Kategorie: Google Cloud Platform

Cloud CISO Perspectives: March 2022

Two themes have been resonating for me across the security industry over the last month. The first is a topic from my personal blog that I wrote more than two years ago: Resilience is about Capabilities not Plans. Collectively, organizations have proven their ability to be resilient in light of many disruptive events like a pandemic, natural disasters, and cyber conflicts. Our resilience will only continue to be tested in existing or new ways into the future. Organizations that prioritize testing and re-testing capabilities across their people, process and technology vs. plans alone will continue to be the most resilient. The next theme is focusing on building secure products, not just security products. As an industry, we can be doing more in this area as recent weaknesses in security products have demonstrated. Security is the cornerstone of Google’s product strategy. We build secure solutions and products that strive to make security easier as well as secure-by-default choices that lead to the security outcomes we want our customers, users and employees to achieve.Below, I’ll recap the latest updates from the Google Cybersecurity Action Team, industry highlights and upcoming events. Event UpdatesMcKinsey Webinar on Security as Code: Next week, I’ll join the McKinsey team for a webinar on Security as Code to break down how the cloud can help make organizations more secure. Ensuring the safe adoption of cloud computing is becoming an increasing priority across the industry, reflecting the benefits that an organization can achieve from digital transformation. Increasingly, the cloud is viewed not as a risk to manage, but a means of managing risk in new, innovative and more substantial ways, while also improving an organization’s security posture. We’ll cover this and more during the webinar. Register here.Cloud Security Talks: Threat Detection & Response Edition: Earlier this month, we hosted our first Cloud Security Talks of 2022. The sessions covered all things security operations (SecOps) across on-premises, cloud and hybrid environments, highlighted product innovations and updates, and talked about how threat detection, investigation and response fits into our invisible security vision. Check out the on-demand sessions to learn more. Google Cybersecurity Action Team Highlights Here are the latest updates, products, services and resources from our cloud security teams this month: Security Federated workload identity with Certificate Authority Service (CA Service): To help support our customers’ implementation of zero trust strategies across all their IT environments, we announced that Google Cloud Certificate Authority (CA) Service can issue certificates for workloads reflecting their federated identities, even if the workloads are hosted on-premises or in other clouds. There’s a session in our Q4 2021 Zero Trust Security Talks on this topic that’s available on demand as well.New threat detection capabilities in Google Chronicle: The Chronicle team released the public preview of context-aware detections designed to create efficiencies for customers’ detection and response journey. Customers can use this contextualization to write better detections, prioritize existing alerts, and drive faster investigations. Community Security Analytics: As part of our efforts to help customers move toward Autonomic Security Operations, the Google Cybersecurity Action Team announced Community Security Analytics, a set of open-sourced queries and rules designed to help detect common cloud-based threats. Account Defender in reCAPTCHA Enterprise: Enterprises need tools to help fight online fraud targeting their user accounts and payments. To help, the reCAPTCHA Enterprise team introduced account defender, a new feature built into reCAPTCHA Enterprise that helps businesses determine if an action aligns or deviates from the account owner’s typical behavior.Chrome’s ongoing efforts to keep enterprises safe: For a long time Chrome has been the first line of defense to protect our employees and users against malicious URLs and content on the web. The security capabilities built into Chrome can help IT administrators strengthen their organization’s posture. Also of note, the new Chrome 2.1 CIS Benchmark covers independent recommendations on which Chrome policies to configure to help support organizations’ security and compliance needs.  Introducing Automatic Certificate Management Environment: We introduced an enhancement of Certificate Manager (in preview) which allows Google Cloud customers to acquire public certificates for their workloads that terminate TLS directly or for their cross-cloud and on-premise workloads. This provides Cloud Customers with a common certificate lifecycle management capability based on ACME without a single point of failure.Industry updatesHealthcare: In our latest healthcare security series post, Taylor Lehmann and Seth Rosenblatt from Google’s Cybersecurity Action Team discuss the value of sustainable visibility mechanisms for cybersecurity teams working in global healthcare organizations to help secure and preserve patient care and safety. U.S. Public Sector: Accelerating U.S. government security and compliance implementations: To help accelerate cloud adoption of cloud services, Google Cloud’s Public Sector Professional Services Organization (PSO) offers specialized consulting engagements. These engagements include helping customers on their journey to achieve Agency ATOs for the cloud products and services they use and developing zero trust strategies and architectures to help organizations meet requirements under the Executive Order on Improving the Nation’s Cybersecurity.Modernizing the U.S. Federal Government’s Approach to Cyber Threat Management with Autonomic Security Operations: The Google Cybersecurity Action Team released its latest whitepaper that details how Google Cloud can help drive federal agencies’ ability to meet the White House cybersecurity analytics requirements of EO 14028 and OMB M-21-31. Scaling and securing the cloud for defense applications: Read our latest blog post on how our secure cloud access solution built in partnership with Palo Alto Networks is helping Defense Innovation Unit (DIU) users access services in any commercial cloud environment, while performing the required security actions of logging, threat analysis, and session control.Fortifying Federal Networks: Google Workspace provides security based on zero trust concepts that support the business and operations of government, easy collaboration across teams regardless of location, and seamless access from any endpoint. To help federal agencies navigate implementations, our Work Safer program is available through many partners like Carahsoft. Financial Services: Cloud and the future of financial markets: Cloud Googlers participated in a fireside chat at FIA Boca 2022 to discuss the future of markets and policy, the new technologies that are already paving the way for greater speed and transparency, and how cloud can help promote greater resiliency, performance, and security in financial markets. The team also published a detailed paper on this topic.ComplianceCloud vendor due diligence services: One way we help our customers scale and accelerate their cloud assessments is by collaborating with third party risk management (TPRM) providers to provide independent due diligence services and platforms to help automate vendor risk management based on the data they collect and provide. By enabling our TPRM assessors to examine the controls present in our infrastructure and operations, they can develop independent and unbiased audit reports that can be shared directly with our customers. We currently work with industry-leading TPRM providers such as CyberGRX, TruSight, and KY3P to deliver high-quality risk assessments for our customers globally. Learn more in this blog post. Data governance in the cloud: Along with a corporate governance policy and a dedicated team of people, implementing a successful data governance program requires tooling. Google Cloud offers a comprehensive set of tools that enable organizations to manage their data securely, ensure governance, and drive data democratization.To have our Cloud CISO Perspectives post delivered every month to your inbox, sign-up for our newsletter. We’ll be back next month with more security-related updates.Related ArticleCloud CISO Perspectives: February 2022Google Cloud CISO Phil Venables shares his thoughts on the latest security updates from the Google Cybersecurity Action Team.Read Article
Quelle: Google Cloud Platform

Go 1.18 and Google Cloud: Go now with Google Cloud

On March 15th, the Go team announced Go 1.18 GA, the latest release of the Go programming language. The culmination of over a decade of design delivers the features our developers demanded: generics, fuzzing, and module workspaces. With this release, Go becomes the first major language to integrate fuzz testing into its core toolchain without using third-party support, further establishing Go as a preferred language for developing secure applications.Go was created at Google in 2007, designed to help developers build fast, reliable, and secure software. Unlike traditional languages, Go was built for the modern multi-core computing world. Go has emerged as a modern language for developing cloud applications, services, and infrastructure. Today Go powers several of Google’s largest products, and is used by many customers to scale their businesses. Organizations big and small love Go and the community of Go developers, known as “gophers” has grown into a global network with over 2 million users worldwide. Using the power of Go in the CloudWhen looking at the public repos, over 75% of CNCF projects including Kubernetes and Istio are written in Go and 10% of developers are writing in Go worldwide (as of May 2021). Google delivers high performance infrastructure to run key, cloud native, Open Source projects. Our modern cloud infrastructure is based on Kubernetes at its core and our strong support for Istio and Knative have formed the base of some of our leading services like Google Kubernetes Engine (GKE), our managed application platform with Anthos, Cloud Functions, and Cloud Run. Google uses Go extensively for a wide range of applications from our indexing platform that powers Google Search, to the server side optimizations that power Chrome’s 1B+ users, to the infrastructure on which Google cloud is built. Release HighlightsWith this new release of Go 1.18, Generics are the biggest change to Go since the language was created. Go developers told us that they feel that Go lacks critical features, with generics being the main missing piece. With Go 1.18, new and existing Go developers can take advantage of the productivity, performance, and maintenance benefits that generics can bring. We’ve already begun to see the new kinds of libraries and projects gophers are building with generics in its short beta period, and expect this creativity to grow as time goes on. This Go release also brings native support for fuzzing. Fuzzing is a type of vulnerability testing that throws arbitrary data at a piece of software to expose unknown errors and is emerging as a common testing scheme in enterprise development. Go is now the first major language to provide fuzzing support with no third-party integrations necessary, allowing developers to start building secure software with minimal additional cost. Go’s innovative approach to fuzzing can provide not only security for the current code but also ongoing protection as code and dependencies evolve.  With attacks on software becoming more common and complex, vulnerability detection can be a critical part of the enterprise development lifecycle, and Go’s fuzzing capabilities catch vulnerabilities earlier in the lifecycle.Build securely using Go At Google we are helping to make Open Source software secure. Open source software is a connective tissue for much of the online world. At Google, we’ve been working to raise awareness of the state of open source security and are committed to helping secure the software supply chain for organizations. Go has been designed to create secure applications, helping to minimize risk as much as possible. Go applications compile down to a single binary without local dependencies. It’s not uncommon to see an application built using only the standard library, or only a couple well-vetted Go dependencies. Go’s dependency management uses tamper-evident  transparency log, with built in tooling that helps ensure your dependencies are what you can expect. Go has native encryption, which is used across much of the internet, including key components of Google. Go even supports distroless containers, where there are zero local dependencies to worry about. Google Cloud products like Cloud Build, for CI/CDand Artifact Registry, for container management, and have direct access to Go’s vulnerability database and can provide you instant warnings about security threats. “At Google we are committed to helping to secure the online infrastructure and applications upon which the world depends. A critical aspect of this mission is being able to understand and verify the security of open source dependency chains. The 1.18 release of Go is an important step towards helping to ensure that developers are able to build secure applications, understand risk when vulnerabilities are discovered, and reduce the impact of cybersecurity attacks” said Eric Brewer, VP Infrastructure, Google FellowThis launch is a significant milestone for Go that helps developers from around the world build more performant and secure applications that run on any infrastructure. For more information on this release and how to get started with Go, please visit.
Quelle: Google Cloud Platform

Customer Care portfolio: Flexible, scalable, robust support

Technical support is now more critical than ever. It’s crucial to keeping your business running smoothly, while rapidly adjusting to an increasingly hybrid workforce that needs to stay connected at all times. Although the scale may vary, organizations of all sizes face similar challenges. We launched the Cloud Customer Care portfolio, a significant evolution in our technical support services, to address your needs with more comprehensive, scalable, and flexible services that can help you focus on your core business and provide you the service you expect from Google Cloud – regardless of the size of your organization.A reasonably priced technical support service for an unlimited number of users, Standard Support is intended for the general needs of small- to medium-sized organizations that have workloads in development. But as your business looks to build capacity and maintain workloads in production, you’ll need rapid critical-incident response, greater flexibility, and more specialized features. That’s where our Enhanced Support can provide exceptional value.Enhanced SupportUnplanned downtime, especially during planned events, can be catastrophic. Our Enhanced Support service is designed to keep you up and running with faster response times 24/7, along with direct access to technical support cases, our Cloud Support API to optimize management, and workload-centric support for multitechnology environments.But special circumstances demand special attention. That’s why we’ve created Value-Add Services for Enhanced Support that can give you the flexibility to:Receive expert assistance with our Technical Account Advisor Service. This service includes guided onboarding and ongoing hands-on stewardship, as well as monthly, quarterly, and yearly reviews, trend analysis, optimization recommendations, and dedicated case-escalation management for critical incident response.Get ahead of key business events that drive sudden high-traffic spikes like product launches, grand openings, or data migrations with Planned Event Support. Working with your team, we cover pre-event architecture reviews and accelerated response times, all followed by comprehensive post-event reporting that details pitfalls, successes, and lessons learned.Add a layer of governance to your support experience with Assured Support. By restricting support services to personnel who meet geographical-location and attribute-based requirements, it helps you ensure compliance with local standards, maintain data integrity and sovereignty, and maximize operational efficiencies.The combination of Enhanced Support and the Technical Account Advisor Service is the ideal solution for us at Moloco. It is an inexpensive way to access the timely attention we need, when we need it. From the start, we’ve experienced noticeable improvements with response times, technical guidance, and service reviews critical to our business success. Changhoon Kim, VP of Engineering, MolocoIn short, Enhanced Support helps you optimize your cloud experience with high-quality and robust support, fast response times, and additional services for businesses of all sizes. And if you sign up for Enhanced Support now, you’ll receive a 50% discount until March 31, 2022.What’s next for customers?Existing Silver, Gold, and Role-Based Support services will end for customers on May 31, 2022. Make the move now to our new Customer Care portfolio and keep your support services running seamlessly – with added capabilities. What’s next for partners?Existing Role-Based Support services will end for partners on May 31, 2022. To help ensure services continue to run seamlessly, be sure to move your organization – or, for resellers, your customer’s organization – to our new Customer Care portfolio prior to that date. For more information on partner programs and benefits, please refer to the Partner Advantage portal.If customers and partners choose not to make the transition, current support services will automatically transition to Basic Support, a nontechnical service for admin and billing inquiries only.What’s right for you?To get started, compare support services – including Basic, Standard, Enhanced, and Premium Support – and explore our pricing calculator to find the level that’s best for your needs and budget. Once you’ve selected your service, making the switch is simple, but the process looks a little different depending on your current plan. Check out step-by-step instructions for transitioning from Role-Based Support or transitioning from Silver or Gold Support. You can also sign up through the Google Cloud Console or contact your sales rep.Questions? Concerns? Suggestions? We want to hear from you.Your input is critical to how we continue to grow and refine the entire Cloud Customer Care portfolio. That’s why we regularly assess the effectiveness of our support services and base future improvements directly on your feedback. If you have any questions regarding which service is right for you or need assistance making the move, please contact us at Cloud Customer Care Support.  Sign up for Enhanced Support through the Cloud Console or contact your sales rep, and receive a 50% discount until March 31, 2022.Related ArticleMission Critical Services: for the most demanding enterprise environmentsMission Critical Services (MCS), a new Value Add Service available for purchase by Premium Support customers, is based on Google Cloud’s …Read Article
Quelle: Google Cloud Platform

Unlock more choice with updates to Google Cloud’s infrastructure capabilities and pricing

Over the past several years, Google Cloud has made significant investments in our infrastructure product portfolio. We launched new Tau T2D VMs, which deliver 42% better price-performance vs. other leading cloud providers. We upgraded Cloud Storage to offer more flexibility to support customers’ enterprise and analytics workloads, with dual-region buckets and upcoming Turbo Replication. And we’ve delivered numerous improvements to our global network, including expansion to 29 cloud regions. However, from conversations with customers, we’ve also learned we can do more to align our capabilities and pricing with their varied workloads. So, today, we are announcing we will adjust our infrastructure product and pricing structure to give customers more choice in how they pay for what they use alongside new, flexible SKUs with new product options and capabilities. These changes are designed to help ensure better product fit for our customers’ use cases across a wider array of workloads. They are also designed to better align with how other leading cloud providers charge for similar products, so customers can more easily compare services between leading cloud providers. Some of these changes will provide new, lower-cost options and features for Google Cloud products. Other changes will raise prices on certain products. Ultimately, our goal is to provide more flexible pricing models and options for how customers are using our cloud services. Here’s an overview of what customers can expect:Which services are changing? What new services are being introduced?We are changing prices for some storage, compute, and networking products. The changes provide customers with new ways to optimize their spending based on workload type and size, or data portability needs, as well as reducing costs on some services. Specific changes include: Cloud Storage pricing changes for data mobility, including replication of data written to a dual- or multi-region storage bucket, and inter-region data accessIntroduction of a new lower-cost archive snapshot option for Persistent Disk (PD), so that compliance/archiving use cases are charged less than compute-intensive DevOps workloadsNew outbound data processing pricing for Cloud Load Balancing, in line with other leading cloud providersNew pricing for Network Topology, which will include Performance Dashboard within Network Intelligence Center at no additional charge Will customers’ bills increase? Decrease?The impact of the pricing changes depends on customers’ use cases and usage. While some customers may see an increase in their bills, we’re also introducing new options for some services to better align with usage, which could lower some customers’ bills. In fact, many customers will be able to adapt their portfolios and usage to decrease costs. We’re working directly with customers to help them understand which changes may impact them.When will the new prices go into effect?Today, we sent customers a six-month notice on the price changes, which go into effect on October 1, 2022. Customers under existing commit contracts with a floating or fixed discount will not face any changes until renewal. Our goal is to help our customers manage any impact of these changes and allow time for them to adjust or modify their implementations. What should customers do next?There are a number of things customers can do to prepare for the changes:Read through the Mandatory Service Announcement (MSA) sent on March 14.Consider what actions, if any, they may want to take based on current storage, networking, and compute needs. Many of these changes may have simple choices associated with them.Consider using the Storage Transfer Service to select the right Cloud Storage bucket locations. Storage Transfer Service will be available free-of-cost for transfers within Cloud Storage, starting April 2 until the end of the year.For those customers under contract, Google Cloud account representatives are available to discuss these changes. Please visit our pricing page and the links below for more details on our updates to storage, networking, and PD pricing, including information on how to modify your implementations if needed. If you do not have an account manager and still have questions please review our public FAQ, which will be updated regularly, as well as the resource links below. Note: This pricing analysis is valid as of February 2022.Resources:Cloud Storage Pricing Announcements Load Balancing pricing AnnouncementsNetwork Intelligence Center pricing AnnouncementsPD Pricing AnnouncementsPublic FAQRelated ArticleA year in review: Advancements in infrastructure at Google CloudA recap of the year’s infrastructure progress, from impressive Tau VMs, to industry-leading storage capabilities, to major networking leaps.Read Article
Quelle: Google Cloud Platform