start”/> and <mark name=”redact-end”/> tags. Conversation designers can still interpolate the parameter as expected without affecting the TTS speech output. Furthermore, sensitive information will be redacted from the logs without losing any of the other log data, including other non-sensitive parts of the conversation responses. Deloitte is a Premier Partner for Contact Center AI This post was written by Deloitte Canada’s Conversational AI practice and Google Cloud. Deloitte is a Premier Partner of Google Cloud and has been recognized as Google Cloud’s Global Services Partner of the Year for four consecutive years (2017-2020), and the Global Industry Solution Partner of the year in 2021. Deloitte is a global leader in Contact Center AI (CCAI) strategy, implementation, and operations, bringing end-to-end expertise in strategy, transformation, architecture, design, software engineering, data science, machine learning, analytics, cloud ops, and security. Deloitte is partnered with Google Cloud to deliver complex transformations of your digital channels and service operations with AI and Natural Language Processing (NLP). Learn More Want to try out DLP for yourself? Try this tutorial. If you are interested in learning more about the above approach or want to discuss Google Contact Center AI, please reach out to the authors at Deloitte Canada or on LinkedIn. Special thanks to Miguel Mendez, Conversational AI Architect, Deloitte for contributing to this post.

We are very excited to announce the general availability of Azure Payment HSM, a BareMetal Infrastructure as a service (IaaS) that enables customers to have native access to payment HSM in the Azure cloud. With Azure Payment HSM, customers can seamlessly migrate PCI workloads to Azure and meet the most stringent security, audit compliance, low latency, and high-performance requirements needed by the Payment Card Industry (PCI). Azure Payment HSM service empowers service providers and financial institutions to accelerate their payment system’s digital transformation strategy and adopt the public cloud. “Payment HSM support in the public cloud is one of the most significant hurdles to overcome in moving payment systems to the public cloud. While there are many different solutions, none can meet the stringent requirements required for a payment system. Microsoft, working with Thales, stepped up to provide a payment HSM solution that could meet the modernization ambitions of ACI Worldwide’s technology platform. It has been a pleasure working with both teams to bring this solution to reality." —Timothy White, Chief Architect, Retail Payments and Cloud Service overview Azure Payment HSM solution is delivered using Thales payShield 10K Payment HSM, which offers single-tenant HSMs and full remote management capabilities. The service is designed to enable total customer control with strict role and data separation between Microsoft and the customer. HSMs are provisioned and connected directly to the customer’s virtual network, and the HSMs are under the customer’s sole administration control. Once allocated, Microsoft’s administrative access is limited to “Operator” mode and full responsibility for configuration and maintenance of the HSM and software falls upon the customer. When the HSM is no longer required and the device is returned to Microsoft, customer data is erased to ensure privacy and security. The solution comes with Thales payShield premium package license and enhanced support Plan, with a direct relationship between the customer and Thales. Figure 1: After HSM is provisioned, HSM device is connected directly to a customer’s virtual network with full remote HSM management capabilities through Thales payShield Manager and TMD. The customer can quickly add more HSM capacity on demand and subscribe to the highest performance level (up to 2500 CPS) for mission-critical payment applications with low latency. The customer can upgrade, or downgrade HSM performance level based on business needs without interruption of HSM production usage. HSMs can be easily provisioned as a pair of devices and configured for high availability. Azure remains committed to helping customers achieve compliance with the Payment Card Industry’s leading compliance certifications. Azure Payment HSM is certified across stringent security and compliance requirements established by the PCI Security Standards Council (PCI SSC) including PCI DSS, PCI 3DS, and PCI PIN. Thales payShield 10K HSMs are certified to FIPS 140-2 Level 3 and PCI HSM v3. Azure Payment HSM customers can significantly reduce their compliance time, efforts, and cost by leveraging the shared responsibility matrix from Azure’s PCI Attestation of Compliance (AOC). Typical use cases Financial institutions and service providers in the payment ecosystem including issuers, service providers, acquirers, processors, and payment networks will benefit from Azure Payment HSM. Azure Payment HSM enables a wide range of use cases, such as payment processing, which allows card and mobile payment authorization and 3D-Secure authentication; payment credential issuing for cards, wearables, and connected devices; securing keys and authentication data and sensitive data protection for point-to-point encryption, security tokenization, and EMV payment tokenization. Get started Azure Payment HSM is available at launch in the following regions: East US, West US, South Central US, Central US, North Europe, and West Europe As Azure Payment HSM is a specialized service, customers should ask their Microsoft account manager and CSA to send the request via email. Learn more about Azure Payment HSM Azure Payment HSM. Azure Payment HSM documentation. Thales payShield 10K. Thales payShield Manager. Thales payShield Trusted Management Device. To download PCI certification reports and shared responsibility matrices: Azure PCI PIN AOC. Azure PCI DSS AOC. Azure PCI 3DS AOC. View the full article

This is the second blog in a series focusing on how telecom operators can leverage public clouds to meet their business demands. In a previous blog, we talked about Amazon Web Services (AWS) and how its services made it possible for telcos to shift towards public clouds. In this blog, you’ll get to know about Google Cloud Platform (GCP) and its role in enabling the telecommunications industry to leverage the cloud’s capabilities. Telcos are evolving each day as per the need of the era, especially with the arrival of 5G. Communication Service Providers (CSPs) rely on traditional network infrastructures and face challenges both in growth and reliability. The question is, how can telcos effectively transform and meet scalability and performance demands? The answer lies in the adoption of digitisation and cloud-native trends. GCP provides an on-demand platform that can scale as requirements grow. It facilitates high service availability to meet disruptions. It also ensures improved performance with enhanced platform awareness capabilities. GCP for Telcos Google Cloud Platform (GCP) is enabling telecom operators and Network Equipment Providers (NEPs) to capitalise 5G and network-centric businesses. Promises of 5G with faster internet speed and lower latencies have increased expectations for users. Therefore, telcos are adopting public clouds to run their applications and services closer to end customers. In the last few years, GCP has engaged with the telecom industry to help accelerate real time data-driven analytics using Artificial Intelligence (AI) and Machine Learning (ML). GCP also offers a variety of services to telcos with a pay-as-you-go billing model. These services include managed containerised microservices, network load balancing, scalability and fault tolerance across multiple zones and regions. The following services support multi-cloud and edge deployments in particular: Google’s Anthos manages containerised workloads. Anthos not only supports multi-cloud deployments but also facilitates the migration of existing workloads to microservices on top of Kubernetes. Google also released Global Mobile Edge Cloud (GMEC), a centralised platform to provide 5G solutions. It was built as a joint venture between telecommunication partners to ease 5G adoption, cloud trends and support edge deployments. GMEC delivers more compute power at edge sites to provide reliability for latency-sensitive applications. Telecommunication companies leveraging GCP’s infrastructure, platform and solutions for their enterprise-grade workloads include Telenor, AT&T and Jio. Figure below represents the microservice reference architecture of 5G components deployed on GCP with ROCKS Ubuntu images. GCP reference architecture for 5G with Rocks Ubuntu Images Telcos can also use GCP’s next-generation platform capabilities in terms of network, storage, and compute. Google Virtual Private Cloud (VPC): ensures network connectivity between cloud resources created on top of Compute Engine virtual machine (VM) instances and Google Kubernetes Engine (GKE) clusters. Telcos are utilising this service for secure and reliable communication over private networks between inter and intra tenants, gaining flexibility and scalability. Andromeda is another service which reduces intra-zone network latency between compute VMs by 40%. Telcos can leverage this Software Defined Networking (SDN) stack for latency-sensitive applications. Google Compute Engine (CE) : Virtual Machine (VM) Instances have different types including compute optimised, network optimised and memory optimised. The type should be selected based on the nature of the workload. For example, 5G core services like the Access and Mobility Management Function (AMF) and Session Management Function (SMF) can leverage general purpose VM instances as they are not latency or throughput-sensitive. The access network components including radio unit (RU), distributed unit (DU), centralised unit (CU), and the user plane function (UPF) could leverage either compute or network optimised VM instances, as they are latency and throughput sensitive. Hybrid Connectivity offers security for hybrid environments. Telcos are using this service to connect to any region around the globe with lower latencies and improved performance. One of the major reasons for its adoption is a guaranteed uptime of 99.99%. It acts like a dedicated interconnect or cloud virtual private network (VPN) ensuring better security for critical workloads and operations. Google Virtual NIC (GVNIC) is a specialised interface attached to Compute Engine VM instances as an alternative to VirtIO-based ethernet drivers. Telcos can leverage this interface for higher throughputs and lower latencies. Anthos – GKE is a managed platform for application deployments both in VMs and containers. It lets you not only build and manage applications but also ensures operational consistency across them. Telcos are using Anthos for managing GKE clusters across different environments. Network Connectivity Centre (NCC) enables enterprise networks that can inter-link between multi-clouds. Telcos could benefit from it to manage and run applications across multiple cloud platforms. Cloud Run is a serverless GCP offering that enables telcos to build applications across edge sites. Telcos use Cloud Run for implementing edge logic across different locations in a region. Cloud Load Balancing (CLB) manages and distributes the incoming load across multiple instances of an enterprise workload in the same or different availability zones. CLB ensures the security of telco workloads, as they are not directly exposed to the internet. It also enables scalability and security is guaranteed. The following figure represents GCP services used by telcos for their enterprise-grade workloads. GCP services for telco workloads Running telco workloads on Ubuntu Pro for GCP Google cloud and Canonical have developed multiple solutions ranging from VMs to K8s clusters and AI. Both companies have jointly created cloud server images for enterprises to accelerate their cloud adoption. Ubuntu Pro for GCP is a specialised and premium server image developed by Canonical for production workloads. Telcos leverage GCP and Ubuntu Pro altogether with pay-as-you-go billing to minimise their operational expenses. Ubuntu Pro images are optimised for critical telco operations and pricing is proportional to the utilisation of underlying GCP compute resources. Ubuntu Pro server images are secure, cost-effective and performance optimised. Ubuntu Pro images come with additional security, live patching and compliance to industry standards required for enterprise grade and mission critical workloads. Gojek is one of the leading companies running their workloads on GCP with Ubuntu Pro as underlying Operating System (OS). Ubuntu Pro images come with added support for enhanced platform awareness (EPA) features including DPDK, SR-IOV, NUMA and HugePages. Canonical also offers base images for containers, which are also compliant with the Open Container Initiative (OCI). Telcos running sensitive workloads on containers leverage GKE and Rocks Ubuntu container images. Ubuntu Pro based VM instance (s) Ubuntu Pro is ideal for telcos to run critical workloads on due to its integration with Google Cloud and the following features: Reliable Maintenance period – one decade: Canonical provides long-term support (LTS) for ten years to Ubuntu Pro customers, with regular security updates and reliable upgrades. Open-source security: security patches for hundreds of applications from the open source community, not limited to Apache Kafka, MongoDB, RabbitMQ, Redis, and NodeJS. Multi-version offerings: Canonical offers multiple versions of Ubuntu Pro on GCP including 16.04 LTS, 18.04 LTS and 20.04 LTS. Optimised cloud based billing: GCP offers a variety of compute instance types and pricing is purely dependent on the compute resource usage. FIPS and CC2 ELA certificates: Ubuntu Pro comes with support for FIPS 140-2 and Common Criteria EAL2-certified components that meet requirements for the Federal Risk and Authorization Management Program (FedRAMP), the Health Insurance Portability and Accountability Act (HIPAA), the International Organisation for Standardisation (ISO), and Payment card industry compliance (PCI). Portability: Canonical ensures cloud server images are portable and their mirrors are available to different regions, lowering latency for end customers. Live Kernel Patching: GCP live kernel patching is enabled to avoid reboots during routine operations. Industry benchmark standards: Optional support for profiles including CIS and DISA STIG to meet industry benchmark standards. Summing up The path to digitisation in telecom has always been challenging. But public clouds are providing much-needed flexibility and agility. Telcos need a trusted platform to build on in order to ensure compliance and security as complexity increases. While GCP takes care of managing the underlying infrastructure, ensuring security and scalability for critical telco workloads as the network grows, Canonical provides secure, compliant and confidential server images to run workloads and an extensive offering to bolster telcos’ security and compliance. Canonical offers images for both VMs and containerised images, providing flexibility for telcos evaluating environments to run their applications Ubuntu server images have paved an ideal path for the adoption of public clouds. Looking to increase agility and resilience to focus on your core business? Contact us to learn more about Canonical in telco today. View the full article

This blog post has been co-authored by Darius Ryals, General Manager of Partner Promises and Azure Chief Information Security Officer. Today we’re announcing Azure Payment HSM has achieved Payment Card Industry Personal Identification Number (PCI PIN) making Azure the first hyperscale cloud service provider to obtain this certification. Financial technology has rapidly disrupted the payments industry and securing payment transactions is of the utmost importance. Azure helps customers secure their critical payment infrastructure in the cloud and streamlines global payments security compliance. Azure remains committed to helping customers achieve compliance with the Payment Card Industry’s leading compliance certifications. Enhanced security and compliance through Azure Payment HSM Azure Payment HSM is a bare metal infrastructure as a service (IaaS) that provides cryptographic key operations for real-time payment transactions in Azure. The service empowers financial institutions and service providers to accelerate their digital payment strategy through the cloud. Azure Payment HSM is certified across stringent security and compliance requirements established by the PCI Security Standards Council (PCI SSC) including PCI DSS, PCI 3DS, and PCI PIN and offers HSMs certified to FIPS 140-2 Level 3 and PCI HSM v3. Azure Payment HSM enables a wide range of use cases. These include payment processing for card and mobile payment authorization and 3D-Secure authentication; payment credential issuing for cards, wearables, and connected devices; securing keys and authentication data for POS, mPOS, Remote key loading, PIN generation, and PIN routing; sensitive data protection for point-to-point encryption, security tokenization, and EMV payment tokenization. Azure Payment HSM is designed to meet the low latency and high-performance requirements for mission-critical payment applications. The service is comprised of single-tenant HSMs offering customers complete remote administrative control and exclusive access. HSMs are provisioned and connected directly to users’ virtual networks, and HSMs are under users’ sole administration control. HSMs can be easily provisioned as a pair of devices and configured for high availability. Azure Payment HSM provides great benefits for both payment HSM users with a legacy on-premises HSM footprint and those new payment ecosystem entrants who may choose a cloud-native approach from the outset. The customer could be a payment service provider acting on behalf of multiple financial institutions or a financial institution that wishes to directly access the Azure Payment HSM. Leverage Azure Payment HSM PCI PIN certification PINs are used to verify cardholder identity during online and offline payment card transactions. The PCI PIN Security Standard contains requirements for the secure management, processing, and transmission of PIN data and applies to merchants and service providers that store, process, transmit, or can impact the security of PIN data. Azure Payment HSM customers can reduce their compliance burden by leveraging Azure’s PCI PIN Attestation of Compliance (AOC) which addresses Azure’s portion of responsibility for each PCI PIN requirement and contains the list of certified Azure regions. The Azure Payment HSM Shared Responsibility Matrix is also available to help customers significantly reduce time, effort, and cost during their own PCI PIN assessments by simplifying the compliance process. Learn more When moving payment systems to the cloud, payment security must adhere to Payment Industry’s mandate compliance without failure. Financial institutions and service providers in the payment ecosystem including issuers, service providers, acquirers, processors, and payment networks would benefit from Azure Payment HSM. To learn how Microsoft Azure capabilities can help, see the resources below: Azure Payment HSM Azure Payment HSM documentation Azure PCI PIN AOC Azure PCI DSS AOC Azure PCI 3DS AOC View the full article

Amazon MemoryDB for Redis is now a Payment Card Industry Data Security Standard (PCI DSS) compliant service. MemoryDB is a fully managed, Redis-compatible, in-memory database that provides low latency, high throughput, and durability at any scale. View the full article

Data breaches and ransomware attacks impact millions of people every year. Although major corporations have the resources to comply with international data privacy laws and standards, many smaller companies in high-risk markets struggle to protect sensitive customer information. These vulnerable businesses are often targeted by cyber criminals who use them as digital stepping-stones to attack more secure organizations. We built Black Kite to empower any company to easily understand if third-party vendors, partners, and suppliers are safe and secure to work with. Our platform reduces risk assessments from weeks to minutes by non-intrusively analyzing registered domains and scoring cyber risks across three primary categories: technical, financial, and compliance. With Black Kite, companies can continuously monitor red-flagged organizations in high-risk industries such as automotive, pharmaceutical, and critical infrastructure. Black Kite identifies vulnerabilities and attack patterns using 400 security controls and over 20 criteria. These include credential and patch management, attack surface, DDOS resiliency, SSL/TLS strength, IP/Domain Reputation, and DNS health. We also leverage the Open FAIR™ model to calculate the probable financial impact of third-party data breaches—and assign easy-to-understand letter grades with transparent formulas developed by the MITRE Corporation. Scaling and Securing Black Kite I started Black Kite as a certified ethical hacker (CEH) and previously worked with the North Atlantic Treaty Organization (NATO) Counter Cyber Terrorist Task Force to identify cybercriminal loopholes. Slowly I started to build an awesome management team after founding the company. As we transitioned to a startup with a limited budget, we quickly realized we couldn’t securely and rapidly scale without a reliable technology partner to help us process, analyze, and store enormous amounts of sensitive data. That’s why we started working withGoogle Cloud and partnering with theGoogle for Startups Program. We participated in the Mach37 incubator and accelerator and received a $100k credit that is valid for 2 years. Google Cloud gives us ahighly secure-by-design infrastructure that complies with major international data privacy laws and standards. Black Kite stores and encrypts everything on highly secureCloud Storage, leveraging a combination of solid-state drives (SSDs) and hard disk drives (HDDs) for hot, nearline, and coldline data. We also manage and archive the 30 terabytes of logs Black Kite generates every day withGoogle Cloud's operations suite. To create risk assessment ratings, we spin upGoogle Kubernetes Engine (GKE),Cloud Functions, andCloud Run. The platform scans registered domains using natural language processing (NLP) and other machine learning (ML) techniques with sophisticated models developed onTensorFlow. We also leverage additional Google Cloud products to operate Black Kite, includingApp Engine,Cloud Scheduler,Cloud SQL, andCloud Tasks. Running millions of microservices on Google Cloud In 2016, we started an exciting journey to help companies to work safely and securely with third-party vendors, partners, and suppliers. Thanks to Google Cloud, the Google for Startups Program, and the Mach37 incubator and accelerator, over 300 companies around the world are satisfied Black Kite customers. These companies continuously use our platform to assess third-party cyber risks, rate ransomware susceptibility, and ensure compliance with international data and privacy laws. In addition to being thehighest-rated customer’s choice vendor, we continue to work with the Google Cloud Success team to further optimize our 5,000 microservices that run concurrently during every risk-assessment scan. Google startup experts are amazingly responsive, with deep technical knowledge and problem-solving skills that help us scale up to a million microservices a day! We also want to highlight theGoogle Cloud research credits we use to affordably explore new solutions to manage, analyze, and validate the enormous amounts of information Black Kite generates. We now flawlessly run millions of standards-based cyber risk assessments—and rapidly correlate data with major industry standards such as National Institute of Standards and Technology (NIST), Payment Card Industry Data Security Standard (PCI-DSS), and General Data Protection Regulation (GDPR). With Black Kite, companies are taking control of third-party cyber risk assessment on a scalable, automated, and intelligent platform built from a hacker’s perspective. We can’t wait to see what we accomplish next as we continue to expand the Black Kite team and positively disrupt the security industry to safeguard systems and information for businesses (and their customers) worldwide. If you want to learn more about how Google Cloud can help your startup, visit our pagehere to get more information about our program, andsign up for our communications to get a look at our community activities, digital events, special offers, and more. Related Article Pride Month: Q&A with bunny.money founders about saving for good Learn how bunny.money makes it easy for people to save routinely and responsibly while donating to their favorite causes. Read Article

In the Amazon EKS Best Practices Guide, AWS recommends Open Policy Agent (OPA) as a policy-as-code (PaC) solution for Kubernetes pod security. The long list of pros provided for PaC focuses mainly on the flexibility and comprehensive control that PaC provides when compared with built-in pod security admission. While PaC brings powerful flexibility, it can be complex to learn and requires new skills, languages, and capabilities. The evolution of policy-as-code for Kubernetes In just a few years, we have seen DevOps teams evolve their policy implementation from custom code, to Pod Security Policies (PSPs), to Open Policy Agent (OPA) Gatekeeper. All along, the goals have been the same—enforce guardrails with as little overhead as possible. The next step in this evolution is Styra Declarative Authorization Service (DAS) Free. It builds on OPA with a single control plane for all Kubernetes resources, significantly enhanced management and maintenance functionality, graphic user interface (GUI), and clean command line interface (CLI) implementation of all testing, monitoring, and maintenance features for those who prefer to directly evaluate policy from the terminal against local Kubernetes manifests. With a couple of commands, Styra DAS seamlessly installs OPA in your Kubernetes cluster as both a validating and mutating admission controller. This allows you to not only validate all workloads against your custom policies but to also modify noncompliant workloads before deployment. Styra DAS Free also provides a built-in policy library of over 100 policies (including all 16 control aspects of a pod) derived from real-world use cases. Further speeding deployment and easing ongoing compliance initiatives, Styra DAS includes best practices, such as prebuilt policy packs, including MITRE ATT&CK, Center for Internet Security (CIS) Kubernetes Benchmarks, Payment Card Industry Data Security Standard (PCI DSS) 3.2, and PSPs. These curated groups of policies give DevOps teams a turnkey solution to secure their containerized workloads without spending time researching, identifying, and implementing baseline policies. With great power… As the creators of OPA, Styra has worked with hundreds of production Kubernetes deployments and learned that some teams don’t have the time to invest in learning a dedicated policy language, such as Rego, which was developed for maximum flexibility. However, every app and development team needs comprehensive control over Kubernetes deployments, regardless of how much time they have to spend on writing and managing custom policy. This is the reason behind the development of Styra DAS Free. Styra DAS Free is a control plane for OPA, which was purpose-built to deploy and manage OPA policies without hassle. For Amazon EKS, this means that within 15 minutes, you can do the following: Deploy autogenerated OPA instances in seconds, without any manual configuration. Create custom guardrails from a prebuilt library of well over 100 policies. Validate the state of any current clusters. See the impact of changes before you commit them to prevent errors, outages, and rework. So it’s fast. But what can it do in just 5 minutes? Here we’ll focus on just a few of the critical security policies called out in the Amazon EKS Best Practices Guide, all of which are built into Styra DAS Free. Each of these policies can be built, tested, implemented, and monitored right out of the box without spending any time learning OPA or Rego or doing any custom coding of admission control policies. Deploy your first 5 security policies in just 5 minutes Let’s look at the first five policies in terms of working from big to small. We’ll start with host protections, then container protections, and finally, process protections. Restrict the containers that can run as privileged Letting a container run with privilege gives that container all the power of a root Linux user and means that any compromised container can manipulate the host files as well as read and modify data for other containers. Certainly, there are reasons this might be necessary, and compensating controls will be in place to ensure privilege is hard to abuse. However, limiting privilege by default is always a best practice. To prevent systems from running as privileged, all you have to do in Styra DAS Free is choose “Prohibit Privileged Mode” and rest assured that no container in that cluster can escalate out of control. Of course, if there are containers that do need privilege, the following screenshot demonstrates that there are built-in rules that more granularly control privileges by container type, and you can always choose to deploy any rule by annotation, namespace, or more for granularity and customization. Configure read-only file system Attackers have shown that we need to do everything we can to enforce the practices of least privilege everywhere by default. Specifying a read-only file system (and controlling exceptions when needed) is another way that the Amazon EKS team and security practitioners in general have specified to prevent missteps that lead to compromise. Don’t allow any containers to run as root Kubernetes containers run as root by default, so they can change anything that needs changing within their own container. However, unless that level of power is truly necessary, the best practice is to limit what can be installed or accessed by choosing the Prohibit Running as ‘root’ policy in Styra DAS Free. This way, each container can run its intended processes and nothing more. Disallow privilege escalation In the previous screenshot, we prevented Amazon EKS from scheduling any containers that want to run with privilege. But we also want to prevent containers from being able to escalate their privilege in order to stop attackers from doing things like finding secrets, changing role-binding, and otherwise moving around inside a system to compromise your app and data. Set requests and limits for each container When containers compete for resources, unpredictability is the only result. Even without a malicious actor trying to attack, an out-of-control process can result in workloads that will never be scheduled or lead to production containers being stopped. The best case is this can break your app. The worst case is the unexpected vulnerability from an unpredictable stack overflow. Avoid resource contention and denial-of-service (DoS) attacks by preventing any container from stealing all the available resources from your cluster. Many DevOps members use limit ranges or quotas to achieve this same goal. However, with Styra DAS Free, teams get a number of advantages. Primarily, thanks to the built-in library and consistent control plane, teams get faster and easier implementation in even a single cluster and, of course, consistency of policy across clusters as well. Also, once OPA is deployed through Styra DAS Free, it is easier to roll out new policies and policy changes to a cluster than to reconfigure the cluster for limit ranges. Unlike individual rules deployed as one-offs, Styra DAS Free with OPA allows for a single-policy implementation for all guardrails across the entire software lifecycle, making policy far easier to deploy, test, manage, and maintain. Of course, once you mandate that each container must have request limits, you’ll also want to look into using Styra DAS Free to specify the CPU and memory limits by default as well. This can be done by preventing any unspecified workloads from being scheduled or mutating any container policy to include limits by default, even when the developer might have forgotten. Flexibility without complexity Styra DAS Free isn’t just the fastest way to set up OPA policies. It’s also a turnkey solution for monitoring your Amazon EKS policy to ensure that OPAs are working as expected and policy is having the intended effects. Choose whether you want to monitor policy to flag issues but not stop production or move to hard enforcement to prevent errors from ever making their way to production. Before committing any new changes, run a built-in impact analysis to compare the result of the proposed changes to the existing cluster policy to see if your change will break deployments or have the effect you intend. Styra DAS Free was developed alongside OPA by the founders of the project to provide the operational and security tools needed to ensure OPA instances are correctly running at scale throughout the development lifecycle. Better collaboration Use Styra DAS Free to build burndown lists of compliance issues that you can work through with members of your team to better understand issues, find solutions without outages, and collaborate with security and governance teams without reading through code. Styra DAS Free gives teams the immediate ability to choose how and where each policy is enforced by label, namespace, custom annotation, and more. Proven in production Styra DAS Free is the same solution that’s been proven in some of the largest Amazon EKS and Kubernetes deployments in the world, running in production at global enterprises like Capital One, the European Patent Office, and Zalando. Since the guardrail policies are built from the best practices of the OPA community, DevOps teams can trust code that’s been hardened by thousands of DevOps engineers across millions of pods and billions of policy decisions. Styra DAS Free is available on AWS Marketplace and might just take less time to set up than it took to read to this point. So have at it! It’s free, and it’s the easiest way to get OPA PaC in place on Amazon EKS, all without having to code. Chris Webber, VP of Growth Strategy, Styra Chris Webber is VP of Growth Strategy at Styra, where he leads the company’s product lead growth efforts. Webber is a security wonk, a cloud evangelist, a product guy, and a recovering IT professional. Having spent time at both Silicon Valley startups and global powerhouses, he developed his particular slant on cybersecurity at companies like Zscaler, Blue Coat Systems, Centrify and SafeBreach. View the full article

This is a warning about AWS Security Hub. Organizations that use AWS Security Hub to monitor and mitigate risks pay too much attention to the visible part of the AWS security iceberg, namely the findings. These organizations tend to overlook or underestimate the invisible part of the iceberg where critical risks are hidden. /images/2022/05/iceberg.jpg Below, I go into the details of my observations and outline possible countermeasures to ensure you are using AWS Security Hub in the right way. Overwhelming amount of findingsThe AWS Security Hub comes with controls for the following standards: CIS AWS Foundations: 48 controls Payment Card Industry Data Security Standard (PCI DSS): 49 controls AWS Foundational Security Best Practices: 162 controls It is not uncommon that you will end up with hundreds or even thousands of findings after enabling one or multiple standards for multiple AWS accounts with running workloads. Working through a huge list of findings to evaluate, suppress, or fix the issue is demotivating and uses up a lot of energy and attention. /images/2022/05/securityhub-findings.png I’ve seen teams spend weeks or months fixing all the findings generated by AWS Security Hub. Don’t get me wrong, fixing the findings will improve overall security. My point is that you may be overlooking important areas where security can be significantly enhanced by spending the same time and money. A few ideas to avoid getting overwhelmed by the number of findings generated by the AWS Security Hub. Do not enable all security standards at once. For example, start with the CIS AWS Foundations standard. Enable and monitor the AWS Security Hub at the beginning of a project before creating resources in the AWS account. Disable irrelevant or outdated controls. Also, disable controls generating a lot of minor findings. Superficial security controlsBefore the AWS Security Hub was a thing, I worked on a similar tool many years ago. The challenge when designing and implementing controls is abstraction and generalization. To evaluate the risk of a configuration, context is needed. Let me illustrate this with an example. A Lambda function assumes an IAM role with the following policy attached. { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteObject", "s3:GetObject", "s3:PutObject" ], "Effect": "Allow", "Resource": "*" } ] } A generic control cannot tell whether the IAM policy follows the least privilege principle because it does not know the Lambda function. The IAM policy could either be fine or add an unnecessary risk of accidental or malicious data deletion. That’s why the controls focus on generic risks that are easy to detect. So it is crucial that you ask the question: Which parts of the iceberg are not covered by AWS Security Hub? Let me give you a few examples: Do resource- and identity-based policies follow the least privilege principle. Are the security group rules as strict as possible? Is the ALB publicly accessible by intention? Should objects be protected from being manipulated or deleted by enabling S3 Object Lock? What’s the data classification of the data stored in a database cluster? Is encryption with a customer-managed KMS key required? Does that Lambda function (Node.js) contain a package with a critical vulnerability? Be aware that the AWS Security Hub does not check all relevant aspects of cloud security. Also, it is impossible to evaluate rules based on context information like the data classification, for example. That does not mean the service is terrible; it is just not possible to go into the details with generic controls. Some might argue, that other AWS services or 3rd parties could jump in and provide advanced controls. For example, the IAM Access Analyzer compares CloudTrail logs with IAM polices to make suggestions on how to improve the policy. However, the IAM Access Analyzer comes with the same limitation, it does not know about your scenario. Instead, it makes guesses based on incomplete/expensive CloudTrail logs. In my opinion, all those tools try to solve a problem, that cannot be solved without any context information about the scenario. Some ideas on avoiding blind spots when using the AWS Security Hub. Be aware that the AWS Security Hub does not cover all relevant aspects of cloud security. Ask AWS security specialists to review AWS accounts regularly. Validate whether IAM and network configuration follows the least privilege principle. False-positivesWe use the AWS Security Hub to evaluate the security risks within our AWS accounts. Every day, marbot -our chatbot- forwards a Security Hub finding to one of our Slacks channels. The finding tells us that there is an EC2 instance with a public IP address running. /images/2022/05/securityhub-finding-marbot.png Running an EC2 instance with a public IP address should raise a red flag. However, we have a good reason to start an EC2 instance with public IP once a day for 5 minutes. Thus, the finding is a false positive. The problem with false positives is that we get used to them. I close the warning every day, and it has happened to me that I have overlooked an important warning. So, watch out for false positives and mark them as SUPPRESSED, which means you reviewed the finding and do not think any action is needed. In our case, a new finding gets generated every day because we are launching a new instance. That’s why automatically suppressing the finding is on our TODO list. A few ideas to ensure you do not get bothered by false positives and avoid alert fatigue. Mark false-postives as SUPPRESSED (see Setting the workflow status for findings) manually. Use a Lambda function to mark false positives as SUPPRESSED in case new resources result in findings regularly. SummaryThink of AWS security as an iceberg. The easy-to-find risks look out of the water, and AWS Security Hub will easily detect them. But under the water, the iceberg continues; critical vulnerabilities are hiding there. Therefore, here are a few tips for dealing with the AWS Security Hub. Avoid generating an overwhelming amount of findings. For example, do not enable all standards and controls at once. Be aware that the AWS Security Hub does not cover all relevant aspects of cloud security. The generic controls do not guarantee that you are following the least-privilege principle, for example. Reduce the noise generated by false positives to avoid alert fatigue. Mark findings as SUPPRESSED manually or automatically. View the full article

Want to know the latest from Google Cloud? Find it here in one handy location. Check back regularly for our newest updates, announcements, resources, events, learning opportunities, and more. Tip: Not sure where to find what you’re looking for on the Google Cloud blog? Start here: Google Cloud blog 101: Full list of topics, links, and resources. Week of May 9 - May 13, 2022 We just published a blog post announcing the latest Google Cloud’s STAC-M3™ benchmark results. Following up on our 2018 STAC-M3 benchmark audit, a redesigned Google Cloud architecture achieved significant improvements: Up to 18x faster, Up to 9x higher throughput, and new record in STAC-M3.ß1.1T.YRHIBID-2.TIME. We also published a whitepaper on how we designed and optimized the cluster for API-driven cloud resources. Security Command Center (SCC) released new finding types that alert customers when SCC is either misconfigured or configured in a way that prevents it from operating as expected. These findings provide remediation steps to return SCC to an operational state. Learn more and see examples. Week of May 2 - May 6, 2022 As part of Anthos release 1.11, Anthos Clusters on Azure and Anthos Clusters on AWS now support Kubernetes versions 1.22.8-gke.200 and 1.21.11-gke.100. As a preview feature, you can now choose Windows as your node pool image type when you create node pools with Kubernetes version 1.22.8. For more information, check out the Anthos multi cloud website. The Google Cloud Future of Data whitepaper explores why the future of data will involve three key themes: unified, flexible, and accessible. Learn about BigQuery BI Engine and how to analyze large and complex datasets interactively with sub-second query response time and high concurrency. Now generally available. Announcing the launch of the second series of the Google Cloud Technical Guides for Startups, a video series for technical enablement aimed at helping startups to start, build and grow their businesses. Solving for food waste with data analytics in Google Cloud. Explore why it is so necessary as a retailer to bring your data to the cloud to apply analytics to minimize food waste. Mosquitoes get the swat with new Mosquito Forecast built by OFF! Insect Repellents and Google Cloud. Read how SC Johnson built an app that predicts mosquito outbreaks in your area. Week of April 25 - April 29, 2022 We're excited to announce the general availability of Media CDN — a content and media distribution platform with unparalleled scale. New Google Cloud research shows shoppers are paying closer attention to the values of consumer goods brands and care more about eco-friendly products. Meditech’s cloud EHR gives clinicians time back with patients helping them make better decisions and diagnoses. Cloud is supercharging 5G development, transforming every industry along the way. How 5G and Cloud will change every industry, including yours. Google’s Area 120 incubator shares 5 lessons on sustaining innovation at scale. Introducing SWIFT on Google Cloud - modernize your payments by bringing it to the cloud. Advance your technical skills and boost your career by getting hands-on practice with Google Cloud projects. Discover how the Google Workspace Administrator role has evolved and why certification training is vital for this in-demand position. Week of April 18 - April 22, 2022 Meet the people of Google Cloud: Jim Hogan, an autistic Googler talks advocacy and inclusion and how it relates to his job as an innovation strategist. Announcing the Climate Innovation Challenge—grants to provide scientists with Google Cloud research credits, so they can better address our urgent climate challenge. Read more. Our first-ever Google Workspace Summit: Get the latest on the keynote, breakout sessions, and product innovations for our first-ever Google Workspace Summit on May 4, 2022. Here are 9 sessions you don't want to miss. Climate scientists rely on cloud-based tools like Google Earth Engine to detect changes, map trends, and quantify differences on the Earth's surface. Read how Natural Resources Canada uses Google Earth Engine. Urban Outfitter’s rental business, Nuuly, shows how being cloud-first also means being sustainability-first, with the agility and insights going green requires. Read how technology is weaving sustainability into the future of retail at Nuuly. Clean energy projects begin to power Google data centers. Read about investments Google has made toward clean energy projects to power and protect our global data centers are coming online around the world. The Cloud Engineer Learning Path is an effective way to prepare for the Associate Cloud Engineer certification and launch your new cloud career. Here's how to prepare for Google’s Associate Cloud Engineer exam. Week of April 11 - April 15, 2022 Machine learning company Moloco uses Cloud Bigtable to process 5+ million ad bid requests per second. Learn how Moloco uses Bigtable to keep up in a speedy market and process ad requests at unmatched speed and scale. The Broad Institute of MIT and Harvard speeds scientific research with Cloud SQL. One of our customers, the Broad Institute, shares how they used Cloud SQL to accelerate scientific research. In this customer story, you will learn how the Broad Institute was able to get Google’s database services up and running quickly and lower their operational burden by using Cloud SQL. Data Cloud Summit ‘22 recap blog on April 12: Didn’t get a chance to watch the Google Data Cloud Summit this year? Check out our recap to learn the top five takeaways - learn more about product announcements, customer speakers, partners, product demos and check out more resources on your favorite topics. The new Professional Cloud Database Engineer certification in beta is here. By participating in this beta, you will directly influence and enhance the learning and career path for Cloud Database Engineers globally. Learn more and sign up today. Learn how to use Kubernetes Jobs and cost-optimized Spot VMs to run and manage fault-tolerant AI/ML batch workloads on Google Kubernetes Engine. Expanding Eventarc presence to 4 new regions—asia-south2, australia-southeast2, northamerica-northeast2, southamerica-west1. You can now create Eventarc resources in 30 regions. Week of April 4 - April 8, 2022 Join us at the Google Data Cloud Summit on Wednesday, April 6, at 9 AM PDT. Learn how Google Cloud technologies across AI, machine learning, analytics, and databases have helped organizations such as Exabeam, Deutsche Bank, and PayPal to break down silos, increase agility, derive more value from data, and innovate faster. Register today for this no cost digital event. Announcing the first Data Partner Spotlight, on May 11th We saved you a seat at the table to learn about the Data Cloud Partners in the Google Cloud ecosystem. We will spotlight technology partners, and deep dive into their solutions, so business leaders can make smarter decisions, and solve complex data challenges with Google Cloud. Register today for this digital event Introducing Vertex AI Model Registry, a central repository to manage and govern the lifecycle of your ML models. Designed to work with any type of model and deployment target, including BigQuery ML, Vertex AI Model Registry makes it easy to manage and deploy models. Learn more about Google’s unified data and AI offering. Vertex AI Workbenchis now GA, bringing together Google Cloud’s data and ML systems into a single interface so that teams have a common toolset across data analytics, data science, and machine learning. With native integrations across BigQuery, Spark, Dataproc, and Dataplex data scientists can build, train and deploy ML models 5X faster than traditional notebooks. Don’t miss this ‘How to’ session from the Data Cloud Summit. Week of Mar 28 - April 1, 2022 Learn how Google Cloud’s network and Network Connectivity Center can transform the private wires used for voice trading. Anthos bare metal 1.11 minor release is available now. Containerd is the default runtime in Anthos clusters on bare metal in this release. Examples of the feature enhancements are as below: Upgraded Anthos clusters on bare metal to use Kubernetes version 1.22; AddedEgress Network Address Translation (NAT) gateway capability to provide persistent, deterministic routing for egress traffic from clusters Enabled IPv4/IPv6 dual-stack support Additional enhancements in the release can be found in the the release note here Week of Mar 21 - Mar 25, 2022 Google Cloud’s Behnaz Kibria reflects on a recent fireside chat that she moderated with Google Cloud’s Phil Moyer and former SEC Commissioner, Troy Paredes at FIA Boca. The discussion focused on the future of markets and policy, the new technologies that are already paving the way for greater speed and transparency, and what it will take to ensure greater resiliency, performance and security over the longer term. Read the blog. Eventarc adds support for Firebase Alerts. Now you can create Eventarc triggers to send Firebase Alerts events to your favorite destinations that Eventarc supports. Now you can control how your alerts handle missing data from telemetry data streams using Alert Policies in the Cloud Console or via API. In cloud ecosystems there are millions of data sources, and often, there are pauses or breaks in their telemetry data streams. Configure how this missing data influences your open incidents: Option 1: Missing data is treated as “above the threshold”- and your incidents will stay open. Option 2: missing data is evaluated as “below the threshold” and the incident will close after your retest window period. Week of Mar 14 - Mar 18, 2022 Natural language processing is a critical AI tool for understanding unstructured, often technical healthcare information, like clinical notes and lab reports. See how leading healthcare organizations are exploring NLP to unlock hidden value in their data. A handheld lab: Read how Cue Health is revolutionizing healthcare diagnostics for COVID-19 and beyond—all from the comfort of home. Providing reliable technical support for an increasingly distributed, hybrid workforce is becoming all the more crucial, and challenging. Cloud Customer Care has added a range of new offerings and features for businesses of all sizes to help you find the Google Cloud technical support services that are best for your needs and budget. #GoogleforGames Dev Summit is NOW LIVE. Watch the keynote followed by over 20 product sessions on-demand to help you build high quality games and reach audiences around the world. Watch → g.co/gamedevsummit Meeting (and ideally, exceeding) consumer expectations today is often a heavy lift for many companies—especially those running modern apps on legacy, on-premises databases. Read how Google Cloud database services provide you the best options for industry-leading reliability, global scale & open standards, enabling you to make your next big idea a reality. Read this blog. Week of Mar 07 - Mar 11, 2022 Learn how Google Cloud Partner Advantage partners help customers solve real-world business challenges in retail and ecommerce through data insights. Introducing Community Security Analytics, an open-source repository of queries for self-service security analytics. Get started analyzing your own Google Cloud logs with BigQuery or Chronicle to detect potential threats to your workloads, and to audit usage of your data. Learn more. On a mission to accelerate the world's adoption of a modern approach to threat management through Autonomic Security Operations, our latest update expands our ASO technology stack with Siemplify, offers a solution to the latest White House Executive Order 14028, introduces a community-based security analytics repository, and announces key R&D initiatives that we’re investing in to bolster threat-informed defenses worldwide. Read more here! Account defender, available today in public preview, is a feature in reCAPTCHA Enterprise that takes behavioral detection a step further. It analyzes the patterns of behavior for an individual account, in addition to the patterns of behavior of all user accounts associated with your website. Read more here. Maximize your Cloud Spanner savings with new committed use discounts. Get up to 40% discount on Spanner compute capacity by purchasing committed use discounts. Once you make a commitment to spend a certain amount on an hourly basis on Spanner from a billing account, you can get discounts on instances in different instance configurations, regions, and projects associated with that billing account. This flexibility helps you achieve a high utilization rate of your commitment across regions and projects without manual intervention, saving you time and money. Learn more. In many places across the globe, March is celebrated as Women’s History Month, and March 8th, specifically, marks the day known around the world as International Women’s Day. Google Cloud, in partnership with Women Techmakers, has created an opportunity to bridge the gaps in the credentialing space by offering a certification journey for Ambassadors of the Women Techmakers community. Learn more. Learn how to accelerate vendor due diligence on Google Cloud by leveraging third party risk management providers. Hybrid work should not derail DEI efforts. If you’re moving to a hybrid work model, here’s how to make diversity, equity and inclusion central to it. Learn how Cloud Data Fusion provides scalable data integration pipelines to help consolidate a customer’s SAP and non-SAP datasets within BigQuery. Hong Kong–based startup TecPal builds and manages smart hardware and software for household appliances all over the world using Google Cloud. Find out how.Eventarc adds support for Firebase Remote Config and Test Lab in preview. Now you can create Eventarc triggers to send Firebase Remote Config or Firebase Test Lab events to your favorite destinations that Eventarc supports. Anthos Service Mesh Dashboard is now available (public preview) on the Anthos clusters on Bare Metaland Anthos clusters on VMware . Customers can now get out-of-the-box telemetry dashboards to see a services-first view of their application on the Cloud Console.Micro Focus Enterprise Server Google Cloud blueprint performs an automated deployment of Enterprise Server inside a new VPC or existing VPC. Learn more. Learn how to wire your application logs with more information without adding a single line of code and get more insights with the new version of the Java library. Pacemaker Alerts in Google Cloudcluster alerting enables the system administrator to be notified about critical events of the enterprise workloads in GCP like the SAP solutions. Week of Feb 28 - Mar 04, 2022 Announcing the Data Cloud Summit, April 6th!—Ready to dive deep into data? Join us at the Google Data Cloud Summit on Wednesday, April 6, at 9 AM PDT. This three-hour digital event is packed with content and experiences designed to help you unlock innovation in your organization. Learn how Google Cloud technologies across AI, machine learning, analytics, and databases have helped organizations such as Exabeam, Deutsche Bank, and PayPal to break down silos, increase agility, derive more value from data, and innovate faster. Register today for this no cost digital event. Google Cloud addresses concerns about how its customers might be impacted by the invasion of Ukraine. Read more. Eventarc is now HIPAA compliant— Eventarc is covered under the Google Cloud Business Associate Agreement (BAA), meaning it has achieved HIPAA compliance. Healthcare and life sciences organizations can now use Eventarc to send events that require HIPAA compliance. Eventarc trigger for Workflows is now available in Preview. You can now select Workflows as a destination to events originating from any supported event provider Error Reporting automatically captures exceptions found in logs ingested by Cloud Logging from the following languages: Go, Java, Node.js, PHP, Python, Ruby, and .NET, aggregates them, and then notifies you of their existence. Learn moreabout how USAA partnered with Google Cloud to transform their operations by leveraging AI to drive efficiency in vehicle insurance claims estimation. Learn how Google Cloud and NetApp’s ability to “burst to cloud”, seamlessly spinning up compute and storage on demand accelerates EDA design testing. Google Cloud CISO Phil Venables shares his thoughts on the latest security updates from the Google Cybersecurity Action Team. Google Cloud Easy as Pie Hackathon, the results are in. VPC Flow Logs Org Policy Constraints allow users to enforce VPC Flow Logs enablement across their organization, and impose minimum and maximum sampling rates. VPC Flow Logs are used to understand network traffic for troubleshooting, optimization and compliance purposes. Google Cloud Managed Service for Prometheus is now generally available. Get all of the benefits of open source-compatible monitoring with the ease of use of Google-scale managed services. Google Cloud Deploy now supports Anthos clusters bringing opinionated, fully managed continuous delivery for hybrid and multicloud workloads. Cloud Deploy provides integrated best practices, security, and metrics from a centralized control plane. Learn Google Workspace’s vision for frontline workers and how our Frontline solution innovations can bridge collaboration and productivity across workforce in-office and remote. Week of Feb 21 - Feb 25, 2022 Read how Paerpay promotes bigger tabs and faster, more pleasant transactions with Google Cloud and the Google for Startups Cloud Program. Learn about the advancements we’ve released for our Google Cloud Marketplace customers and partners in the last few months. BBVA collaborated with Google Cloud to create one of the most successful Google Cloud training programs for employees to date. Read how they did it. Google for Games Developer Summit returns March 15 at 9AM PT! Learn about our latest games solutions and product innovations. It’s online and open to all. Check out the full agenda g.co/gamedevsummit Build a data mesh on Google Cloud with Dataplex (now GA ). Read how Dataplex enables customers to centrally manage, monitor, and govern distributed data, and makes it securely accessible to a variety of analytics and data science tools. While understanding what is happening now has great business value, forward-thinking companies like Tyson Foods are taking things a step further, using real-time analytics integrated with artificial intelligence (AI) and business intelligence (BI) to answer the question, “what might happen in the future?” Join us for the first Google Cloud Security Talks of 2022, happening on March 9th. Modernizing SecOps is a top priority for so many organizations. Register to attend and learn how you can enhance your approach to threat detection, investigation and response! Google Cloud introduces their Data Hero series with a profile on Lynn Langit, a data cloud architect, educator, and developer on GCP. Building ML solutions? Check out these guidelines for ensuring quality in each process of the MLOps lifecycle. Eventarc is now Payment Card Industry Data Security Standard (PCI DSS)-compliant. Week of Feb 14 - Feb 18, 2022 The Google Cloud Retail Digital Pulse-Asia Pacificis an ongoing annual assessment carried out in partnership with IDC Retail Insights to understand the maturity of retail digital transformation in the Asia Pacific Region. The study covers 1304 retailers across eight markets & sub-segments to investigate their digital maturity across five dimensions - strategy, people, data , technology and process to arrive at a 4-stage Digital Pulse Index, with 4 being the most mature. It provides great insights in various stages of digital maturity of asian retailers, their drivers for digitisation, challenges, innovation hotspots and the focus areas with respect to use cases and technologies. Deploying Cloud Memorystore for Redis for any scale: Learn how you can scale Cloud Memorystore for high volume use cases by leveraging client-side sharding. This blog provides a step by step walkthrough which demonstrates how you can adapt your existing application to scale to the highest levels with the help of the Envoy Proxy. Read our blog to learn more. Check out how six SAP customers are driving value with BigQuery. This Black History Month, we're highlighting Black-led startups using Google Cloud to grow their businesses. Check out how DOSS and its co-founder, Bobby Bryant, disrupts the real estate industry with voice search tech and analytics on Google Cloud. Vimeo leverages managed database services from Google Cloud to serve up billions of views around the world each day. Read how it uses Cloud Spanner to deliver a consistent and reliable experience to its users no matter where they are. How can serverless best be leveraged? Can cloud credits be maximized? Are all managed services equal? We dive into top questions for startups. Google introduces Sustainability value pillar in GCP Active Assist solutionto accelerate our industry leadership in Co2 reduction and environmental protection efforts. Intelligent carbon footprint reduction tool is launched in preview. Central States health insurance CIO Pat Moroney shares highs and lows from his career transforming IT. Read more Traffic Director client authorization for proxyless gRPC services is now generally available. Combine with managed mTLS credentials in GKE to centrally manage access between workloads using Traffic Director. Read more. Cloud Functions (2nd gen) is now in public preview. The next generation of our Cloud Functions Functions-as-a-Service platform gives you more features, control, performance, scalability and events sources. Learn more. Week of Feb 7 - Feb 11, 2022 Now announcing the general availability of the newest instance series in our Compute Optimized family, C2D—powered by 3rd Gen AMD EPYC processors. Read how C2D provides larger instance types, and memory per core configurations ideal for customers with performance-intensive workloads. Digital health startup expands its impact on healthcare equity and diversity with Google Cloud Platform and the Google for Startups Accelerator for Black Founders. Rear more. Storage Transfer Service support for agent pools is now generally available (GA) . You can use agent pools to create isolated groups of agents as a source or sink entity in a transfer job. This enables you to transfer data from multiple data centers and filesystems concurrently, without creating multiple projects for a large transfer spanning multiple filesystems and data centers. This option is available via API, Console, and gcloud transfer CLI. The five trends driving healthcare and life sciences in 2022 will be powered by accessible data, AI, and partnerships. Learn how COLOPL, Minna Bank and 7-Eleven Japan use Cloud Spanner to solve their scalability, performance and digital transformation challenges. Week of Jan 31 - Feb 4, 2022 Pub/Sub Lite goes regional. Pub/Sub Lite is a high-volume messaging service with ultra-low cost that now offers regional Lite topics, in addition to existing zonal Lite topics. Unlike zonal topics which are located in a single zone, regional topics are asynchronously replicated across two zones. Multi-zone replication protects from zonal failures in the service. Read about it here. Google Workspace is making it easy for employees to bring modern collaboration to work, even if their organizations are still using legacy tools. Essentials Starter is a no-cost offer designed to help people bring the apps they know and love to use in their personal lives to their work life. Learn more. We’re now offering 30 days free access to role-based Google Cloud training with interactive labs and opportunities to earn skill badges to demonstrate your cloud knowledge. Learn more. Security Command Center (SCC) Premium adds support for additional compliance benchmarks, including CIS Google Cloud Computing Foundations 1.2 and OWASP Top 10 2017 & 2021. Learn more about how SCC helps manage and improve your cloud security posture. Storage Transfer Service now offers Preview support transfers from self-managed object storage systems via user-managed agents. With this new feature, customers can seamlessly copy PBs of data from cloud or on-premise object storage to Google Cloud Storage. Object Storage sources must be compatible with Amazon S3 APIs. For customers migrating from AWS S3 to GCS, this feature gives an option to control network routes to Google Cloud. Fill this signup form to access this STS feature. Week of Jan 24-Jan 28, 2022 Learn how Sabre leveraged a 10-year partnership with Google Cloud to power the travel industry with innovative technology. As Sabre embarked on a cloud transformation, it sought managed database services from Google Cloud that enabled low latency and improved consistency. Sabre discovered how the strengths of both Cloud Spanner and Bigtable supported unique use cases and led to high performance solutions. Storage Transfer Service now offers Preview support for moving data between two filesystems and keeping them in sync on a periodic schedule. This launch offers a managed way to migrate from a self-managed filesystem to Filestore. If you have on-premises systems generating massive amounts of data that needs to be processed in Google Cloud, you can now use Storage Transfer Service to accelerate data transfer from an on-prem filesystem to a cloud filesystem. See Transfer data between POSIX file systems for details. Storage Transfer Service now offers Preview support for preserving POSIX attributes and symlinks when transferring to, from, and between POSIX filesystems. Attributes include the user ID of the owner, the group ID of the owning group, the mode or permissions, the modification time, and the size of the file. See Metadata preservation for details. Bigtable Autoscaling is Generally Available (GA): Bigtable Autoscaling automatically adds or removes capacity in response to the changing demand for your applications. With autoscaling, you only pay for what you need and you can spend more time on your business instead of managing infrastructure. Learn more. Week of Jan 17-Jan 21, 2022 Sprinklr and Google Cloud join forces to help enterprises reimagine their customer experience management strategies. Hear more from Nirav Sheth, Nirav Sheth, Director of ISV/Marketplace & Partner Sales. Firestore Key Visualizer is Generally Available (GA): Firestore Key Visualizer is an interactive, performance monitoring tool that helps customers observe and maximize Firestore’s performance. Learn more. Like many organizations, Wayfair faced the challenge of deciding which cloud databases they should migrate to in order to modernize their business and operations. Ultimately, they chose Cloud SQL and Cloud Spanner because of the databases’ clear path for shifting workloads as well as the flexibility they both provide. Learn how Wayfair was able to migrate quickly while still being able to serve production traffic at scale. Week of Jan 10-Jan 14, 2022 Start your 2022 New Year’s resolutions by learning at no cost how to use Google Cloud. Read more to find how to take advantage of these training opportunities. 8 megatrends drive cloud adoption—and improve security for all. Google Cloud CISO Phil Venables explains the eight major megatrends powering cloud adoption, and why they’ll continue to make the cloud more secure than on-prem for the foreseeable future. Read more. Week of Jan 3-Jan 7, 2022 Google Transfer Appliance announces General Availability of online mode. Customers collecting data at edge locations (e.g. cameras, cars, sensors) can offload to Transfer Appliance and stream that data to a Cloud Storage bucket. Online mode can be toggled to send the data to Cloud Storage over the network, or offline by shipping the appliance. Customers can monitor their online transfers for appliances from Cloud Console. Week of Dec 27-Dec 31, 2021 The most-read blogs about Google Cloud compute, networking, storage and physical infrastructure in 2021. Read more. Top Google Cloud managed container blogs of 2021. Four cloud security trends that organizations and practitioners should be planning for in 2022—and what they should do about them. Read more. Google Cloud announces the top data analytics stories from 2021 including the top three trends and lessons they learned from customers this year. Read more. Explore Google Cloud’s Contact Center AI (CCAI) and its momentum in 2021. Read more. An overview of the innovations that Google Workspace delivered in 2021 for Google Meet. Read more. Google Cloud’s top artificial intelligence and machine learning posts from 2021. Read more. How we’ve helped break down silos, unearth the value of data, and apply that data to solve big problems. Read more. A recap of the year’s infrastructure progress, from impressive Tau VMs, to industry-leading storage capabilities, to major networking leaps. Read more. Google Cloud CISO Phil Venables shares his thoughts on the latest security updates from the Google Cybersecurity Action Team. Read more. Google Cloud - A cloud built for developers — 2021 year in review. Read more. API management continued to grow in importance in 2021, and Apigee continued to innovate capabilities for customers, new solutions, and partnerships. Read more. Recapping Google’s progress in 2021 toward running on 24/7 carbon-free energy by 2030 — and decarbonizing the electricity system as a whole. Read more. Week of Dec 20-Dec 24, 2021 And that’s a wrap! After engaging in countless customer interviews, we’re sharing our top 3 lessons learned from our data customers in 2021. Learn what customer data journeys inspired our top picks and what made the cut here. Cloud SQL now shows you minor version information. For more information, see our documentation. Cloud SQL for MySQL now allows you to select your MySQL 8.0 minor version when creating an instance and upgrade MySQL 8.0 minor version. For more information, see our documentation. Cloud SQL for MySQL now supports database auditing. Database auditing lets you track specific user actions in the database, such as table updates, read queries, user privilege grants, and others. To learn more, see MySQL database auditing. Week of Dec 12-Dec 17, 2021 A CRITICAL VULNERABILITY in a widely used logging library, Apache’s Log4j, has become a global security incident. Security researchers around the globe warn that this could have serious repercussions. Two Google Cloud Blog posts describe how Cloud Armorand Cloud IDS both help mitigate the threat. Take advantage of these ten no-cost trainings before 2022. Check them out here. Deploy Task Queues alongside your Cloud Application: Cloud Tasks is now available in 23 GCP Regions worldwide. Read more. Managed Anthos Service Mesh support for GKE Autopilot (Preview): GKE Autopilot with Managed ASM provides ease of use and simplified administration capabilities, allowing customers to focus on their application, not the infrastructure. Customers can now let Google handle the upgrade and lifecycle tasks for both the cluster and the service mesh. Configure Managed ASM with asmcli experiment in GKE Autopilot cluster. Policy Troubleshooter for BeyondCorp Enterprise is now generally available! Using this feature, admins can triage access failure events and perform the necessary actions to unblock users quickly. Learn more by registering for Google Cloud Security Talks on December 15 and attending the BeyondCorp Enterprise session. The event is free to attend and sessions will be available on-demand. Google Cloud Security Talks, Zero Trust Edition: This week, we hosted our final Google Cloud Security Talks event of the year, focused on all things zero trust. Google pioneered the implementation of zero trust in the enterprise over a decade ago with our BeyondCorp effort, and we continue to lead the way, applying this approach to most aspects of our operations. Check out our digital sessions on-demand to hear the latest updates on Google’s vision for a zero trust future and how you can leverage our capabilities to protect your organization in today’s challenging threat environment. Week of Dec 6-Dec 10, 2021 5 key metrics to measure cloud FinOps impact in 2022 and beyond - Learn about the 5 key metrics to effectively measure the impact of Cloud FinOps across your organization and leverage the metrics to gain insights, prioritize on strategic goals, and drive enterprise-wide adoption. Learn more We announced Cloud IDS, our new network security offering, is now generally available. Cloud IDS, built with Palo Alto Networks’ technologies, delivers easy-to-use, cloud-native, managed, network-based threat detection with industry-leading breadth and security efficacy. To learn more, and request a 30 day trial credit, see the Cloud IDS webpage. Week of Nov 29-Dec 3, 2021 Join Cloud Learn, happening from Dec. 8-9: This interactive learning event will have live technical demos, Q&As, career development workshops, and more covering everything from Google Cloud fundamentals to certification prep. Learn more. Get a deep dive into BigQuery Administrator Hub– With BigQuery Administrator Hub you can better manage BigQuery at scale with Resource Charts and Slot Estimator Administrators. Learn more about these tools and just how easy they are to usehere. New data and AI in Media blog - How data and AI can help media companies better personalize; and what to watch out for. We interviewed Googlers, Gloria Lee, Executive Account Director of Media & Entertainment, and John Abel, Technical Director for the Office of the CTO, to share exclusive insights on how media organizations should think about and ways to make the most out of their data in the new era of direct-to-consumer. Watch our video interview with Gloria and John and read more. Datastream is now generally available (GA): Datastream, a serverless change data capture (CDC) and replication service, allows you to synchronize data across heterogeneous databases, storage systems, and applications reliably and with minimal latency to support real-time analytics, database replication, and event-driven architectures. Datastream currently supports CDC ingestion from Oracle and MySQL to Cloud Storage, with additional sources and destinations coming in the future. Datastream integrates with Dataflow and Cloud Data Fusion to deliver real time replication to a wide range of destinations, including BigQuery, Cloud Spanner and Cloud SQL. Learn more. Week of Nov 22 - Nov 26, 2021 Security Command Center (SCC) launches new mute findings capability: We’re excited to announce a new “Mute Findings” capability in SCC that helps you gain operational efficiencies by effectively managing the findings volume based on your organization’s policies and requirements. SCC presents potential security risks in your cloud environment as ‘findings’ across misconfigurations, vulnerabilities, and threats. With the launch of ‘mute findings’ capability, you gain a way to reduce findings volume and focus on the security issues that are highly relevant to you and your organization. To learn more, read this blog post and watch thisshort demo video. Week of Nov 15 - Nov 19, 2021 Cloud Spanner is our distributed, globally scalable SQL database service that decouples compute from storage, which makes it possible to scale processing resources separately from storage. This means that horizontal upscaling is possible with no downtime for achieving higher performance on dimensions such as operations per second for both reads and writes. The distributed scaling nature of Spanner’s architecture makes it an ideal solution for unpredictable workloads such as online games. Learn how you can get started developing global multiplayer games using Spanner. New Dataflow templates for Elasticsearch releasedto help customers process and export Google Cloud data into their Elastic Cloud. You can now push data from Pub/Sub, Cloud Storage or BigQuery into your Elasticsearch deployments in a cloud-native fashion. Read more for a deep dive on how to set up a Dataflow streaming pipeline to collect and export your Cloud Audit logs into Elasticsearch, and analyze them in Kibana UI. We’re excited to announce the public preview of Google Cloud Managed Service for Prometheus, a new monitoring offering designed for scale and ease of use that maintains compatibility with the open-source Prometheus ecosystem. While Prometheus works well for many basic deployments, managing Prometheus can become challenging at enterprise scale. Learn more about the service in our blog and on the website. Week of Nov 8 - Nov 12, 2021 New study on the economics of cloud migration - The Total Economic Impact™ Of Migrating Expensive Operating Systems and Traditional Software to Google Cloud. We worked with Forrester on this study which details the cost savings and benefits you can achieve from migrating and modernizing with Google Cloud, especially with respect to expensive operating systems and traditional software. Download now! New whitepaper on building a successful cloud migration strategy - The priority to move into the cloud and achieve a zero data center footprint is becoming top of mind for many CIOs. One of the most fundamental changes required to accelerate a move to the cloud is the adoption of a product mindset—the shift from an emphasis on project to product. Download “Accelerating the journey to the cloud with a product mindset” now. Week of Nov 1 - Nov 5, 2021 Time to live (TTL) reduces storage costs, improves query performance, and simplifies data retention in Cloud Spanner by automatically removing unneeded data based on user-defined policies. Unlike custom scripts or application code, TTL is fully managed and designed for minimal impact on other workloads. TTL is generally available today in Spanner at no additional cost. Read more. New whitepaper available: Migrating to .NET Core/5+ on Google Cloud - This free whitepaper, written for .NET developers and software architects who want to modernize their .NET Framework applications, outlines the benefits and things to consider when migrating .NET Framework apps to .NET Core/5+ running on Google Cloud. It also offers a framework with suggestions to help you build a strategy for migrating to a fully managed Kubernetes offering or to Google serverless. Download the free whitepaper. Export from Google Cloud Storage: Storage Transfer Service now offers Preview support for exporting data from Cloud Storage to any POSIX file system. You can use this bidirectional data movement capability to move data in and out of Cloud Storage, on-premises clusters, and edge locations including Google Distributed Cloud. The service provides built-in capabilities such as scheduling, bandwidth management, retries, and data integrity checks that simplifies the data transfer workflow. For more information, see Download data from Cloud Storage. Document Translation is now GA! Translate documents in real-time in 100+ languages, and retain document formatting. Learn more about new features and see a demo on how Eli Lilly translates content globally. Announcing the general availability of Cloud Asset Inventory console - We’re excited to announce the general availability of the new Cloud Asset Inventory user interface. In addition to all the capabilities announced earlier in Public Preview, the general availability release provides powerful search and easy filtering capabilities. These capabilities enable you to view details of resources and IAM policies, machine type and policy statistics, and insights into your overall cloud footprint. Learn more about these new capabilities by using the searching resources and searching IAM policies guides. You can get more information about Cloud Asset Inventory using our product documentation. Week of Oct 25 - Oct 29, 2021 BigQuery table snapshots are now generally available. A table snapshot is a low-cost, read-only copy of a table's data as it was at a particular time. By establishing a robust value measurement approach to track and monitor the business value metrics toward business goals, we are bringing technology, finance, and business leaders together through the discipline of Cloud FinOps to show how digital transformation is enabling the organization to create new innovative capabilities and generate top-line revenue. Learn more. We’ve announced BigQuery Omni, a new multicloud analytics service that allows data teams to perform cross-cloud analytics - across AWS, Azure, and Google Cloud - all from one viewpoint. Learn how BigQuery Omni works and what data and business challenges it solves here. Week of Oct 18 - Oct 22, 2021 Available now are our newest T2D VMs family based on 3rd Generation AMD EPYC processors. Learn more. In case you missed it — top AI announcements from Google Cloud Next. Catch up on what’s new, see demos, and hear from our customers about how Google Cloud is making AI more accessible, more focused on business outcomes, and fast-tracking the time-to-value. Too much to take in at Google Cloud Next 2021? No worries - here’s a breakdown of the biggest announcements at the 3-day event. Check out the second revision of Architecture Framework, Google Cloud’s collection of canonical best practices. Week of Oct 4 - Oct 8, 2021 We’re excited to announce Google Cloud’s new goal of equipping more than 40 million people with Google Cloud skills. To help achieve this goal, we’re offering no-cost access to all our training content this month. Find out more here. Support for language repositories in Artifact Registry is now generally available. Artifact Registry allows you to store all your language-specific artifacts in one place. Supported package types include Java, Node and Python. Additionally, support for Linux packages is in public preview. Learn more. Want to know what’s the latest with Google ML-Powered intelligence service Active Assist and how to learn more about it at Next’21? Check out this blog. Week of Sept 27 - Oct 1, 2021 Announcing the launch of Speaker ID. In 2020, customer preference for voice calls increased by 10 percentage points (to 43%) and was by far the most preferred service channel. But most callers still need to pass through archaic authentication processes which slows down the time to resolution and burns through valuable agent time. Speaker ID, from Google Cloud, brings ML-based speaker identification directly to customers and contact center partners, allowing callers to authenticate over the phone, using their own voice. Learn more. Your guide to all things AI & ML at Google Cloud Next. Google Cloud Next is coming October 12–14 and if you’re interested in AI & ML, we’ve got you covered. Tune in to hear about real use cases from companies like Twitter, Eli Lilly, Wayfair, and more. We’re also excited to share exciting product news and hands on AI learning opportunities. Learn more about AI at Next and register for free today! It is now simple to use Terraform to configure Anthos features on your GKE clusters. Check out part two of this series which explores adding Policy Controller audits to our Config Sync managed cluster. Learn more. Week of Sept 20 - Sept 24, 2021 Announcing the webinar, Powering market data through cloud and AI/ML. We’re sponsoring a Coalition Greenwich webinar on September 23rd where we’ll discuss the findings of our upcoming study on how market data delivery and consumption is being transformed by cloud and AI. Moderated by Coalition Greenwich, the panel will feature Trey Berre from CME Group, Brad Levy from Symphony, and Ulku Rowe representing Google Cloud. Register here. New research from Google Cloud reveals five innovation trends for market data. Together with Coalition Greenwich we surveyed exchanges, trading systems, data aggregators, data producers, asset managers, hedge funds, and investment banks to examine both the distribution and consumption of market data and trading infrastructure in the cloud. Learn more about our findings here. If you are looking for a more automated way to manage quotas over a high number of projects, we are excited to introduce a Quota Monitoring Solution from Google Cloud Professional Services. This solution benefits customers who have many projects or organizations and are looking for an easy way to monitor the quota usage in a single dashboard and use default alerting capabilities across all quotas. Week of Sept 13 - Sept 17, 2021 New storage features help ensure data is never lost. We are announcing extensions to our popular Cloud Storage offering, and introducing two new services, Filestore Enterprise, and Backup for Google Kubernetes Engine (GKE). Together, these new capabilities will make it easier for you to protect your data out-of-the box, across a wide variety of applications and use cases: Read the full article. API management powers sustainable resource management. Water, waste, and energy solutions company, Veolia, uses APIs and API Management platform Apigee to build apps and help their customers build their own apps, too. Learn from their digital and API-first approach here. To support our expanding customer base in Canada, we’re excited to announce that the new Google Cloud Platform region in Toronto is now open. Toronto is the 28th Google Cloud region connected via our high-performance network, helping customers better serve their users and customers throughout the globe. In combination with Montreal, customers now benefit from improved business continuity planning with distributed, secure infrastructure needed to meet IT and business requirements for disaster recovery, while maintaining data sovereignty. Cloud SQL now supports custom formatting controls for CSVs.When performing admin exports and imports, users can now select custom characters for field delimiters, quotes, escapes, and other characters. For more information, see our documentation. Week of Sept 6 -Sept 10, 2021 Hear how Lowe’s SRE was able to reduce their Mean Time to Recovery (MTTR) by over 80% after adopting Google’s Site Reliability Engineering practices and Google Cloud’s operations suite. Week of Aug 30 -Sept 3, 2021 A what’s new blog in the what’s new blog? Yes, you read that correctly. Google Cloud data engineers are always hard at work maintaining the hundreds of dataset pipelines that feed into our public datasets repository, but they’re also regularly bringing new ones into the mix. Check out our newest featured datasets and catch a few best practices in our living blog: What are the newest datasets in Google Cloud? Migration success with Operational Health Reviews from Google Cloud’s Professional Service Organization - Learn how Google Cloud’s Professional Services Org is proactively and strategically guiding customers to operate effectively and efficiently in the Cloud, both during and after their migration process. Learn how we simplified monitoring for Google Cloud VMware Engine and Google Cloud operations suite. Read more. Week of Aug 23 -Aug 27, 2021 Google Transfer Appliance announces preview of online mode. Customers are increasingly collecting data that needs to quickly be transferred to the cloud. Transfer Appliances are being used to quickly offload data from sources (e.g. cameras, cars, sensors) and can now stream that data to a Cloud Storage bucket. Online mode can be toggled as data is copied into the appliance and either send the data offline by shipping the appliance to Google or copy data to Cloud Storage over the network. Read more. Topic retention for Cloud Pub/Sub is now Generally Available. Topic retention is the most comprehensive and flexible way available to retain Pub/Sub messages for message replay. In addition to backing up all subscriptions connected to the topic, new subscriptions can now be initialized from a timestamp in the past. Learn more about the feature here. Vertex Predictions now supports private endpoints for online prediction. Through VPC Peering, Private Endpoints provide increased security and lower latency when serving ML models. Read more. Week of Aug 16 -Aug 20, 2021 Look for us to take security one step further by adding authorization features for service-to-service communications for gRPC proxyless services, as well as to support other deployment models, where proxyless gRPC services are running somewhere other than GKE, for example Compute Engine. We hope you'll join us and check out the setup guide and give us feedback. Cloud Run now supports VPC Service Controls. You can now protect your Cloud Run services against data exfiltration by using VPC Service Controls in conjunction with Cloud Run’s ingress and egress settings. Read more. Read how retailers are leveraging Google Cloud VMware Engine to move their on-premises applications to the cloud, where they can achieve the scale, intelligence, and speed required to stay relevant and competitive. Read more. A series of new features for BeyondCorp Enterprise, our zero trust offering. We now offer native support for client certificates for eight types of VPC-SC resources. We are also announcing general availability of the on-prem connector, which allows users to secure HTTP or HTTPS based on-premises applications outside of Google Cloud. Additionally, three new BeyondCorp attributes are available in Access Context Manager as part of a public preview. Customers can configure custom access policies based on time and date, credential strength, and/or Chrome browser attributes. Read more about these announcements here. We are excited to announce that Google Cloud, working with its partners NAG and DDN, demonstrated the highest performing Lustre file system on the IO500 ranking of the fastest HPC storage systems — quite a feat considering Lustre is one of the most widely deployed HPC file systems in the world. Read the full article. The Storage Transfer Service for on-premises data API is now available in Preview. Now you can use RESTful APIs to automate your on-prem-to-cloud transfer workflows. Storage Transfer Service is a software service to transfer data over a network. The service provides built-in capabilities such as scheduling, bandwidth management, retries, and data integrity checks that simplifies the data transfer workflow. It is now simple to use Terraform to configure Anthos features on your GKE clusters. This is the first part of the 3 part series that describes using Terraform to enable Config Sync. For platform administrators, this natural, IaC approach improves auditability and transparency and reduces risk of misconfigurations or security gaps. Read more. In this commissioned study, “Modernize With AIOps To Maximize Your Impact”, Forrester Consulting surveyed organizations worldwide to better understand how they’re approaching artificial intelligence for IT operations (AIOps) in their cloud environments, and what kind of benefits they’re seeing. Read more. If your organization or development environment has strict security policies which don’t allow for external IPs, it can be difficult to set up a connection between a Private Cloud SQL instance and a Private IP VM. This article contains clear instructions on how to set up a connection from a private Compute Engine VM to a private Cloud SQL instance using a private service connection and the mysqlsh command line tool. Week of Aug 9 -Aug 13, 2021 Compute Engine users have a new, updated set of VM-level “in-context” metrics, charts, and logs to correlate signals for common troubleshooting scenarios across CPU, Disk, Memory, Networking, and live Processes. This brings the best of Google Cloud’s operations suite directly to the Compute Engine UI. Learn more. ​​Pub/Sub to Splunk Dataflow template has been updatedto address multiple enterprise customer asks, from improved compatibility with Splunk Add-on for Google Cloud Platform, to more extensibility with user-defined functions (UDFs), and general pipeline reliability enhancements to tolerate failures like transient network issues when delivering data to Splunk. Read more to learn about how to take advantage of these latest features. Read more. Google Cloud and NVIDIA have teamed up to make VR/AR workloads easier, faster to create and tetherless! Read more. Register for the Google Cloud Startup Summit, September 9, 2021 at goo.gle/StartupSummit for a digital event filled with inspiration, learning, and discussion. This event will bring together our startup and VC community to discuss the latest trends and insights, headlined by a keynote by Astro Teller, Captain of Moonshots at X the moonshot factory. Additionally, learn from a variety of technical and business sessions to help take your startup to the next level. Google Cloud and Harris Poll healthcare research reveals COVID-19 impacts on healthcare technology. Learn more. Partial SSO is now available for public preview. If you use a 3rd party identity provider to single sign on into Google services, Partial SSO allows you to identify a subset of your users to use Google / Cloud Identity as your SAML SSO identity provider (short video and demo). Week of Aug 2-Aug 6, 2021 Gartner named Google Cloud a Leader in the 2021 Magic Quadrant for Cloud Infrastructure and Platform Services, formerly Infrastructure as a Service. Learn more. Private Service Connect is now generally available. Private Service Connect lets you create private and secure connections to Google Cloud and third-party services with service endpoints in your VPCs. Read more. 30 migration guides designed to help you identify the best ways to migrate, which include meeting common organizational goals like minimizing time and risk during your migration, identifying the most enterprise-grade infrastructure for your workloads, picking a cloud that aligns with your organization’s sustainability goals, and more. Read more. Week of Jul 26-Jul 30, 2021 This week we hosting our Retail & Consumer Goods Summit, a digital event dedicated to helping leading retailers and brands digitally transform their business. Read more about our consumer packaged goods strategy and a guide to key summit content for brands in this blog from Giusy Buonfantino, Google Cloud’s Vice President of CPG. We’re hosting our Retail & Consumer Goods Summit, a digital event dedicated to helping leading retailers and brands digitally transform their business. Read more. See how IKEA uses Recommendations AI to provide customers with more relevant product information. Read more. ​​Google Cloud launches a career program for people with autism designed to hire and support more talented people with autism in the rapidly growing cloud industry. Learn more Google Cloud follows new API stability tenets that work to minimize unexpected deprecations to our Enterprise APIs. Read more. Week of Jul 19-Jul 23, 2021 Register and join us for Google Cloud Next, October 12-14, 2021 at g.co/CloudNext for a fresh approach to digital transformation, as well as a few surprises. Next ‘21 will be a fully customizable digital adventure for a more personalized learning journey. Find the tools and training you need to succeed. From live, interactive Q&As and informative breakout sessions to educational demos and real-life applications of the latest tech from Google Cloud. Get ready to plug into your cloud community, get informed, and be inspired. Together we can tackle today’s greatest business challenges, and start solving for what’s next. "Application Innovation" takes a front row seat this year– To stay ahead of rising customer expectations and the digital and in-person hybrid landscape, enterprises must know what application innovation means and how to deliver this type of innovation with a small piece of technology that might surprise you. Learn more about the three pillars of app innovation here. We announced Cloud IDS, our new network security offering, which is now available in preview. Cloud IDS delivers easy-to-use, cloud-native, managed, network-based threat detection. With Cloud IDS, customers can enjoy a Google Cloud-integrated experience, built with Palo Alto Networks’ industry-leading threat detection technologies to provide high levels of security efficacy. Learn more. Key Visualizer for Cloud Spanner is now generally available. Key Visualizer is a new interactive monitoring tool that lets developers and administrators analyze usage patterns in Spanner. It reveals trends and outliers in key performance and resource metrics for databases of any size, helping to optimize queries and reduce infrastructure costs. See it in action. The market for healthcare cloud is projected to grow 43%. This means a need for better tech infrastructure, digital transformation & Cloud tools. Learn how Google Cloud Partner Advantage partners help customers solve business challenges in healthcare. Week of Jul 12-Jul 16, 2021 Simplify VM migrations with Migrate for Compute Engine as a Service: delivers a Google-managed cloud service that enables simple, frictionless, and large-scale enterprise migrations of virtual machines to Google Compute Engine with minimal downtime and risk. API-driven and integrated into your Google Cloud console for ease of use, this service uses agent-less replication to copy data without manual intervention and without VPN requirements. It also enables you to launch non-disruptive validations of your VMs prior to cutover. Rapidly migrate a single application or execute a sprint with hundred systems using migration groups with confidence. Read more here. The Google Cloud region in Delhi NCR is now open for business, ready to host your workloads. Learn more and watch the region launch event here. Introducing Quilkin: the open-source game server proxy. Developed in collaboration with Embark Studios, Quilkin is an open source UDP proxy, tailor-made for high performance real-time multiplayer games. Read more. We’re making Google Glass on Meet available to a wider network of global customers. Learn more. Transfer Appliance supports Google Managed Encryption Keys — We’re announcing the support for Google Managed Encryption Keys with Transfer Appliance, this is in addition to the currently available Customer Managed Encryption Keys feature. Customers have asked for the Transfer Appliance service to create and manage encryption keys for transfer sessions to improve usability and maintain security. The Transfer Appliance Service can now manage the encryption keys for the customers who do not wish to handle a key themselves. Learn more about Using Google Managed Encryption Keys. UCLA builds a campus-wide API program– With Google Cloud's API management platform, Apigee, UCLA created a unified and strong API foundation that removes data friction that students, faculty, and administrators alike face. This foundation not only simplifies how various personas connect to data, but also encourages more innovations in the future. Learn their story. An enhanced region picker makes it easy to choose a Google Cloud region with the lowest CO2 output. Learn more. Amwell and Google Cloud explore five ways telehealth can help democratize access to healthcare. Read more. Major League Baseball and Kaggle launch ML competition to learn about fan engagement. Batter up! We’re rolling out general support of Brand Indicators for Message Identification (BIMI) in Gmail within Google Workspace. Learn more. Learn how DeNA Sports Business created an operational status visualization system that helps determine whether live event attendees have correctly installed Japan’s coronavirus contact tracing app COCOA. Google Cloud CAS provides a highly scalable and available private CA to address the unprecedented growth in certificates in the digital world. Read more about CAS. Week of Jul 5-Jul 9, 2021 Google Cloud and Call of Duty League launch ActivStat to bring fans, players, and commentators the power of competitive statistics in real-time. Read more. Building applications is a heavy lift due to the technical complexity, which includes the complexity of backend services that are used to manage and store data. Firestore alters this by having Google Cloud manage your backend complexity through a complete backend-as-a-service! Learn more. Google Cloud’s new Native App Development skills challenge lets you earn badges that demonstrate your ability to create cloud-native apps. Read more and sign up. Week of Jun 28-Jul 2, 2021 Storage Transfer Service now offers preview support for Integration with AWS Security Token Service. Security conscious customers can now use Storage Transfer Service to perform transfers from AWS S3 without passing any security credentials. This release will alleviate the security burden associated with passing long-term AWS S3 credentials, which have to be rotated or explicitly revoked when they are no longer needed. Read more. The most popular and surging Google Search terms are now available in BigQuery as a public dataset. View the Top 25 and Top 25 rising queries from Google Trends from the past 30-days, including 5 years of historical data across the 210 Designated Market Areas (DMAs) in the US. Learn more. A new predictive autoscaling capability lets you add additional Compute Engine VMs in anticipation of forecasted demand. Predictive autoscaling is generally available across all Google Cloud regions. Read more or consult the documentation for more information on how to configure, simulate and monitor predictive autoscaling. Messages by Google is now the default messaging app for all AT&T customers using Android phones in the United States. Read more. TPU v4 Pods will soon be available on Google Cloud, providing the most powerful publicly available computing platform for machine learning training. Learn more. Cloud SQL for SQL Server has addressed multiple enterprise customer asks with the GA releases of both SQL Server 2019 and Active Directory integration, as well as the Preview release of Cross Region Replicas. This set of releases work in concert to allow customers to set up a more scalable and secure managed SQL Server environment to address their workloads’ needs. Read more. Week of Jun 21-Jun 25, 2021 Simplified return-to-office with no-code technology–We've just released a solution to your most common return-to-office headaches: make a no-code app customized to solve your business-specific challenges. Learn how to create an automated app where employees can see office room occupancy, check what desks are reserved or open, review disinfection schedules, and more in this blog tutorial. New technical validation whitepaper for running ecommerce applications—Enterprise Strategy Group's analyst outlines the challenges of organizations running ecommerce applications and how Google Cloud helps to mitigate those challenges and handle changing demands with global infrastructure solutions. Download the whitepaper. The fullagendafor Google for Games Developer Summit on July 12th-13th, 2021 is now available. A free digital event with announcements from teams including Stadia, Google Ads, AdMob, Android, Google Play, Firebase, Chrome, YouTube, and Google Cloud. Hear more about how Google Cloud technology creates opportunities for gaming companies to make lasting enhancements for players and creatives. Register at g.co/gamedevsummit BigQuery row-level security is now generally available, giving customers a way to control access to subsets of data in the same table for different groups of users. Row-level security (RLS) extends the principle of least privilege access and enables fine-grained access control policies in BigQuery tables. BigQuery currently supports access controls at the project-, dataset-, table- and column-level. Adding RLS to the portfolio of access controls now enables customers to filter and define access to specific rows in a table based on qualifying user conditions—providing much needed peace of mind for data professionals. Transfer from Azure ADLS Gen 2: Storage Transfer Service offers Preview support for transferring data from Azure ADLS Gen 2 to Google Cloud Storage. Take advantage of a scalable, serverless service to handle data transfer. Read more. reCAPTCHA V2 and V3 customers can now migrate site keys to reCAPTCHA Enterprise in under 10 minutes and without making any code changes. Watch our Webinar to learn more. Bot attacks are the biggest threat to your business that you probably haven’t addressed yet. Check out our Forbes article to see what you can do about it. Week of Jun 14-Jun 18, 2021 A new VM family for scale-out workloads—New AMD-based Tau VMs offer 56% higher absolute performance and 42% higher price-performance compared to general-purpose VMs from any of the leading public cloud vendors. Learn more. New whitepaper helps customers plot their cloud migrations—Our new whitepaper distills the conversations we’ve had with CIOs, CTOs, and their technical staff into several frameworks that can help cut through the hype and the technical complexity to help devise the strategy that empowers both the business and IT. Read more or download the whitepaper. Ubuntu Pro lands on Google Cloud—The general availability of Ubuntu Pro images on Google Cloud gives customers an improved Ubuntu experience, expanded security coverage, and integration with critical Google Cloud features. Read more. Navigating hybrid work with a single, connected experience in Google Workspace—New additions to Google Workspace help businesses navigate the challenges of hybrid work, such as Companion Mode for Google Meet calls. Read more. Arab Bank embraces Google Cloud technology—This Middle Eastern bank now offers innovative apps and services to their customers and employees with Apigee and Anthos. In fact, Arab Bank reports over 90% of their new-to-bank customers are using their mobile apps. Learn more. Google Workspace for the Public Sector Sector events—This June, learn about Google Workspace tips and tricks to help you get things done. Join us for one or more of our learning events tailored for government and higher education users. Learn more. Week of Jun 7-Jun 11, 2021 The top cloud capabilities industry leaders want for sustained innovation—Multicloud and hybrid cloud approaches, coupled with open-source technology adoption, enable IT teams to take full advantage of the best cloud has to offer. Our recent study with IDG shows just how much of a priority this has become for business leaders. Read more or download the report. Announcing the Firmina subsea cable—Planned to run from the East Coast of the United States to Las Toninas, Argentina, with additional landings in Praia Grande, Brazil, and Punta del Este, Uruguay, Firmina will be the longest open subsea cable in the world capable of running entirely from a single power source at one end of the cable if its other power source(s) become temporarily unavailable—a resilience boost at a time when reliable connectivity is more important than ever. Read more. New research reveals what’s needed for AI acceleration in manufacturing—According to our data, which polled more than 1,000 senior manufacturing executives across seven countries, 76% have turned to digital enablers and disruptive technologies due to the pandemic such as data and analytics, cloud, and artificial intelligence (AI). And 66% of manufacturers who use AI in their day-to-day operations report that their reliance on AI is increasing. Read more or download the report. Cloud SQL offers even faster maintenance—Cloud SQL maintenance is zippier than ever. MySQL and PostgreSQL planned maintenance typically lasts less than 60 seconds and SQL Server maintenance typically lasts less than 120 seconds. You can learn more about maintenance here. Simplifying Transfer Appliance configuration with Cloud Setup Application—We’re announcing the availability of the Transfer Appliance Cloud Setup Application. This will use the information you provide through simple prompts and configure your Google Cloud permissions, preferred Cloud Storage bucket, and Cloud KMS key for your transfer. Several cloud console based manual steps are now simplified with a command line experience. Read more. Google Cloud VMware Engine is now HIPAA compliant—As of April 1, 2021, Google Cloud VMware Engine is covered under the Google Cloud Business Associate Agreement (BAA), meaning it has achieved HIPAA compliance. Healthcare organizations can now migrate and run their HIPAA-compliant VMware workloads in a fully compatible VMware Cloud Verified stack running natively in Google Cloud with Google Cloud VMware Engine, without changes or re-architecture to tools, processes, or applications. Read more. Introducing container-native Cloud DNS—Kubernetes networking almost always starts with a DNS request. DNS has broad impacts on your application and cluster performance, scalability, and resilience. That is why we are excited to announce the release of container-native Cloud DNS—the native integration of Cloud DNS with Google Kubernetes Engine (GKE) to provide in-cluster Service DNS resolution with Cloud DNS, our scalable and full-featured DNS service. Read more. Welcoming the EU’s new Standard Contractual Clauses for cross-border data transfers—Learn how we’re incorporating the new Standard Contractual Clauses (SCCs) into our contracts to help protect our customers’ data and meet the requirements of European privacy legislation. Read more. Lowe’s meets customer demand with Google SRE practices—Learn how Low’s has been able to increase the number of releases they can support by adopting Google’s Site Reliability Engineering (SRE) framework and leveraging their partnership with Google Cloud. Read more. What’s next for SAP on Google Cloud at SAPPHIRE NOW and beyond—As SAP’s SAPPHIRE conference begins this week, we believe businesses have a more significant opportunity than ever to build for their next decade of growth and beyond. Learn more on how we’re working together with our customers, SAP, and our partners to support this transformation. Read more. Support for Node.js, Python and Java repositories for Artifact Registrynow in Preview–With today’s announcement, you can not only use Artifact Registry to secure and distribute container images, but also manage and secure your other software artifacts. Read more. What’s next for SAP on Google Cloud at SAPPHIRE NOW and beyond—As SAP’s SAPPHIRE conference begins this week, we believe businesses have a more significant opportunity than ever to build for their next decade of growth and beyond. Learn more on how we’re working together with our customers, SAP, and our partners to support this transformation. Read more. Google named a Leader in The Forrester Wave: Streaming Analytics, Q2 2021 report–Learn about the criteria where Google Dataflow was rated 5 out 5 and why this matters for our customers here. Applied ML Summit this Thursday, June 10–Watch our keynote to learn about predictions for machine learning over the next decade. Engage with distinguished researchers, leading practitioners, and Kaggle Grandmasters during our live Ask Me Anything session. Take part in our modeling workshops to learn how you can iterate faster, and deploy and manage your models with confidence–no matter your level of formal computer science training. Learn how to develop and apply your professional skills, grow your abilities at the pace of innovation, and take your career to the next level. Register now. Week of May 31-Jun 4, 2021 Security Command Center now supports CIS 1.1 benchmarks and granular access control–Security Command Center (SCC) now supports CIS benchmarks for Google Cloud Platform Foundation v1.1, enabling you to monitor and address compliance violations against industry best practices in your Google Cloud environment. Additionally, SCC now supports fine-grained access control for administrators that allows you to easily adhere to the principles of least privilege—restricting access based on roles and responsibilities to reduce risk and enabling broader team engagement to address security. Read more. Zero-trust managed security for services with Traffic Director–We created Traffic Director to bring to you a fully managed service mesh product that includes load balancing, traffic management and service discovery. And now, we’re happy to announce the availability of a fully-managed zero-trust security solution using Traffic Director with Google Kubernetes Engine (GKE) and Certificate Authority (CA) Service. Read more. How one business modernized their data warehouse for customer success–PedidosYa migrated from their old data warehouse to Google Cloud's BigQuery. Now with BigQuery, the Latin American online food ordering company has reduced the total cost per query by 5x. Learn more. Announcing new Cloud TPU VMs–New Cloud TPU VMs make it easier to use our industry-leading TPU hardware by providing direct access to TPU host machines, offering a new and improved user experience to develop and deploy TensorFlow, PyTorch, and JAX on Cloud TPUs. Read more. Introducing logical replication and decoding for Cloud SQL for PostgreSQL–We’re announcing the public preview of logical replication and decoding for Cloud SQL for PostgreSQL. By releasing those capabilities and enabling change data capture (CDC) from Cloud SQL for PostgreSQL, we strengthen our commitment to building an open database platform that meets critical application requirements and integrates seamlessly with the PostgreSQL ecosystem. Read more. How 6 businesses are transforming with SAP on Google Cloud–Thousands of organizations globally rely on SAP for their most mission critical workloads. And for many Google Cloud customers, part of a broader digital transformation journey has included accelerating the migration of these essential SAP workloads to Google Cloud for greater agility, elasticity, and uptime. Read six of their stories. Week of May 24-May 28, 2021 Google Cloud for financial services: driving your transformation cloud journey–As we welcome the industry to our Financial Services Summit, we’re sharing more on how Google Cloud accelerates a financial organization’s digital transformation through app and infrastructure modernization, data democratization, people connections, and trusted transactions. Read more or watch the summit on demand. Introducing Datashare solution for financial services–We announced the general availability of Datashare for financial services, a new Google Cloud solution that brings together the entire capital markets ecosystem—data publishers and data consumers—to exchange market data securely and easily. Read more. Announcing Datastream in Preview–Datastream, a serverless change data capture (CDC) and replication service, allows enterprises to synchronize data across heterogeneous databases, storage systems, and applications reliably and with minimal latency to support real-time analytics, database replication, and event-driven architectures. Read more. Introducing Dataplex: An intelligent data fabric for analytics at scale–Dataplex provides a way to centrally manage, monitor, and govern your data across data lakes, data warehouses and data marts, and make this data securely accessible to a variety of analytics and data science tools. Read more. Announcing Dataflow Prime–Available in Preview in Q3 2021, Dataflow Prime is a new platform based on a serverless, no-ops, auto-tuning architecture built to bring unparalleled resource utilization and radical operational simplicity to big data processing. Dataflow Prime builds on Dataflow and brings new user benefits with innovations in resource utilization and distributed diagnostics. The new capabilities in Dataflow significantly reduce the time spent on infrastructure sizing and tuning tasks, as well as time spent diagnosing data freshness problems. Read more. Secure and scalable sharing for data and analytics with Analytics Hub–With Analytics Hub, available in Preview in Q3, organizations get a rich data ecosystem by publishing and subscribing to analytics-ready datasets; control and monitoring over how their data is being used; a self-service way to access valuable and trusted data assets; and an easy way to monetize their data assets without the overhead of building and managing the infrastructure. Read more. Cloud Spanner trims entry cost by 90%–Coming soon to Preview, granular instance sizing in Spanner lets organizations run workloads at as low as 1/10th the cost of regular instances, equating to approximately $65/month. Read more. Cloud Bigtable lifts SLA and adds new security features for regulated industries–Bigtable instances with a multi-cluster routing policy across 3 or more regions are now covered by a 99.999% monthly uptime percentage under the new SLA. In addition, new Data Access audit logs can help determine whether sensitive customer information has been accessed in the event of a security incident, and if so, when, and by whom. Read more. Build a no-code journaling app–In honor of Mental Health Awareness Month, Google Cloud's no-code application development platform, AppSheet, demonstrates how you can build a journaling app complete with titles, time stamps, mood entries, and more. Learn how with this blog and video here. New features in Security Command Center—On May 24th, Security Command Center Premium launched the general availability of granular access controls at project- and folder-level and Center for Internet Security (CIS) 1.1 benchmarks for Google Cloud Platform Foundation. These new capabilities enable organizations to improve their security posture and efficiently manage risk for their Google Cloud environment. Learn more. Simplified API operations with AI–Google Cloud's API management platform Apigee applies Google's industry leading ML and AI to your API metadata. Understand how it works with anomaly detection here. This week: Data Cloud and Financial Services Summits–Our Google Cloud Summit series begins this week with the Data Cloud Summit on Wednesday May 26 (Global). At this half-day event, you’ll learn how leading companies like PayPal, Workday, Equifax, and many others are driving competitive differentiation using Google Cloud technologies to build their data clouds and transform data into value that drives innovation. The following day, Thursday May 27 (Global & EMEA) at the Financial Services Summit, discover how Google Cloud is helping financial institutions such as PayPal, Global Payments, HSBC, Credit Suisse, AXA Switzerland and more unlock new possibilities and accelerate business through innovation. Read more and explore the entire summit series. Announcing the Google for Games Developer Summit 2021 on July 12th-13th–With a surge of new gamers and an increase in time spent playing games in the last year, it’s more important than ever for game developers to delight and engage players. To help developers with this opportunity, the games teams at Google are back to announce the return of the Google for Games Developer Summit 2021 on July 12th-13th. Hear from experts across Google about new game solutions they’re building to make it easier for you to continue creating great games, connecting with players and scaling your business. Registration is free and open to all game developers. Register for the free online event at g.co/gamedevsummit to get more details in the coming weeks. We can’t wait to share our latest innovations with the developer community. Learn more. Week of May 17-May 21, 2021 Best practices to protect your organization against ransomware threats–For more than 20 years Google has been operating securely in the cloud, using our modern technology stack to provide a more defensible environment that we can protect at scale. While the threat of ransomware isn’t new, our responsibility to help protect you from existing or emerging threats never changes. In our recent blog post, we shared guidance on how organizations can increase their resilience to ransomware and how some of our Cloud products and services can help. Read more. Forrester names Google Cloud a Leader in Unstructured Data Security Platforms–Forrester Research has named Google Cloud a Leader in The Forrester Wave: Unstructured Data Security Platforms, Q2 2021 report, and rated Google Cloud highest in the current offering category among the providers evaluated. Read more or download the report. Introducing Vertex AI: One platform, every ML tool you need–Vertex AI is a managed machine learning (ML) platform that allows companies to accelerate the deployment and maintenance of artificial intelligence (AI) models. Read more. Transforming collaboration in Google Workspace–We’re launching smart canvas, a new product experience that delivers the next evolution of collaboration for Google Workspace. Between now and the end of the year, we’re rolling out innovations that make it easier for people to stay connected, focus their time and attention, and transform their ideas into impact. Read more. Developing next-generation geothermal power–At I/O this week, we announced a first-of-its-kind, next-generation geothermal project with clean-energy startup Fervo that will soon begin adding carbon-free energy to the electric grid that serves our data centers and infrastructure throughout Nevada, including our Cloud region in Las Vegas. Read more. Contributing to an environment of trust and transparency in Europe–Google Cloud was one of the first cloud providers to support and adopt the EU GDPR Cloud Code of Conduct (CoC). The CoC is a mechanism for cloud providers to demonstrate how they offer sufficient guarantees to implement appropriate technical and organizational measures as data processors under the GDPR. This week, the Belgian Data Protection Authority, based on a positive opinion by the European Data Protection Board (EDPB), approved the CoC, a product of years of constructive collaboration between the cloud computing community, the European Commission, and European data protection authorities. We are proud to say that Google Cloud Platform and Google Workspace already adhere to these provisions. Learn more. Announcing Google Cloud datasets solutions–We're adding commercial, synthetic, and first-party data to our Google Cloud Public Datasets Program to help organizations increase the value of their analytics and AI initiatives, and we're making available an open source reference architecture for a more streamlined data onboarding process to the program. Read more. Introducing custom samples in Cloud Code–With new custom samples in Cloud Code, developers can quickly access your enterprise’s best code samples via a versioned Git repository directly from their IDEs. Read more. Retention settings for Cloud SQL–Cloud SQL now allows you to configure backup retention settings to protect against data loss. You can retain between 1 and 365 days’ worth of automated backups and between 1 and 7 days’ worth of transaction logs for point-in-time recovery. See the details here. Cloud developer’s guide to Google I/O 2021–Google I/O may look a little different this year, but don’t worry, you’ll still get the same first-hand look at the newest launches and projects coming from Google. Best of all, it’s free and available to all (virtually) on May 18-20. Read more. Week of May 10-May 14, 2021 APIs and Apigee power modern day due diligence–With APIs and Google Cloud's Apigee, business due diligence company DueDil revolutionized the way they harness and share their Big Information Graph (B.I.G.) with partners and customers. Get the full story. Cloud CISO Perspectives: May 2021–It’s been a busy month here at Google Cloud since our inaugural CISO perspectives blog post in April. Here, VP and CISO of Google Cloud Phil Venables recaps our cloud security and industry highlights, a sneak peak of what’s ahead from Google at RSA, and more. Read more. 4 new features to secure your Cloud Run services–We announced several new ways to secure Cloud Run environments to make developing and deploying containerized applications easier for developers. Read more. Maximize your Cloud Run investments with new committed use discounts–We’re introducing self-service spend-based committed use discounts for Cloud Run, which let you commit for a year to spending a certain amount on Cloud Run and benefiting from a 17% discount on the amount you committed. Read more. Google Cloud Armor Managed Protection Plus is now generally available–Cloud Armor, our Distributed Denial of Service (DDoS) protection and Web-Application Firewall (WAF) service on Google Cloud, leverages the same infrastructure, network, and technology that has protected Google’s internet-facing properties from some of the largest attacks ever reported. These same tools protect customers’ infrastructure from DDoS attacks, which are increasing in both magnitude and complexity every year. Deployed at the very edge of our network, Cloud Armor absorbs malicious network- and protocol-based volumetric attacks, while mitigating the OWASP Top 10 risks and maintaining the availability of protected services. Read more. Announcing Document Translation for Translation API Advanced in preview–Translation is critical to many developers and localization providers, whether you’re releasing a document, a piece of software, training materials or a website in multiple languages. With Document Translation, now you can directly translate documents in 100+ languages and formats such as Docx, PPTx, XLSx, and PDF while preserving document formatting. Read more. Introducing BeyondCorp Enterprise protected profiles–Protected profiles enable users to securely access corporate resources from an unmanaged device with the same threat and data protections available in BeyondCorp Enterprise–all from the Chrome Browser. Read more. How reCAPTCHA Enterprise protects unemployment and COVID-19 vaccination portals–With so many people visiting government websites to learn more about the COVID-19 vaccine, make vaccine appointments, or file for unemployment, these web pages have become prime targets for bot attacks and other abusive activities. But reCAPTCHA Enterprise has helped state governments protect COVID-19 vaccine registration portals and unemployment claims portals from abusive activities. Learn more. Day one with Anthos? Here are 6 ideas for how to get started–Once you have your new application platform in place, there are some things you can do to immediately get value and gain momentum. Here are six things you can do to get you started. Read more. The era of the transformation cloud is here–Google Cloud’s president Rob Enslin shares how the era of the transformation cloud has seen organizations move beyond data centers to change not only where their business is done but, more importantly, how it is done. Read more. Week of May 3-May 7, 2021 Transforming hard-disk drive maintenance with predictive ML–In collaboration with Seagate, we developed a machine learning system that can forecast the probability of a recurring failing disk—a disk that fails or has experienced three or more problems in 30 days. Learn how we did it. Agent Assist for Chat is now in public preview–Agent Assist provides your human agents with continuous support during their calls, and now chats, by identifying the customers’ intent and providing them with real-time recommendations such as articles and FAQs as well as responses to customer messages to more effectively resolve the conversation. Read more. New Google Cloud, AWS, and Azure product map–Our updated product map helps you understand similar offerings from Google Cloud, AWS, and Azure, and you can easily filter the list by product name or other common keywords. Read more or view the map. Join our Google Cloud Security Talks on May 12th–We’ll share expert insights into how we’re working to be your most trusted cloud. Find the list of topics we’ll cover here. Databricks is now GA on Google Cloud–Deploy or migrate Databricks Lakehouse to Google Cloud to combine the benefits of an open data cloud platform with greater analytics flexibility, unified infrastructure management, and optimized performance. Read more. HPC VM image is now GA–The CentOS-based HPC VM image makes it quick and easy to create HPC-ready VMs on Google Cloud that are pre-tuned for optimal performance. Check out our documentation and quickstart guide to start creating instances using the HPC VM image today. Take the 2021 State of DevOps survey–Help us shape the future of DevOps and make your voice heard by completing the 2021 State of DevOps survey before June 11, 2021. Read more or take the survey. OpenTelemetry Trace 1.0 is now available–OpenTelemetry has reached a key milestone: the OpenTelemetry Tracing Specification has reached version 1.0. API and SDK release candidates are available for Java, Erlang, Python, Go, Node.js, and .Net. Additional languages will follow over the next few weeks. Read more. New blueprint helps secure confidential data in AI Platform Notebooks–We’re adding to our portfolio of blueprints with the publication of our Protecting confidential data in AI Platform Notebooks blueprint guide and deployable blueprint, which can help you apply data governance and security policies that protect your AI Platform Notebooks containing confidential data. Read more. The Liquibase Cloud Spanner extension is now GA–Liquibase, an open-source library that works with a wide variety of databases, can be used for tracking, managing, and automating database schema changes. By providing the ability to integrate databases into your CI/CD process, Liquibase helps you more fully adopt DevOps practices. The Liquibase Cloud Spanner extension allows developers to use Liquibase's open-source database library to manage and automate schema changes in Cloud Spanner. Read more. Cloud computing 101: Frequently asked questions–There are a number of terms and concepts in cloud computing, and not everyone is familiar with all of them. To help, we’ve put together a list of common questions, and the meanings of a few of those acronyms. Read more. Week of Apr 26-Apr 30, 2021 Announcing the GKE Gateway controller, in Preview–GKE Gateway controller, Google Cloud’s implementation of the Gateway API, manages internal and external HTTP/S load balancing for a GKE cluster or a fleet of GKE clusters and provides multi-tenant sharing of load balancer infrastructure with centralized admin policy and control. Read more. See Network Performance for Google Cloud in Performance Dashboard–The Google Cloud performance view, part of the Network Intelligence Center, provides packet loss and latency metrics for traffic on Google Cloud. It allows users to do informed planning of their deployment architecture, as well as determine in real time the answer to the most common troubleshooting question: "Is it Google or is it me?" The Google Cloud performance view is now open for all Google Cloud customers as a public preview. Check it out. Optimizing data in Google Sheets allows users to create no-code apps–Format columns and tables in Google Sheets to best position your data to transform into a fully customized, successful app–no coding necessary. Read our four best Google Sheets tips. Automation bots with AppSheet Automation–AppSheet recently released AppSheet Automation, infusing Google AI capabilities to AppSheet's trusted no-code app development platform. Learn step by step how to build your first automation bot on AppSheet here. Google Cloud announces a new region in Israel–Our new region in Israel will make it easier for customers to serve their own users faster, more reliably and securely. Read more. New multi-instance NVIDIA GPUs on GKE–We’re launching support for multi-instance GPUs in GKE (currently in Preview), which will help you drive better value from your GPU investments. Read more. Partnering with NSF to advance networking innovation–We announced our partnership with the U.S. National Science Foundation (NSF), joining other industry partners and federal agencies, as part of a combined $40 million investment in academic research for Resilient and Intelligent Next-Generation (NextG) Systems, or RINGS. Read more. Creating a policy contract with Configuration as Data–Configuration as Data is an emerging cloud infrastructure management paradigm that allows developers to declare the desired state of their applications and infrastructure, without specifying the precise actions or steps for how to achieve it. However, declaring a configuration is only half the battle: you also want policy that defines how a configuration is to be used. This post shows you how. Google Cloud products deliver real-time data solutions–Seven-Eleven Japan built Seven Central, its new platform for digital transformation, on Google Cloud. Powered by BigQuery, Cloud Spanner, and Apigee API management, Seven Central presents easy to understand data, ultimately allowing for quickly informed decisions. Read their story here. Week of Apr 19-Apr 23, 2021 Extreme PD is now GA–On April 20th, Google Cloud’s Persistent Disk launched general availability of Extreme PD, a high performance block storage volume with provisioned IOPS and up to 2.2 GB/s of throughput. Learn more. Research: How data analytics and intelligence tools to play a key role post-COVID-19–A recent Google-commissioned study by IDG highlighted the role of data analytics and intelligent solutions when it comes to helping businesses separate from their competition. The survey of 2,000 IT leaders across the globe reinforced the notion that the ability to derive insights from data will go a long way towards determining which companies win in this new era. Learn more or download the study. Introducing PHP on Cloud Functions–We’re bringing support for PHP, a popular general-purpose programming language, to Cloud Functions. With the Functions Framework for PHP, you can write idiomatic PHP functions to build business-critical applications and integration layers. And with Cloud Functions for PHP, now available in Preview, you can deploy functions in a fully managed PHP 7.4 environment, complete with access to resources in a private VPC network. Learn more. Delivering our 2020 CCAG pooled audit–As our customers increased their use of cloud services to meet the demands of teleworking and aid in COVID-19 recovery, we’ve worked hard to meet our commitment to being the industry’s most trusted cloud, despite the global pandemic. We’re proud to announce that Google Cloud completed an annual pooled audit with the CCAG in a completely remote setting, and were the only cloud service provider to do so in 2020. Learn more. Anthos 1.7 now available–We recently released Anthos 1.7, our run-anywhere Kubernetes platform that’s connected to Google Cloud, delivering an array of capabilities that make multicloud more accessible and sustainable. Learn more. New Redis Enterprise for Anthos and GKE–We’re making Redis Enterprise for Anthos and Google Kubernetes Engine (GKE) available in the Google Cloud Marketplace in private preview. Learn more. Updates to Google Meet–We introduced a refreshed user interface (UI), enhanced reliability features powered by the latest Google AI, and tools that make meetings more engaging—even fun—for everyone involved. Learn more. DocAI solutions now generally available–Document (Doc) AI platform, Lending DocAI and Procurement DocAI, built on decades of AI innovation at Google, bring powerful and useful solutions across lending, insurance, government and other industries. Learn more. Four consecutive years of 100% renewable energy–In 2020, Google again matched 100 percent of its global electricity use with purchases of renewable energy. All told, we’ve signed agreements to buy power from more than 50 renewable energy projects, with a combined capacity of 5.5 gigawatts–about the same as a million solar rooftops. Learn more. Announcing the Google Cloud region picker–The Google Cloud region picker lets you assess key inputs like price, latency to your end users, and carbon footprint to help you choose which Google Cloud region to run on. Learn more. Google Cloud launches new security solution WAAP–WebApp and API Protection (WAAP) combines Google Cloud Armor, Apigee, and reCAPTCHA Enterprise to deliver improved threat protection, consolidated visibility, and greater operational efficiencies across clouds and on-premises environments. Learn more about WAAP here. New in no-code–As discussed in our recent article, no-code hackathons are trending among innovative organizations. Since then, we've outlined how you can host one yourself specifically designed for your unique business innovation outcomes. Learn how here. Google Cloud Referral Program now available—Now you can share the power of Google Cloud and earn product credit for every new paying customer you refer. Once you join the program, you’ll get a unique referral link that you can share with friends, clients, or others. Whenever someone signs up with your link, they’ll get a $350 product credit—that’s $50 more than the standard trial credit. When they become a paying customer, we’ll reward you with a $100 product credit in your Google Cloud account. Available in the United States, Canada, Brazil, and Japan. Apply for the Google Cloud Referral Program. Week of Apr 12-Apr 16, 2021 Announcing the Data Cloud Summit, May 26, 2021–At this half-day event, you’ll learn how leading companies like PayPal, Workday, Equifax, Zebra Technologies, Commonwealth Care Alliance and many others are driving competitive differentiation using Google Cloud technologies to build their data clouds and transform data into value that drives innovation. Learn more and register at no cost. Announcing the Financial Services Summit, May 27, 2021–In this 2 hour event, you’ll learn how Google Cloud is helping financial institutions including PayPal, Global Payments, HSBC, Credit Suisse, and more unlock new possibilities and accelerate business through innovation and better customer experiences. Learn more and register for free: Global & EMEA. How Google Cloud is enabling vaccine equity–In our latest update, we share more on how we’re working with US state governments to help produce equitable vaccination strategies at scale. Learn more. The new Google Cloud region in Warsaw is open–The Google Cloud region in Warsaw is now ready for business, opening doors for organizations in Central and Eastern Europe. Learn more. AppSheet Automation is now GA–Google Cloud’s AppSheet launches general availability of AppSheet Automation, a unified development experience for citizen and professional developers alike to build custom applications with automated processes, all without coding. Learn how companies and employees are reclaiming their time and talent with AppSheet Automation here. Introducing SAP Integration with Cloud Data Fusion–Google Cloud native data integration platform Cloud Data Fusion now offers the capability to seamlessly get data out of SAP Business Suite, SAP ERP and S/4HANA. Learn more. Week of Apr 5-Apr 9, 2021 New Certificate Authority Service (CAS) whitepaper–“How to deploy a secure and reliable public key infrastructure with Google Cloud Certificate Authority Service” (written by Mark Cooper of PKI Solutions and Anoosh Saboori of Google Cloud) covers security and architectural recommendations for the use of the Google Cloud CAS by organizations, and describes critical concepts for securing and deploying a PKI based on CAS. Learn more or read the whitepaper. Active Assist’s new feature, predictive autoscaling, helps improve response times for your applications–When you enable predictive autoscaling, Compute Engine forecasts future load based on your Managed Instance Group’s (MIG) history and scales it out in advance of predicted load, so that new instances are ready to serve when the load arrives. Without predictive autoscaling, an autoscaler can only scale a group reactively, based on observed changes in load in real time. With predictive autoscaling enabled, the autoscaler works with real-time data as well as with historical data to cover both the current and forecasted load. That makes predictive autoscaling ideal for those apps with long initialization times and whose workloads vary predictably with daily or weekly cycles. For more information, see How predictive autoscaling works or check if predictive autoscaling is suitable for your workload, and to learn more about other intelligent features, check out Active Assist. Introducing Dataprep BigQuery pushdown–BigQuery pushdown gives you the flexibility to run jobs using either BigQuery or Dataflow. If you select BigQuery, then Dataprep can automatically determine if data pipelines can be partially or fully translated in a BigQuery SQL statement. Any portions of the pipeline that cannot be run in BigQuery are executed in Dataflow. Utilizing the power of BigQuery results in highly efficient data transformations, especially for manipulations such as filters, joins, unions, and aggregations. This leads to better performance, optimized costs, and increased security with IAM and OAuth support. Learn more. Announcing the Google Cloud Retail & Consumer Goods Summit–The Google Cloud Retail & Consumer Goods Summit brings together technology and business insights, the key ingredients for any transformation. Whether you're responsible for IT, data analytics, supply chains, or marketing, please join! Building connections and sharing perspectives cross-functionally is important to reimagining yourself, your organization, or the world. Learn more or register for free. New IDC whitepaper assesses multicloud as a risk mitigation strategy–To better understand the benefits and challenges associated with a multicloud approach, we supported IDC’s new whitepaper that investigates how multicloud can help regulated organizations mitigate the risks of using a single cloud vendor. The whitepaper looks at different approaches to multi-vendor and hybrid clouds taken by European organizations and how these strategies can help organizations address concentration risk and vendor-lock in, improve their compliance posture, and demonstrate an exit strategy. Learn more or download the paper. Introducing request priorities for Cloud Spanner APIs–You can now specify request priorities for some Cloud Spanner APIs. By assigning a HIGH, MEDIUM, or LOW priority to a specific request, you can now convey the relative importance of workloads, to better align resource usage with performance objectives. Learn more. How we’re working with governments on climate goals–Google Sustainability Officer Kate Brandt shares more on how we’re partnering with governments around the world to provide our technology and insights to drive progress in sustainability efforts. Learn more. Week of Mar 29-Apr 2, 2021 Why Google Cloud is the ideal platform for Block.one and other DLT companies–Late last year, Google Cloud joined the EOS community, a leading open-source platform for blockchain innovation and performance, and is taking steps to support the EOS Public Blockchain by becoming a block producer (BP). At the time, we outlined how our planned participation underscores the importance of blockchain to the future of business, government, and society. We're sharing more on why Google Cloud is uniquely positioned to be an excellent partner for Block.one and other distributed ledger technology (DLT) companies. Learn more. New whitepaper: Scaling certificate management with Certificate Authority Service–As Google Cloud’s Certificate Authority Service (CAS) approaches general availability, we want to help customers understand the service better. Customers have asked us how CAS fits into our larger security story and how CAS works for various use cases. Our new white paper answers these questions and more. Learn more and download the paper. Build a consistent approach for API consumers–Learn the differences between REST and GraphQL, as well as how to apply REST-based practices to GraphQL. No matter the approach, discover how to manage and treat both options as API products here. Apigee X makes it simple to apply Cloud CDN to APIs–With Apigee X and Cloud CDN, organizations can expand their API programs' global reach. Learn how to deploy APIs across 24 regions and 73 zones here. Enabling data migration with Transfer Appliances in APAC—We’re announcing the general availability of Transfer Appliances TA40/TA300 in Singapore. Customers are looking for fast, secure and easy to use options to migrate their workloads to Google Cloud and we are addressing their needs with Transfer Appliances globally in the US, EU and APAC. Learn more about Transfer Appliances TA40 and TA300. Windows Authentication is now supported on Cloud SQL for SQL Server in public preview—We’ve launched seamless integration with Google Cloud’s Managed Service for Microsoft Active Directory (AD). This capability is a critical requirement to simplify identity management and streamline the migration of existing SQL Server workloads that rely on AD for access control. Learn more or get started. Using Cloud AI to whip up new treats with Mars Maltesers—Maltesers, a popular British candy made by Mars, teamed up with our own AI baker and ML engineer extraordinaire, Sara Robinson, to create a brand new dessert recipe with Google Cloud AI. Find out what happened (recipe included). Simplifying data lake management with Dataproc Metastore, now GA—Dataproc Metastore, a fully managed, serverless technical metadata repository based on the Apache Hive metastore, is now generally available. Enterprises building and migrating open source data lakes to Google Cloud now have a central and persistent metastore for their open source data analytics frameworks. Learn more. Introducing the Echo subsea cable—We announced our investment in Echo, the first-ever cable to directly connect the U.S. to Singapore with direct fiber pairs over an express route. Echo will run from Eureka, California to Singapore, with a stop-over in Guam, and plans to also land in Indonesia. Additional landings are possible in the future. Learn more. Week of Mar 22-Mar 26, 2021 10 new videos bring Google Cloud to life—The Google Cloud Tech YouTube channel’s latest video series explains cloud tools for technical practitioners in about 5 minutes each. Learn more. BigQuery named a Leader in the 2021 Forrester Wave: Cloud Data Warehouse, Q1 2021 report—Forrester gave BigQuery a score of 5 out of 5 across 19 different criteria. Learn more in our blog post, or download the report. Charting the future of custom compute at Google—To meet users’ performance needs at low power, we’re doubling down on custom chips that use System on a Chip (SoC) designs. Learn more. Introducing Network Connectivity Center—We announced Network Connectivity Center, which provides a single management experience to easily create, connect, and manage heterogeneous on-prem and cloud networks leveraging Google’s global infrastructure. Network Connectivity Center serves as a vantage point to seamlessly connect VPNs, partner and dedicated interconnects, as well as third-party routers and Software-Defined WANs, helping you optimize connectivity, reduce operational burden and lower costs—wherever your applications or users may be. Learn more. Making it easier to get Compute Engine resources for batch processing—We announced a new method of obtaining Compute Engine instances for batch processing that accounts for availability of resources in zones of a region. Now available in preview for regional managed instance groups, you can do this simply by specifying the ANY value in the API. Learn more. Next-gen virtual automotive showrooms are here, thanks to Google Cloud, Unreal Engine, and NVIDIA—We teamed up with Unreal Engine, the open and advanced real-time 3D creation game engine, and NVIDIA, inventor of the GPU, to launch new virtual showroom experiences for automakers. Taking advantage of the NVIDIA RTX platform on Google Cloud, these showrooms provide interactive 3D experiences, photorealistic materials and environments, and up to 4K cloud streaming on mobile and connected devices. Today, in collaboration with MHP, the Porsche IT consulting firm, and MONKEYWAY, a real-time 3D streaming solution provider, you can see our first virtual showroom, the Pagani Immersive Experience Platform. Learn more. Troubleshoot network connectivity with Dynamic Verification (public preview)—You can now check packet loss rate and one-way network latency between two VMs on GCP. This capability is an addition to existing Network Intelligence Center Connectivity Tests which verify reachability by analyzing network configuration in your VPCs. See more in our documentation. Helping U.S. states get the COVID-19 vaccine to more people—In February, we announced our Intelligent Vaccine Impact solution (IVIs) to help communities rise to the challenge of getting vaccines to more people quickly and effectively. Many states have deployed IVIs, and have found it able to meet demand and easily integrate with their existing technology infrastructures. Google Cloud is proud to partner with a number of states across the U.S., including Arizona, the Commonwealth of Massachusetts, North Carolina, Oregon, and the Commonwealth of Virginia to support vaccination efforts at scale. Learn more. Week of Mar 15-Mar 19, 2021 A2 VMs now GA: The largest GPU cloud instances with NVIDIA A100 GPUs—We’re announcing the general availability of A2 VMs based on the NVIDIA Ampere A100 Tensor Core GPUs in Compute Engine. This means customers around the world can now run their NVIDIA CUDA-enabled machine learning (ML) and high performance computing (HPC) scale-out and scale-up workloads more efficiently and at a lower cost. Learn more. Earn the new Google Kubernetes Engine skill badge for free—We’ve added a new skill badge this month, Optimize Costs for Google Kubernetes Engine (GKE), which you can earn for free when you sign up for the Kubernetes track of the skills challenge. The skills challenge provides 30 days free access to Google Cloud labs and gives you the opportunity to earn skill badges to showcase different cloud competencies to employers. Learn more. Now available: carbon free energy percentages for our Google Cloud regions—Google first achieved carbon neutrality in 2007, and since 2017 we’ve purchased enough solar and wind energy to match 100% of our global electricity consumption. Now we’re building on that progress to target a new sustainability goal: running our business on carbon-free energy 24/7, everywhere, by 2030. Beginning this week, we’re sharing data about how we are performing against that objective so our customers can select Google Cloud regions based on the carbon-free energy supplying them. Learn more. Increasing bandwidth to C2 and N2 VMs—We announced the public preview of 100, 75, and 50 Gbps high-bandwidth network configurations for General Purpose N2 and Compute Optimized C2 Compute Engine VM families as part of continuous efforts to optimize our Andromeda host networking stack. This means we can now offer higher-bandwidth options on existing VM families when using the Google Virtual NIC (gVNIC). These VMs were previously limited to 32 Gbps. Learn more. New research on how COVID-19 changed the nature of IT—To learn more about the impact of COVID-19 and the resulting implications to IT, Google commissioned a study by IDG to better understand how organizations are shifting their priorities in the wake of the pandemic. Learn more and download the report. New in API security—Google Cloud Apigee API management platform's latest release, Apigee X, works with Cloud Armor to protect your APIs with advanced security technology including DDoS protection, geo-fencing, OAuth, and API keys. Learn more about our integrated security enhancements here. Troubleshoot errors more quickly with Cloud Logging—The Logs Explorer now automatically breaks down your log results by severity, making it easy to spot spikes in errors at specific times. Learn more about our new histogram functionality here. Week of Mar 8-Mar 12, 2021 Introducing #AskGoogleCloud on Twitter and YouTube—Our first segment on March 12th features Developer Advocates Stephanie Wong, Martin Omander and James Ward to answer questions on the best workloads for serverless, the differences between “serverless” and “cloud native,” how to accurately estimate costs for using Cloud Run, and much more. Learn more. Learn about the value of no-code hackathons—Google Cloud’s no-code application development platform, AppSheet, helps to facilitate hackathons for “non-technical” employees with no coding necessary to compete. Learn about Globe Telecom’s no-code hackathon as well as their winning AppSheet app here. Introducing Cloud Code Secret Manager Integration—Secret Manager provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud. Integrating Cloud Code with Secret Manager brings the powerful capabilities of both these tools together so you can create and manage your secrets right from within your preferred IDE, whether that be VS Code, IntelliJ, or Cloud Shell Editor. Learn more. Flexible instance configurations in Cloud SQL—Cloud SQL for MySQL now supports flexible instance configurations which offer you the extra freedom to configure your instance with the specific number of vCPUs and GB of RAM that fits your workload. To set up a new instance with a flexible instance configuration, see our documentation here. The Cloud Healthcare Consent Management API is now generally available—The Healthcare Consent Management API is now GA, giving customers the ability to greatly scale the management of consents to meet increasing need, particularly amidst the emerging task of managing health data for new care and research scenarios. Learn more. Week of Mar 1-Mar 5, 2021 Cloud Run is now available in all Google Cloud regions. Learn more. Introducing Apache Spark Structured Streaming connector for Pub/Sub Lite—We’re announcing the release of an open source connector to read streams of messages from Pub/Sub Lite into Apache Spark.The connector works in all Apache Spark 2.4.X distributions, including Dataproc, Databricks, or manual Spark installations. Learn more. Google Cloud Next ‘21 is October 12-14, 2021—Join us and learn how the most successful companies have transformed their businesses with Google Cloud. Sign-up at g.co/cloudnext for updates. Learn more. Hierarchical firewall policies now GA—Hierarchical firewalls provide a means to enforce firewall rules at the organization and folder levels in the GCP Resource Hierarchy. This allows security administrators at different levels in the hierarchy to define and deploy consistent firewall rules across a number of projects so they're applied to all VMs in currently existing and yet-to-be-created projects. Learn more. Announcing the Google Cloud Born-Digital Summit—Over this half-day event, we’ll highlight proven best-practice approaches to data, architecture, diversity & inclusion, and growth with Google Cloud solutions. Learn more and register for free. Google Cloud products in 4 words or less (2021 edition)—Our popular “4 words or less Google Cloud developer’s cheat sheet” is back and updated for 2021. Learn more. Gartner names Google a leader in its 2021 Magic Quadrant for Cloud AI Developer Services report—We believe this recognition is based on Gartner’s evaluation of Google Cloud’s language, vision, conversational, and structured data services and solutions for developers. Learn more. Announcing the Risk Protection Program—The Risk Protection Program offers customers peace of mind through the technology to secure their data, the tools to monitor the security of that data, and an industry-first cyber policy offered by leading insurers. Learn more. Building the future of work—We’re introducing new innovations in Google Workspace to help people collaborate and find more time and focus, wherever and however they work. Learn more. Assured Controls and expanded Data Regions—We’ve added new information governance features in Google Workspace to help customers control their data based on their business goals. Learn more. Week of Feb 22-Feb 26, 2021 21 Google Cloud tools explained in 2 minutes—Need a quick overview of Google Cloud core technologies? Quickly learn these 21 Google Cloud products—each explained in under two minutes. Learn more. BigQuery materialized views now GA—Materialized views (MV’s) are precomputed views that periodically cache results of a query to provide customers increased performance and efficiency. Learn more. New in BigQuery BI Engine—We’re extending BigQuery BI Engine to work with any BI or custom dashboarding applications that require sub-second query response times. In this preview, BI Engine will work seamlessly with Looker and other popular BI tools such as Tableau and Power BI without requiring any change to the BI tools. Learn more. Dataproc now supports Shielded VMs—All Dataproc clusters created using Debian 10 or Ubuntu 18.04 operating systems now use Shielded VMs by default and customers can provide their own configurations for secure boot, vTPM, and Integrity Monitoring. This feature is just one of the many ways customers that have migrated their Hadoop and Spark clusters to GCP experience continued improvements to their security postures without any additional cost. New Cloud Security Podcast by Google—Our new podcast brings you stories and insights on security in the cloud, delivering security from the cloud, and, of course, on what we’re doing at Google Cloud to help keep customer data safe and workloads secure. Learn more. New in Conversational AI and Apigee technology—Australian retailer Woolworths provides seamless customer experiences with their virtual agent, Olive. Apigee API Management and Dialogflow technology allows customers to talk to Olive through voice and chat. Learn more. Introducing GKE Autopilot—GKE already offers an industry-leading level of automation that makes setting up and operating a Kubernetes cluster easier and more cost effective than do-it-yourself and other managed offerings. Autopilot represents a significant leap forward. In addition to the fully managed control plane that GKE has always provided, using the Autopilot mode of operation automatically applies industry best practices and can eliminate all node management operations, maximizing your cluster efficiency and helping to provide a stronger security posture. Learn more. Partnering with Intel to accelerate cloud-native 5G—As we continue to grow cloud-native services for the telecommunications industry, we’re excited to announce a collaboration with Intel to develop reference architectures and integrated solutions for communications service providers to accelerate their deployment of 5G and edge network solutions. Learn more. Veeam Backup for Google Cloud now available—Veeam Backup for Google Cloud automates Google-native snapshots to securely protect VMs across projects and regions with ultra-low RPOs and RTOs, and store backups in Google Object Storage to enhance data protection while ensuring lower costs for long-term retention. Migrate for Anthos 1.6 GA—With Migrate for Anthos, customers and partners can automatically migrate and modernize traditional application workloads running in VMs into containers running on Anthos or GKE. Included in this new release: In-place modernization for Anthos on AWS (Public Preview) to help customers accelerate on-boarding to Anthos AWS while leveraging their existing investment in AWS data sources, projects, VPCs, and IAM controls. Additional Docker registries and artifacts repositories support (GA) including AWS ECR, basic-auth docker registries, and AWS S3 storage to provide further flexibility for customers using Anthos Anywhere (on-prem, AWS, etc). HTTPS Proxy support (GA) to enable M4A functionality (access to external image repos and other services) where a proxy is used to control external access. Week of Feb 15-Feb 19, 2021 Introducing Cloud Domains in preview—Cloud Domains simplify domain registration and management within Google Cloud, improve the custom domain experience for developers, increase security, and support stronger integrations around DNS and SSL. Learn more. Announcing Databricks on Google Cloud—Our partnership with Databricks enables customers to accelerate Databricks implementations by simplifying their data access, by jointly giving them powerful ways to analyze their data, and by leveraging our combined AI and ML capabilities to impact business outcomes. Learn more. Service Directory is GA—As the number and diversity of services grows, it becomes increasingly challenging to maintain an inventory of all of the services across an organization. Last year, we launched Service Directory to help simplify the problem of service management. Today, it’s generally available. Learn more. Week of Feb 8-Feb 12, 2021 Introducing Bare Metal Solution for SAP workloads—We’ve expanded our Bare Metal Solution—dedicated, single-tenant systems designed specifically to run workloads that are too large or otherwise unsuitable for standard, virtualized environments—to include SAP-certified hardware options, giving SAP customers great options for modernizing their biggest and most challenging workloads. Learn more. 9TB SSDs bring ultimate IOPS/$ to Compute Engine VMs—You can now attach 6TB and 9TB Local SSD to second-generation general-purpose N2 Compute Engine VMs, for great IOPS per dollar. Learn more. Supporting the Python ecosystem—As part of our longstanding support for the Python ecosystem, we are happy to increase our support for the Python Software Foundation, the non-profit behind the Python programming language, ecosystem and community. Learn more. Migrate to regional backend services for Network Load Balancing—We now support backend services with Network Load Balancing—a significant enhancement over the prior approach, target pools, providing a common unified data model for all our load-balancing family members and accelerating the delivery of exciting features on Network Load Balancing. Learn more. Week of Feb 1-Feb 4, 2021 Apigee launches Apigee X—Apigee celebrates its 10 year anniversary with Apigee X, a new release of the Apigee API management platform. Apigee X harnesses the best of Google technologies to accelerate and globalize your API-powered digital initiatives. Learn more about Apigee X and digital excellence here. Celebrating the success of Black founders with Google Cloud during Black History Month—February is Black History Month, a time for us to come together to celebrate and remember the important people and history of the African heritage. Over the next four weeks, we will highlight four Black-led startups and how they use Google Cloud to grow their businesses. Our first feature highlights TQIntelligence and its founder, Yared. Week of Jan 25-Jan 29, 2021 BeyondCorp Enterprise now generally available—BeyondCorp Enterprise is a zero trust solution, built on Google’s global network, which provides customers with simple and secure access to applications and cloud resources and offers integrated threat and data protection. To learn more, read the blog post, visit our product homepage, and register for our upcoming webinar. Week of Jan 18-Jan 22, 2021 Cloud Operations Sandbox now available—Cloud Operations Sandbox is an open-source tool that helps you learn SRE practices from Google and apply them on cloud services using Google Cloud’s operations suite (formerly Stackdriver), with everything you need to get started in one click. You can read our blog post, or get started by visiting cloud-ops-sandbox.dev, exploring the project repo, and following along in the user guide. New data security strategy whitepaper—Our new whitepaper shares our best practices for how to deploy a modern and effective data security program in the cloud. Read the blog post or download the paper. WebSockets, HTTP/2 and gRPC bidirectional streams come to Cloud Run—With these capabilities, you can deploy new kinds of applications to Cloud Run that were not previously supported, while taking advantage of serverless infrastructure. These features are now available in public preview for all Cloud Run locations. Read the blog post or check out the WebSockets demo app or the sample h2c server app. New tutorial: Build a no-code workout app in 5 steps—Looking to crush your new year’s resolutions? Using AppSheet, Google Cloud’s no-code app development platform, you can build a custom fitness app that can do things like record your sets, reps and weights, log your workouts, and show you how you’re progressing. Learn how. Week of Jan 11-Jan 15, 2021 State of API Economy 2021 Report now available—Google Cloud details the changing role of APIs in 2020 amidst the COVID-19 pandemic, informed by a comprehensive study of Apigee API usage behavior across industry, geography, enterprise size, and more. Discover these 2020 trends along with a projection of what to expect from APIs in 2021. Read our blog post here or download and read the report here. New in the state of no-code—Google Cloud's AppSheet looks back at the key no-code application development themes of 2020. AppSheet contends the rising number of citizen developer app creators will ultimately change the state of no-code in 2021. Read more here. Week of Jan 4-Jan 8, 2021 Last year's most popular API posts—In an arduous year, thoughtful API design and strategy is critical to empowering developers and companies to use technology for global good. Google Cloud looks back at the must-read API posts in 2020. Read it here. Week of Dec 21-Dec 25, 2020 A look back at the year across Google Cloud—Looking for some holiday reading? We’ve published recaps of our year across databases, serverless, data analytics, and no-code development. Or take a look at our 9 most popular posts of 2020. Week of Dec 14-Dec 18, 2020 Memorystore for Redis enables TLS encryption support (Preview)—With this release, you can now use Memorystore for applications requiring sensitive data to be encrypted between the client and the Memorystore instance. Read more here. Monitoring Query Language (MQL) for Cloud Monitoring is now generally available—Monitoring Query language provides developers and operators on IT and development teams powerful metric querying, analysis, charting, and alerting capabilities. This functionality is needed for Monitoring use cases that include troubleshooting outages, root cause analysis, custom SLI / SLO creation, reporting and analytics, complex alert logic, and more. Learn more. Week of Dec 7-Dec 11, 2020 Memorystore for Redis now supports Redis AUTH—With this release you can now use OSS Redis AUTH feature with Memorystore for Redis instances. Read more here. New in serverless computing—Google Cloud API Gateway and its service-first approach to developing serverless APIs helps organizations accelerate innovation by eliminating scalability and security bottlenecks for their APIs. Discover more benefits here. Environmental Dynamics, Inc. makes a big move to no-code—The environmental consulting company EDI built and deployed 35+ business apps with no coding skills necessary with Google Cloud’s AppSheet. This no-code effort not only empowered field workers, but also saved employees over 2,550 hours a year. Get the full story here. Introducing Google Workspace for Government—Google Workspace for Government is an offering that brings the best of Google Cloud’s collaboration and communication tools to the government with pricing that meets the needs of the public sector. Whether it’s powering social care visits, employment support, or virtual courts, Google Workspace helps governments meet the unique challenges they face as they work to provide better services in an increasingly virtual world. Learn more. Week of Nov 30-Dec 4, 2020 Google enters agreement to acquire Actifio—Actifio, a leader in backup and disaster recovery (DR), offers customers the opportunity to protect virtual copies of data in their native format, manage these copies throughout their entire lifecycle, and use these copies for scenarios like development and test. This planned acquisition further demonstrates Google Cloud’s commitment to helping enterprises protect workloads on-premises and in the cloud. Learn more. Traffic Director can now send traffic to services and gateways hosted outside of Google Cloud—Traffic Director support for Hybrid Connectivity Network Endpoint Groups (NEGs), now generally available, enables services in your VPC network to interoperate more seamlessly with services in other environments. It also enables you to build advanced solutions based on Google Cloud's portfolio of networking products, such as Cloud Armor protection for your private on-prem services. Learn more. Google Cloud launches the Healthcare Interoperability Readiness Program—This program, powered by APIs and Google Cloud’s Apigee, helps patients, doctors, researchers, and healthcare technologists alike by making patient data and healthcare data more accessible and secure. Learn more here. Container Threat Detection in Security Command Center—We announced the general availability of Container Threat Detection, a built-in service in Security Command Center. This release includes multiple detection capabilities to help you monitor and secure your container deployments in Google Cloud. Read more here. Anthos on bare metal now GA—Anthos on bare metal opens up new possibilities for how you run your workloads, and where. You can run Anthos on your existing virtualized infrastructure, or eliminate the dependency on a hypervisor layer to modernize applications while reducing costs. Learn more. Week of Nov 23-27, 2020 Tuning control support in Cloud SQL for MySQL—We’ve made all 80 flags that were previously in preview now generally available (GA), empowering you with the controls you need to optimize your databases. See the full list here. New in BigQuery ML—We announced the general availability of boosted trees using XGBoost, deep neural networks (DNNs) using TensorFlow, and model export for online prediction. Learn more. New AI/ML in retail report—We recently commissioned a survey of global retail executives to better understand which AI/ML use cases across the retail value chain drive the highest value and returns in retail, and what retailers need to keep in mind when going after these opportunities. Learn more or read the report. Week of Nov 16-20, 2020 New whitepaper on how AI helps the patent industry—Our new paper outlines a methodology to train a BERT (bidirectional encoder representation from transformers) model on over 100 million patent publications from the U.S. and other countries using open-source tooling. Learn more or read the whitepaper. Google Cloud support for .NET 5.0—Learn more about our support of .NET 5.0, as well as how to deploy it to Cloud Run. .NET Core 3.1 now on Cloud Functions—With this integration you can write cloud functions using your favorite .NET Core 3.1 runtime with our Functions Framework for .NET for an idiomatic developer experience. Learn more. Filestore Backups in preview—We announced the availability of the Filestore Backups preview in all regions, making it easier to migrate your business continuity, disaster recovery and backup strategy for your file systems in Google Cloud. Learn more. Introducing Voucher, a service to help secure the container supply chain—Developed by the Software Supply Chain Security team at Shopify to work with Google Cloud tools, Voucher evaluates container images created by CI/CD pipelines and signs those images if they meet certain predefined security criteria. Binary Authorization then validates these signatures at deploy time, ensuring that only explicitly authorized code that meets your organizational policy and compliance requirements can be deployed to production. Learn more. 10 most watched from Google Cloud Next ‘20: OnAir—Take a stroll through the 10 sessions that were most popular from Next OnAir, covering everything from data analytics to cloud migration to no-code development. Read the blog. Artifact Registry is now GA—With support for container images, Maven, npm packages, and additional formats coming soon, Artifact Registry helps your organization benefit from scale, security, and standardization across your software supply chain. Read the blog. Week of Nov 9-13, 2020 Introducing the Anthos Developer Sandbox—The Anthos Developer Sandbox gives you an easy way to learn to develop on Anthos at no cost, available to anyone with a Google account. Read the blog. Database Migration Service now available in preview—Database Migration Service (DMS) makes migrations to Cloud SQL simple and reliable. DMS supports migrations of self-hosted MySQL databases—either on-premises or in the cloud, as well as managed databases from other clouds—to Cloud SQL for MySQL. Support for PostgreSQL is currently available for limited customers in preview, with SQL Server coming soon. Learn more. Troubleshoot deployments or production issues more quickly with new logs tailing—We’ve added support for a new API to tail logs with low latency. Using gcloud, it allows you the convenience of tail -f with the powerful query language and centralized logging solution of Cloud Logging. Learn more about this preview feature. Regionalized log storage now available in 5 new regions in preview—You can now select where your logs are stored from one of five regions in addition to global—asia-east1, europe-west1, us-central1, us-east1, and us-west1. When you create a logs bucket, you can set the region in which you want to store your logs data. Get started with this guide. Week of Nov 2-6, 2020 Cloud SQL adds support for PostgreSQL 13—Shortly after its community GA, Cloud SQL has added support for PostgreSQL 13. You get access to the latest features of PostgreSQL while Cloud SQL handles the heavy operational lifting, so your team can focus on accelerating application delivery. Read more here. Apigee creates value for businesses running on SAP—Google Cloud’s API Management platform Apigee is optimized for data insights and data monetization, helping businesses running on SAP innovate faster without fear of SAP-specific challenges to modernization. Read more here. Document AI platform is live—The new Document AI (DocAI) platform, a unified console for document processing, is now available in preview. You can quickly access all parsers, tools and solutions (e.g. Lending DocAI, Procurement DocAI) with a unified API, enabling an end-to-end document solution from evaluation to deployment. Read the full story here or check it out in your Google Cloudconsole. Accelerating data migration with Transfer Appliances TA40 and TA300—We’re announcing the general availability of new Transfer Appliances. Customers are looking for fast, secure and easy to use options to migrate their workloads to Google Cloud and we are addressing their needs with next generation Transfer Appliances. Learn more about Transfer Appliances TA40 and TA300. Week of Oct 26-30, 2020 B.H., Inc. accelerates digital transformation—The Utah based contracting and construction company BHI eliminated IT backlog when non technical employees were empowered to build equipment inspection, productivity, and other custom apps by choosing Google Workspace and the no-code app development platform, AppSheet. Read the full story here. Globe Telecom embraces no-code development—Google Cloud’s AppSheet empowers Globe Telecom employees to do more innovating with less code. The global communications company kickstarted their no-code journey by combining the power of AppSheet with a unique adoption strategy. As a result, AppSheet helped Globe Telecom employees build 59 business apps in just 8 weeks. Get the full story. Cloud Logging now allows you to control access to logs via Log Views—Building on the control offered via Log Buckets (blog post), you can now configure who has access to logs based on the source project, resource type, or log name, all using standard IAM controls. Logs views, currently in Preview, can help you build a system using the principle of least privilege, limiting sensitive logs to only users who need this information. Learn more about Log Views. Document AI is HIPAA compliant—Document AI now enables HIPAA compliance. Now Healthcare and Life Science customers such as health care providers, health plans, and life science organizations can unlock insights by quickly extracting structured data from medical documents while safeguarding individuals’ protected health information (PHI). Learn more about Google Cloud’s nearly 100 products that support HIPAA-compliance. Week of Oct 19-23, 2020 Improved security and governance in Cloud SQL for PostgreSQL—Cloud SQL for PostgreSQL now integrates with Cloud IAM (preview) to provide simplified and consistent authentication and authorization. Cloud SQL has also enabled PostgreSQL Audit Extension (preview) for more granular audit logging. Read the blog. Announcing the AI in Financial Crime Compliance webinar—Our executive digital forum will feature industry executives, academics, and former regulators who will discuss how AI is transforming financial crime compliance on November 17. Register now. Transforming retail with AI/ML—New research provides insights on high value AI/ML use cases for food, drug, mass merchant and speciality retail that can drive significant value and build resilience for your business. Learn what the top use cases are for your sub-segment and read real world success stories. Download the ebook here and view this companion webinar which also features insights from Zulily. New release of Migrate for Anthos—We’re introducing two important new capabilities in the 1.5 release of Migrate for Anthos, Google Cloud's solution to easily migrate and modernize applications currently running on VMs so that they instead run on containers in Google Kubernetes Engine or Anthos. The first is GA support for modernizing IIS apps running on Windows Server VMs. The second is a new utility that helps you identify which VMs in your existing environment are the best targets for modernization to containers. Start migrating or check out the assessment tool documentation (Linux | Windows). New Compute Engine autoscaler controls—New scale-in controls in Compute Engine let you limit the VM deletion rate by preventing the autoscaler from reducing a MIG's size by more VM instances than your workload can tolerate to lose. Read the blog. Lending DocAI in preview—Lending DocAI is a specialized solution in our Document AI portfolio for the mortgage industry that processes borrowers’ income and asset documents to speed-up loan applications. Read the blog, or check out the product demo. Week of Oct 12-16, 2020 New maintenance controls for Cloud SQL—Cloud SQL now offers maintenance deny period controls, which allow you to prevent automatic maintenance from occurring during a 90-day time period. Read the blog. Trends in volumetric DDoS attacks—This week we published a deep dive into DDoS threats, detailing the trends we’re seeing and giving you a closer look at how we prepare for multi-terabit attacks so your sites stay up and running. Read the blog. New in BigQuery—We shared a number of updates this week, including new SQL capabilities, more granular control over your partitions with time unit partitioning, the general availability of Table ACLs, and BigQuery System Tables Reports, a solution that aims to help you monitor BigQuery flat-rate slot and reservation utilization by leveraging BigQuery’s underlying INFORMATION_SCHEMA views. Read the blog. Cloud Code makes YAML easy for hundreds of popular Kubernetes CRDs—We announced authoring support for more than 400 popular Kubernetes CRDs out of the box, any existing CRDs in your Kubernetes cluster, and any CRDs you add from your local machine or a URL. Read the blog. Google Cloud’s data privacy commitments for the AI era—We’ve outlined how our AI/ML Privacy Commitment reflects our belief that customers should have both the highest level of security and the highest level of control over data stored in the cloud. Read the blog. New, lower pricing for Cloud CDN—We’ve reduced the price of cache fill (content fetched from your origin) charges across the board, by up to 80%, along with our recent introduction of a new set of flexible caching capabilities, to make it even easier to use Cloud CDN to optimize the performance of your applications. Read the blog. Expanding the BeyondCorp Alliance—Last year, we announced our BeyondCorp Alliance with partners that share our Zero Trust vision. Today, we’re announcing new partners to this alliance. Read the blog. New data analytics training opportunities—Throughout October and November, we’re offering a number of no-cost ways to learn data analytics, with trainings for beginners to advanced users. Learn more. New BigQuery blog series—BigQuery Explained provides overviews on storage, data ingestion, queries, joins, and more. Read the series. Week of Oct 5-9, 2020 Introducing the Google Cloud Healthcare Consent Management API—This API gives healthcare application developers and clinical researchers a simple way to manage individuals’ consent of their health data, particularly important given the new and emerging virtual care and research scenarios related to COVID-19. Read the blog. Announcing Google Cloud buildpacks—Based on the CNCF buildpacks v3 specification, these buildpacks produce container images that follow best practices and are suitable for running on all of our container platforms: Cloud Run (fully managed), Anthos, and Google Kubernetes Engine (GKE). Read the blog. Providing open access to the Genome Aggregation Database (gnomAD)—Our collaboration with Broad Institute of MIT and Harvard provides free access to one of the world's most comprehensive public genomic datasets. Read the blog. Introducing HTTP/gRPC server streaming for Cloud Run—Server-side HTTP streaming for your serverless applications running on Cloud Run (fully managed) is now available. This means your Cloud Run services can serve larger responses or stream partial responses to clients during the span of a single request, enabling quicker server response times for your applications. Read the blog. New security and privacy features in Google Workspace—Alongside the announcement of Google Workspace we also shared more information on new security features that help facilitate safe communication and give admins increased visibility and control for their organizations. Read the blog. Introducing Google Workspace—Google Workspace includes all of the productivity apps you know and use at home, at work, or in the classroom—Gmail, Calendar, Drive, Docs, Sheets, Slides, Meet, Chat and more—now more thoughtfully connected. Read the blog. New in Cloud Functions: languages, availability, portability, and more—We extended Cloud Functions—our scalable pay-as-you-go Functions-as-a-Service (FaaS) platform that runs your code with zero server management—so you can now use it to build end-to-end solutions for several key use cases. Read the blog. Announcing the Google Cloud Public Sector Summit, Dec 8-9—Our upcoming two-day virtual event will offer thought-provoking panels, keynotes, customer stories and more on the future of digital service in the public sector. Register at no cost.

AWS Security Hub has improved how we display details for security standards, which are collections of automated security checks based on industry and regulatory frameworks like the Center for Internet Security's (CIS) AWS Foundational Benchmarks, the Payment Card Industry Data Security Standard (PCI DSS), and AWS's own Foundational Security Best Practices. We have implemented a new tabular view that makes it easier to understand your security posture relative to the security checks you have enabled in Security Hub. We have removed the legacy cards view for standards, so you will now see a visual summary of all your security checks and a count of how many checks have passed or failed. The controls table will show you at a glance the count of failed, unknown, passed, and disabled controls in the standard. Because the controls are grouped by status, you can more easily focus on failed controls. You can filter and search the controls to pinpoint specific resource types and can also sort using any of the table columns. You can now see the security score for a standard in the standard's page alongside its controls. View the full article

Amazon Keyspaces (for Apache Cassandra), a scalable, highly available, and fully managed Cassandra-compatible database service, now supports Payment Card Industry Data Security Standard (PCI DSS) compliance to help you run payment processing workloads more easily. View the full article

Today, Amazon Web Services (AWS) announced Amazon Timestream can now be used for workloads that are subject to Health Insurance Portability and Accountability Act (HIPAA), International Organization for Standardization (ISO), and Payment Card Industry – Data Security Standard (PCI DSS). View the full article

Today, Amazon Web Services (AWS) announced Amazon Kendra, an intelligent search service powered by machine learning, can now be used for workloads subject to International Organization for Standardization (ISO) and Payment Card Industry Data Security Standard (PCI DSS) compliance. This is in addition to eligibility for U.S. Health Insurance Portability and Accountability Act (HIPAA), announced by Amazon Kendra previously. View the full article