Kategorie: Google Cloud Platform

4 best practices for ensuring privacy and security of your data in Cloud Storage

Cloud storage enables organizations to reduce costs and operational burden, scale faster, and unlock other cloud computing benefits. At the same time, they must also ensure they meet privacy and security requirements to restrict access and protect sensitive information. Security is a common concern we hear from companies as they move their data to the cloud, and it’s a top priority for all our products. Cloud Storage offers simple, reliable, and cost-effective storage and retrieval of any amount of data at any time, with built-in security capabilities such as encryption in transit and at rest and a range of encryption key management options, including Google-managed, customer-supplied, customer-managed and hardware security modules. Google has one of the largest private networks in the world, minimizing exposure of your data to the public internet when you use Cloud Storage. Best practices for securing your data with Cloud StorageSecuring enterprise storage data requires planning ahead to protect your data from future threats and new challenges. Beyond the fundamentals, Cloud Storage offers several security features, such as uniform bucket-level access, service account HMAC keys, IAM conditions, Delegation tokens, and V4 signatures. We wanted to share some security best practices for using these features to help secure and protect your data at scale: #1: Use org policies to centralize control and define compliance boundariesCloud Storage, just like Google Cloud, follows a resource hierarchy. Buckets hold objects, which are associated with projects, which are then tied to organizations. You can also use folders to further separate project resources. Org policies are settings that you can configure at the org, folder, or project level to enforce service-specific behaviors. Here are two org policies we recommend enabling: Domain-restricted sharing—This policy prevents content from being shared with people outside your organization. For example, if you tried to make the contents of a bucket available to the public internet, this policy would block that operation. Uniform bucket-level access—This policy simplifies permissions and helps manage access control at scale. With this policy, all newly created buckets have uniform access control configured at the bucket level governing access for all the underlying objects. #2: Consider using Cloud IAM to simplify access control  Cloud Storage offers two systems for granting permissions to your buckets and objects: Cloud IAM and Access Control Lists (ACLs). For someone to access a resource, only one of these systems needs to grant permissions. ACLs are object-level and grant access to individual objects. As the number of objects in a bucket increases, so does the overhead required to manage individual ACLs. It becomes difficult to assess how secure all the objects are within a single bucket. Imagine having to iterate across millions of objects to see if a single user has the correct access. We recommend using Cloud IAM to control access to your resources. Cloud IAM enables a Google Cloud wide, platform centric, uniform mechanism to manage access control for your Cloud Storage data. When you enable uniform bucket-level access control, object ACLs are disallowed, and Cloud IAM policies  at the bucket level are used to manage access—so permissions granted at a bucket-level automatically apply to all the objects in a bucket.#3: If you can’t use IAM Policies, consider other alternatives to ACLs We recognize that sometimes our customers continue to use ACLs for different reasons, such as multi-cloud architectures or sharing an object with an individual user. However, we don’t recommend putting end users on object ACLs. Consider these alternatives instead: Signed URLs—Signed URLs allow you to delegate time-limited access to your Cloud Storage resources. When you generate a signed URL, its query string contains authentication information tied to an account with access (e.g. a service account). For example, you could send a URL to someone allowing them to access a document, read it,  with access revoked after one week. Separate buckets—Audit your buckets and look for access patterns. If you notice that a group of objects all share the same object ACL set, consider moving them into a separate bucket so you can control access at the bucket-level. IAM conditions—If your app uses shared prefixes in object naming, you could also use IAM Conditions to shard access based on those prefixes.Delegation Tokens—You can use STS Tokens to grant time-limited access to Cloud Storage buckets and shared prefixes. #4 Use HMAC keys for service accounts, not user accounts A hash-based message authentication key (HMAC key) is a type of credential used to create signatures included in requests to Cloud Storage. In general, we suggest using HMAC keys for service accounts rather than user accounts. This helps eliminate the security and privacy implications of relying on accounts held by individual users. It also reduces the risk of service access outages as user accounts could be disabled when a user leaves a project or company.  To further improve security, we also recommend: Regularly changing your keys as part of a key rotation policy.Granting service accounts the minimum access to accomplish a task (i.e. the principle of least privilege). Setting reasonable expiration times if you’re still using V2 signatures (or migrating to V4 signatures, which automatically enforces a maximum one-week time limit). To learn more about Cloud Storage and more ways to keep your data safe and compliant, check out our access control documentation, and watch our breakout session from Cloud Next ‘20: OnAir.
Quelle: Google Cloud Platform

Stubhub’s path to retire the data center with Bare Metal Solution

Editor’s note: Today, we’re speaking with Austin Sheppard, CTO of StubHub, the world’s largest ticket marketplace. We’ll hear how Google Bare Metal Solution is helping StubHub on their journey into the cloud by reducing their dependency on Oracle, lowering overall costs, and driving performance. At StubHub, we’ve been at the very forefront of ticket marketplace innovation since 2000. We were the first to introduce a ticketing application, interactive seat mapping, 360-degree virtual views of seating, innovative price recommendation technology, and an algorithm for determining the best value of tickets—all features that have become standard.Ticket marketplaces go beyond standard ticket sales and distribution. They are in the business of helping buyers and sellers connect in a safe, convenient, and reliable environment. And when you serve millions of customers a year, data is not just an enhancement but one of the primary vehicles for unlocking opportunities and providing personalized experiences. At Stubhub, we have been on a journey to move all of our applications to the cloud and ultimately retire our data center. One of the most challenging migrations for us was going to be our Oracle databases, which power our ecommerce platform. We had been migrating the applications that have a large dependency on Oracle to Google Cloud, but we hadn’t been able to find an easy approach to moving the Oracle databases as well. Having Oracle on-premises and large chunks of the application layer in the cloud was causing latency issues and wasted team resources to synchronize data between the environments. To meet our performance requirements, we needed to have all of the data physically co-located (or close to it) with the application. Additionally, our Oracle databases are a legacy holdover and are still running on Solaris. This has caused performance challenges and it can be hard to get up-to-date service and maintenance. Our upgrade cycles require a colossal coordination effort and are difficult to do with minimized downtime and customer impact. We wanted to break free of this cycle and wanted a solution that would help to reduce our dependency on legacy technologies such as Oracle, while meeting our performance needs, and ultimately help to retire the data center.Moving to Google Cloud and the Bare Metal Solution was a great opportunity for us to take a leap into the future.Bare Metal Solution: The bridge off of OracleWe ultimately selected Google Cloud’s Bare Metal Solution (BMS) since it allows us to continue using Oracle databases without sacrificing performance. This gives us a fast way to move these workloads as-is to the cloud, which solves the latency issue and accelerates our ability to completely eliminate our on-premises footprint. BMS also seamlessly integrates with the rest of the Google Cloud services that we have already been using.For my team, it was critical that we were not just able to move to the cloud, but that we could also modernize what we used to run our business. Within the next year, we are looking to fully retire the data center. Once that is complete, we intend to modernize our Oracle databases onto the cloud-native Spanner for its unlimited scale, strong consistency, and high availability.Google Bare Metal Solution is our bridge to get off the Oracle database entirely. It gives us the flexibility to move the rest of our platform to the cloud so we can now modernize faster. We are planning to modernize these workloads on Cloud Spanner and this gives us the path to do so.Early results running Oracle on Google Cloud’s Bare Metal SolutionThe early results we’ve seen so far as we’ve started migrating have been promising. Our side-by-side performance tests between on-premises Solaris systems and the newly configured BMS servers are already showing a performance improvement. We have also projected that our overall operating costs would decrease due to consolidating environments and eliminating hardware support needs, and we’re already seeing lower licensing costs as well.We’re seeing some of our costs go down right away because we are able to do more with less. We can now run Oracle on a smaller hardware footprint because of the better, faster, cheaper Intel Cascade Lake processors, resulting in an overall lower licensing cost of Oracle database.The biggest benefit, though, is the independence BMS gives us as a business by reducing our dependency on legacy vendors like Oracle. We now have control over our own destiny as we move to a cloud-native organization.Explore Stubhub and learn more about migrating Oracle to Google Cloud.Related ArticleBare Metal Solution: Coming to a Google Cloud data center near youWith Bare Metal Solution, now you can run specialized databases in five new Google Cloud regions.Read Article
Quelle: Google Cloud Platform

State of no-code app-development

It’s no secret that the world is changing faster than ever. Before 2020 became, well, 2020, businesses knew that digital transformation was critical, yet few were prepared to make the pivot. The events of last year caused a forcing function, accelerating the need for change in organizations around the globe. Problem solving required a democratized approach to the tools of innovation, one in which anyone in the workforce, whether skilled in coding or not, could leverage technology to create novel solutions. The solution stacks businesses were working with needed to be rethought. Though we typically associate app creation with traditional developers who write code, hundreds of thousands of apps were built this year by non-technical “citizen developer” app creators from around the globe. This democratization occurred because industries such as retail, construction, manufacturing, hospitality, telecom, education, real estate, IT services and more all sought digital transformation through no-code development. In this post, we’ll breakdown why no-code application development has become an important part of digital transformation by examining the following areas of impact: Speed and agility Productivity and collaborationGovernance and security Speed & agility were critical In a recent surveyof app creators using Google Cloud’s no-code application platform, AppSheet, some 32% of respondents cited speed of development as one of the greatest benefits to using no-code. Faster development times mean more responsive iterations, more problems being solved, and potentially greater impact for those that need tailored line-of-business solutions. The ability to pivot quickly has been incredibly important during a time in which the way we operated frequently needed to change quickly.  How exactly does no-code technology allow for faster development cycles? First and foremost, it does exactly what the name implies—it allows people to build applications and process automations without coding and therefore opens up innovation to a wider range of employees. AppSheet, for example, abstracts coding into an intuitive, natural-language based interface that anyone can use, even if they have never written a line of code—all while still giving IT the visibility and control it needs to keep data safe.  And while every no-code platform has a different approach to facilitating speedier and more democratic app creation, app creators that choose AppSheet are able to leverage the platform’s use of Google AI and ML in two different ways. Baked-in AI and ML help app creators create prototypes quickly, facilitating things like natural language-interfaces in which users need only type their intent to surface relevant functions, and also enable implementation of rich capabilities like Optical Character Recognition (OCR), for conducting activities such as inventory management or other use cases that involve barcodes, image recognition, and similar ML-driven capabilities. Collaboration transcends locationThe ways in which we work shifted an incredible amount in 2020. Those who generally worked in offices with their teams or in schools with their students were sent home. Those who continued to work on-location filled essential roles that often required agile, on-the-go access to critical data, whether it was stored on-device or in the cloud. As communities surrounding work, school, and family life became impacted and activated in ways we’ve arguably never seen, collaboration and connection became paramount to success in 2020.This need for collaboration was no different for those trying to find digital ways in which to support the communities in which they operate. For those who use no-code, there were two key ways in which this collaboration takes place. Once an app is shared with another person, whether it be a fellow creator or an end user, collaboration becomes something different. For a creator-to-creator relationship, it means ensuring the data source in use is designed for manageability, iteration, security, and friction-free access. For an end user-to-creator interaction, the relationship is more complex: app creators typically engage with an application in a development capacity on a desktop while end users typically engage with an application on their mobile devices. This is why our approach to no-code lets app creators build one app that’s compatible across them all— desktop, tablet, etc.— with no additional development required to support a range of  major operating systems or interaction models. This allows the creator to engage with their end users in a more direct and meaningful manner that not only increases collaboration, but can also increase productivity. BHI – a construction company based out of the US – is a great example of how to collaborate with a workforce through no-code. With 90% of their employees not only deskless, but also dispersed across worksites spanning 25 states, the company needs the ability to engage with data in real time. They take collaboration one step further by leveraging a combination of no-code development and Google Workspace. This combination has allowed BHI to free up their IT spend by 10% while embracing democratized digital innovation.  Unlocking data without compromising governance and security  Governance was one of 2020’s  most discussed IT topics, and for good reason: in 2019, research indicated that “anything from 30% to 50% of enterprise spend is linked to shadow IT.“ When an IT team can set policies and provide oversight for non-technical teams within the organization, employees on the ground can problem solve quickly without creating management and governance liabilities; enterprises want to empower employees to innovate and move fast—but they cannot afford to play fast-and-loose with data security. Neither no-code technology nor the citizen developers who leverage it are meant to replace traditional development practices within an organization. Rather, the intention is to work in concert to support digital transformation by both respecting governance needs and democratizing access to the tools of innovation and optimization.Belgium-based Solvay is a great example of governance at work. As we detailed in case study, ”Francis Boulu and the [Solvay] industrial team initially started using AppSheet to collect information from production operators to streamline checklists and inspections. Using AppSheet in conjunction with Google Sheets, they were able to rapidly demonstrate and roll out applications and work them into production.” Through word of mouth across the organization, the demand for no-code technology grew, which could easily have overwhelmed any IT team’s backlog. But because Solvay selected a platform that incorporated governance into its capabilities, IT was able to provide an infrastructure that empowered individual contributors to participate in the development process while still adhering to governance requirements. To date, Solvay has created approximately 1,000 apps with no-code that are used around the globe, including those they’ve built in response to support their COVID initiatives. Looking to the future As we move past 2020, the primary change in the state of work has been broader recognition of the need to empower non-technical employees to build custom solutions and optimizations. Work culture will continue to shift and the demands for democratizing technology will increase. So too will the demands for platforms such as Google Cloud’s AppSheet. The importance of AI will continue to grow, and as the technological capabilities for these platforms continue to evolve, governance will play a more important role than ever before to ensure those that need to build applications are able. 2021 will bring about new ways to engage with no-code, ways that we believe will help creators deepen their skills and create true impact for their organizations. Analysts agree: Gartner’s October 2019 report “The Future of Apps Must Include Citizen Development,” indicated that by 2023, “the number of active citizen developers at large enterprises will be at least four times the number of professional developers.”  If you’re not already evolving your work to include custom applications with no-code, join app creators around the globe and get started now.
Quelle: Google Cloud Platform

A year of API-driven digital transformation

2020 was a challenging year for many organizations as they faced sudden changes in consumer behavior and market dynamics. The shift to digital channels is nothing new, and even in 2019, digital was already the preferred option for commerce and collaboration across many industries—but in the wake of the global pandemic, these channels became the first and only option for many businesses. Preference gave way to necessity almost overnight. According to Adobe Analytics, Black Friday 2020 shopping witnessed a growth of 22% and Cyber Monday saw 15.1% increase compared to 2019.  More importantly, this is going to be a long term shift. According to McKinsey, over 60% of customers changed their shopping behavior in 2020. With in-person and brick-and-mortar operations disrupted across much of the world, the past year’s trends mean that more than ever, a business’s ability to operate relied on its ability to insert itself into digital channels and to engage with customers in new ways. APIs are the foundational mechanisms powering these digital interactions, and hence API management becomes a more urgent competency for many companies as they navigate the impacts of COVID-19.  The role of API management platformsWe have seen many organizations that invested in API management benefiting in different ways during these challenging times. Here are some examples:Deliver innovation faster: Companies challenged with legacy systems were able to unlock valuable data and services via APIs, allowing developers to build new experiences faster. To learn more, check out this video, from Google Cloud Next ‘20: OnAir, that explains how Australian Energy is leveraging APIs to build a hub for open data.Build business ecosystems: APIs allowed organizations to collaborate and quickly integrate with partner ecosystems to transform their business models. Read this article to learn how CHAMP Cargosystems executed ecosystem strategies to help airlines navigate COVID-19 disruptions. Automate operations with AI: During periods of peak online activity, such as Black Friday and Cyber Monday, AI-powered features like traffic prediction, anomaly detection, and API monitoring helped organizations to focus on business-critical concerns and keep services online without interruption. See this video to understand how TMobile has leveraged APIs, and the process automations they enable, across diverse technology ecosystems ranging from mobile services to machine learning to the Internet of Things. Develop new revenue streams: Many businesses suffered declines in top-line revenue during 2020, but monetization of API products helped some to stay competitive by unlocking new sources of revenue. To learn more, view this on-demand webinar that includes how MTN Group, a leading multinational telecommunications company, is harnessing APIs to unlock new revenue opportunities. Google Cloud’s continued innovation in API Management To help organizations navigate 2020’s challenges, as well as adapt to trends in enterprise IT that have been unfolding for years ahead, Google Cloud launched several new capabilities throughout the year to bolster how we help our customers with API management:API Gateway helps developers securely share their serverless workloads and monitor consumption on serverless APIs. Apigee datasource for AppSheet helps citizen developers accelerate digital transformation, empowering them to harness APIs, and the more powerful datasets and functionality to which they provide access, for no-code app development. Apigee Adapter for Envoy As enterprises adopt microservices-based architectures, Apigee was first to build an adapter for Istio to expose services outside the mesh or between services running entirely within the mesh. Apigee adapter for Envoy now integrates Envoy-based services into your Apigee environment, extending Envoy’s capabilities to include API management and letting developers expose services behind Envoy as APIs.Thought leadership, best practices, and engagement with the API community We continued our engagement with the communities of developers, technical, and business leaders looking to do more with APIs. For example we launched That Digital Show, a podcast series in which we share field-tested best practices and real-world use cases to help enterprises to build and scale their API programs. We also offered our Business Innovation Roadshow, which explored how to think like a futurist to evaluate emerging business opportunities, how to discern key technology signals, and when and how to act in order to build an API-first strategy. We  launched a new series of ebooks, The Path of Most Resilience, that explores three tangible ways in which APIs help build business resilience via improved operational efficiency, accelerated innovation, and the development of richer customer experiences. We also published a range of blog posts and articles— if you missed any, you can catch up on all the API goodness here. Our thought leadership efforts also encompassed several industry-specific discussions, including:APIs for Healthcare The Digital Transformation of Healthcare, which examines how the healthcare industry is navigating these difficult times and how patients will soon benefit from new digital services.Getting Digital with Healthcare, which involves a panel of experts discussing three key pillars the healthcare industry is leveraging to help organizations enable data interoperability and provide value-based care.APIs for Marketing: The Automotive Industry, which surveys how APIs are being used for marketing and digital transformation in the automotive industry.APIs for Media and Entertainment, which looks at the digital future of movies, television and gaming.API-powered Open banking, which discusses how APIs can accelerate compliance, create connected customer experiences, and launch new productsLast but not the least, in partnership with Oxford Economics, we surveyed over 1,000 CIOs of large organizations (i.e., those with over $2 billion in revenue), from around the world and across industries, to understand their digital business ecosystem strategies—and the benefits they derive from cultivating those relationships. Check out the key findings of the survey and the role of APIs in building and scaling digital ecosystems.What’s next?We believe most of the current shifts in market dynamics will have long-term implications on consumer behavior and the way businesses operate; even before the pandemic disrupted enterprises throughout the world and increased the urgency around digital transformation, results from our Oxford Economics survey indicated that business leaders were connecting APIs to  the modern digital experience and efficiencies required to be competitive. Digital experiences across a range of form factors—in offices, stores, homes, or the field—will increasingly define how work gets done, how customers interact with businesses, and how businesses interact with one another. Interactions and automations among data and functionality in difference systems will power these experiences—and APIs will continue to power those interactions. Going into 2021, in order to reinvent and globally scale their efforts, enterprises will need to think beyond digital transformation, as which has become an issue of table stakes rather than the mark of a differentiated leader. Instead, businesses must strive to pursue digital excellence—and that means API management becomes even more important. It’s not enough to simply use APIs, though that is a prerequisite for success. Businesses need to harness their APIs to pursue new business models, such as monetizing data for an outside audience, or new partnerships, such as connecting one’s own APIs to those of social networks in order to create richer, wider-reaching customer experiences. Businesses need to learn from APIs, applying machine learning to discern trends in developer and end user behavior and further fortify digital services against attackers. And they need to extend their APIs in new directions, opening them not only to traditional developers but also the new breed of no-code application builders. To boost our customers’ efforts towards digital excellence, we look forward to launching several new capabilities in the coming year that will let customers leverage Google Cloud’s industry-leading offerings to accelerate their API programs. We’re excited to see what you build with them.
Quelle: Google Cloud Platform