Category Archives: Google for Work Blog

Work is going Google

Simplifying apps, desktops and devices with Citrix and Chrome Enterprise

As cloud adoption continues to accelerate, many organizations have found they need an ever-expanding fleet of mobile devices so that employees can work wherever and whenever they need. And research shows that when employees can work from anywhere, they can do more. According to Forbes, employee mobility leads to 30 percent better processes and 23 percent more productivity.

But as the demand for mobility grows, many organizations have also found themselves challenged by the need to provide secure mobile endpoints with access to certain legacy line-of-business or Windows apps. To help, last year we announced our partnership with Citrix to bring XenApp and XenDesktop to Chrome Enterprise.

Since bringing XenApp and XenDesktop to Chrome Enterprise, we’ve worked extensively with Citrix to help more businesses embrace the cloud. Last month, we announced that admins can now manage Chromebooks through several popular enterprise mobility management (EMM) tools, including Citrix XenMobile. And this year at HIMSS we showed how the combination of Citrix and HealthCast on Chrome Enterprise helps healthcare workers access electronic health records and virtualized apps securely on Chrome OS using their proximity badge.

All of this is the topic of an IDG webinar we’re co-sponsoring with Citrix. The webinar “Chrome OS & Citrix: Simplify endpoint management and VDI strategy” includes IDG CSO SVP/Publisher Bob Bragdon, Chrome Enterprise Group Product Manager Eve Phillips, and Citrix Chief Security Strategist Kurt Roemer as speakers, and addresses how Citrix and Chrome enable access to mission-critical business apps and create a productive workforce inside or outside corporate infrastructure.

Here’s what the webinar will cover:

  • How Chrome and Citrix can ensure secure access to critical enterprise apps.
  • How employees can be more productive through access to legacy apps in VDI. 
  • How Citrix XenApp (XA) and XenDesktop (XD) integrate with Chrome OS.
  • How Citrix’s upcoming product launches and enhancements with Chrome, GCP and G Suite can help enterprise IT teams and end users.

In March, Citrix’s Todd Terbeek shared his experiences transitioning to Chrome Enterprise, and this week Chief Security Strategist Kurt Roemer discussed how combining Citrix with Chrome can deliver expanded value across security, privacy and compliance. Our work with Citrix continues to evolve, and we’re looking forward to finding new ways to collaborate in the future.

To learn more, sign up for the webinar.

Source: Google Cloud


Meeting our match: Buying 100 percent renewable energy

A little over a year ago, we announced that we were on track to purchase enough renewable energy to match all the electricity we consumed over the next year. We just completed the accounting for Google’s 2017 energy use and it’s official—we met our goal. Google’s total purchase of energy from sources like wind and solar exceeded the amount of electricity used by our operations around the world, including offices and data centers.


What do we mean by “matching” renewable energy? Over the course of 2017, across the globe, for every kilowatt hour of electricity we consumed, we purchased a kilowatt hour of renewable energy from a wind or solar farm that was built specifically for Google. This makes us the first public Cloud, and company of our size, to have achieved this feat.


Today, we have contracts to purchase three gigawatts (3GW) of output from renewable energy projects; no corporate purchaser buys more renewable energy than we do. To date, our renewable energy contracts have led to over $3 billion in new capital investment around the world.

The road to 100 percent

We've been working toward this goal for a long time. At the outset of last year, we felt confident that 2017 was the year we'd meet it. Every year, we sign contracts for new renewable energy generation projects in markets where we have operations. From the time we sign a contract, it takes one to two years to build the wind farm or solar field before it begins producing energy. In 2016, our operational projects produced enough renewables to cover 57 percent of the energy we used from global utilities. That same year, we signed a record number of new contracts for wind and solar developments that were still under construction. Those projects began operating in 2017—and that additional output of renewable energy was enough to cover more than 100 percent of what we used during the whole year.


We say that we “matched” our energy usage because it’s not yet possible to “power” a company of our scale by 100 percent renewable energy. It’s true that for every kilowatt-hour of energy we consume, we add a matching kilowatt-hour of renewable energy to a power grid somewhere. But that renewable energy may be produced in a different place, or at a different time, from where we’re running our data centers and offices. What’s important to us is that we are adding new clean energy sources to the electrical system, and that we’re buying that renewable energy in the same amount as what we’re consuming, globally and on an annual basis.

Google's data center in Eemshaven, The Netherlands.
Google's data center in Eemshaven, The Netherlands.

Looking ahead

We’re building new data centers and offices, and as demand for Google products grows, so does our electricity load. We need to be constantly adding renewables to our portfolio to keep up. So we’ll keep signing contracts to buy more renewable energy. And in those regions where we can’t yet buy renewables, we’ll keep working on ways to help open the market. We also think every energy buyer—individuals and businesses alike—should be able to choose clean energy. We’re working with groups like the Renewable Energy Buyers Alliance and Re-Source Platform to facilitate greater access to renewably-sourced energy.


This program has always been a first step for us, but it is an important milestone in our race to a carbon-free future. We do want to get to a point where renewables and other carbon-free energy sources actually power our operations every hour of every day. It will take a combination of technology, policy and new deal structures to get there, but we're excited for the challenge. We can’t wait to get back to work.

Source: Google Cloud


Expanding our cloud network for a faster, more reliable experience between Australia and Southeast Asia

Earlier this year, we announced that we are expanding our global infrastructure with new regions and subsea cables, advancing our ability to connect the world and serve our Cloud customers with the world’s largest network.

Today, we’re excited to announce our investment in the Japan-Guam-Australia (JGA) Cable System.  

This new addition to the Google submarine network family, combined with investments in the  Indigo, HK-G and SJC subsea cables,will give GCP users access to scalable, diverse capacity on the lowest latency routes via a constellation of cables forming a ring between the key markets of Hong Kong, Australia and Singapore. Our investment in these cables builds on our other APAC cable systems, namely Unity, Faster and PLCN, interconnecting the United States with Japan, Taiwan and Hong Kong.

Taken together, these cable investments provide improved connectivity to GCP’s five cloud regions across Asia and Australia (with more on the way),so that companies using GCP can serve their customers no matter where they are.

The JGA cable system will have two fiber pairs connecting Japan to Guam, and two fiber pairs connecting Guam to Sydney. This provides deeply scalable capacity to both our users and Google Cloud Platform customers. JGA is being co-built by NEC Corporation and Alcatel Submarine Networks. The JGA-South segment is being developed by a consortium of AARnet, Google, and RTI-C, while the JGA-North segment is a private cable being developed by RTI-C. Together, the segments will stretch 9500 km (or nearly 6000 miles).

Whether we’re delivering directions to Maps users, videos to YouTube viewers, or GCP services to businesses, we know a fast and reliable infrastructure makes all the difference. That’s why we continue to invest in strategic routes, many of which require crossing oceans. To learn more about our network, visit our website.

JGA-1

Source: Google Cloud


ICYMI in March: here’s what happened in G Suite

Just like that, another month down.

In March, we announced a slew of security updates to Google Cloud, including enhancements to G Suite. In a nutshell, G Suite companies can now use advanced configurations to help fend off phishing scams. These updates will continue to help businesses block (ph)ishy activity, like if an untrusted sender tries to share encrypted attachments or if someone tries to trick you by sending information from a domain that looks like yours.

With these protections in place, more than 99.9 percent of Business Email Compromise (BEC) scenarios—when someone impersonates an executive to get sensitive information—are automatically moved to spam or flagged to users as shifty. Sorry, Charlie.

We also automatically enabled basic device management for mobile devices that access G Suite. Now IT admins can better enforce pass codes, erase confidential data for Android and iOS devices with selective account wipe and more without users needing to install profiles. Lastly, we added IRM controls to Team Drives to prevent folks from printing, downloading or copying files they shouldn’t have access to.


Many of these protections are default-on, which means you don’t have to do a thing. Read up here, or get started using the security center for G Suite.
ICYMI 1
ICYMI 2

This one is so simple. Did you know that you can make a copy of a Google Doc or Sheet with a quick URL change? In the URL of your document, delete the information before the final backslash. In this case, change “edit” to “copy.” Done!

And since security should always be top of mind, brush up on how to manage your share settings in Docs or other apps on our Help Center.

ICYMI 2
People predictions

→Most of us track down files in Google Drive by searching for the name of the person who shared a file with us. Because of this, Drive is going to start intelligently organizing the “Shared with Me” section by listing names and the files that people have shared with you, so you can track down files faster.

→ Two-step verification is an easy and effective way to protect G Suite users, which is why we recommend that businesses use security keys. Moving forward, all G Suite admins—not just G Suite Business admins—will be able to manage the deployment of security keys and view usage reports. Learn more.

→ Now your jams in Jamboard will automatically save to Drive.

Source: Google Cloud


Noodle on this: Machine learning that can identify ramen by shop

There are casual ramen fans and then there are ramen lovers. There are people who are all tonkatsu all the time, and others who swear by tsukemen. And then there’s machine learning, which—based on a recent case study out of Japan—might be the biggest ramen aficionado of them all.


Recently, data scientist Kenji Doi used machine learning models and AutoML Vision to classify bowls of ramen and identify the exact shop each bowl is made at, out of 41 ramen shops, with 95 percent accuracy. Sounds crazy (also delicious), especially when you see what these bowls look like:
Ramen bowls made at three different Ramen Jiro shops.
Ramen bowls made at three different Ramen Jiro shops

With 41 locations around Tokyo, Ramen Jiro is one of the most popular restaurant franchises in Japan, because of its generous portions of toppings, noodles and soup served at low prices. They serve the same basic menu at each shop, and as you can see above, it's almost impossible for a human (especially if you're new to Ramen Jiro) to tell what shop each bowl is made at.


But Kenji thought deep learning could discern the minute details that make one shop’s bowl of ramen different from the next. He had already built a machine learning model to classify ramen, but wanted to see if AutoML Vision could do it more efficiently.


AutoML Vision creates customized ML models automatically—to identify animals in the wild, or recognize types of products to improve an online store, or in this case classify ramen. You don’t have to be a data scientist to know how to use it—all you need to do is upload well-labeled images and then click a button. In Kenji’s case, he compiled a set of 48,000 photos of bowls of soup from Ramen Jiro locations, along with labels for each shop, and uploaded them to AutoML Vision. The model took about 24 hours to train, all automatically (although a less accurate, “basic” mode had a model ready in just 18 minutes). The results were impressive: Kenji’s model got 94.5 percentaccuracy on predicting the shop just from the photos.

Confusion matrix of Ramen Jiro shop classifier by AutoML Vision

Confusion matrix of Ramen Jiro shop classifier by AutoML Vision (Advanced mode). Row = actual shop, column = predicted shop. You can see AutoML Vision incorrectly identified the restaurant location in only a couple of instances for each test case.

AutoML Vision is designed for people without ML expertise, but it also speeds things up dramatically for experts. Building a model for ramen classification from scratch would be a time-consuming process requiring multiple steps—labeling, hyperparameter tuning, multiple attempts with different neural net architectures, and even failed training runs—and experience as a data scientist. As Kenji puts it, “With AutoML Vision, a data scientist wouldn’t need to spend a long time training and tuning a model to achieve the best results. This means businesses could scale their AI work even with a limited number of data scientists." We wrote about another recent example of AutoML Vision at work in this Big Data blog post, which also has more technical details on Kenji’s model.


As for how AutoML detects the differences in ramen, it’s certainly not from the taste. Kenji’s first hypothesis was that the model was looking at the color or shape of the bowl or table—but that seems unlikely, since the model was highly accurate even when each shop used the same bowl and table design. Kenji’s new theory is that the model is accurate enough to distinguish very subtle differences between cuts of the meat, or the way toppings are served. He plans on continuing to experiment with AutoML to see if his theories are true. Sounds like a project that might involve more than a few bowls of ramen. Slurp on.

Source: Google Cloud


Announcing Google Cloud Security Talks during RSA Conference 2018

In light of the many security incidents we can read about in the press, security continues to be a formidable challenge for many businesses. We believe that the move to a professionally managed secure Cloud infrastructure can help address this challenge.

Last week, Urs shared his thoughts on security, and we announced new initiatives such as Access Transparency as part of more than 20 security updates and enhancements to help enterprises protect their data and stay secure. Frequently, it’s better to learn about these topics in person and we can help with that.

Next month, many security professionals will come to San Francisco to the RSA Conference 2018, and we’ll offer our own Google Cloud Security Talks at Bespoke in Westfield San Francisco Centre, a five-minute walk from Moscone Center, where the RSA Conference will be held.

This series of 15 talks over two days will cover security across Google Cloud, the complex compliance and regulatory environment, shared responsibility, and best practices from Google’s own internal security processes. We’ll share more on our approach to security, as well as our roadmap from the beginning of this year through Next ‘18. Among others, featured presenters include Ben Hawkes, who heads up Project Zero, and Mark Risher, who leads Google’s Identity and Account Security team. You can see the full agenda below and register for the event on our website.

We’ll also have several interactive demos on hand to demonstrate how organizations can address security challenges such as ransomware attacks and data exfiltration.

RSA Conference 2018

We’re also excited that Googlers will be giving talks or participating on panels at the RSA Conference itself:

Threat Hunting Strategy: How to Catch Bears and Pandas [AIR-T10]
Heather Adkins
Tuesday, April 17, 2018 | 3:30 PM - 4:15 PM

Post-Quantum Cryptography [CRYP-W14]
Guillaume Endignoux
Wednesday, April 18, 2018 | 3:00 PM - 3:45 PM

How to Successfully Harness Machine Learning to Combat Fraud and Abuse [MLN-R12]
Elie Bursztein
Thursday, April 19, 2018 | 1:45 PM - 2:30 PM

Security and Privacy of Machine Learning [MLN-R14]
Ian Goodfellow
Thursday, April 19, 2018 | 3:00 PM - 3:45 PM

Google and Microsoft Debut: Replacing Passwords with FIDO2 Authentication [IDY-F02]
Sam Srinivas
Friday, April 20, 2018 | 10:15 AM - 11:00 AM

Google on BeyondCorp: Empowering Employees with Security for the Cloud Era [EXP-F02]
Jennifer Lin
Friday, April 20, 2018 | 10:15 AM - 11:00 AM

If you’re planning on attending RSA Conference 2018, please stop by—we’d love to say hello. For more information, or to register, visit our website.

Source: Google Cloud


Helping G Suite customers stay secure with new proactive phishing protections and management controls

Security tools are only effective at stopping threats if they are deployed and managed at scale, but getting everyone in your organization to adopt these tools ultimately hinges on how easy they are to use. It’s for this reason that G Suite has always aimed to give IT admins simpler ways to manage access, control devices, ensure compliance and keep data secure.

Today we announced more than 20 updates to deepen and expand Google Cloud customers’ control over their security. Many of these features will be turned on by default for G Suite so that you can be sure the right protections are in place for your organization. And, even better, in most cases your users won’t have to do a thing. Here’s the break down.

1. Helping to protect your users and organization with new advanced anti-phishing capabilities

We're applying machine learning (ML) to billions of threat indicators and evolving our models to quickly identify what could be a phishing attack in the making. Information from these self-learning ML models helps us flag suspicious content. At the same time, updated phishing security controls can be configured to automatically switch on the latest Google-recommended defenses.

These new default-on protections can:

  • Automatically flag emails from untrusted senders that have encrypted attachments or embedded scripts.
  • Warn against email that tries to spoof employee names or that comes from a domain that looks similar to your own domain.
  • Offer enhanced protections against spear phishing attacks by flagging unauthenticated email.
  • Scan images for phishing indicators and expand shortened URLs to uncover malicious links.

With the protections we have in place, more than 99.9% of Business Email Compromise (BEC) scenarios—or when someone impersonates an executive to get sensitive information—are either automatically moved to the spam folder or flagged with anomaly warnings to users.

GIF 1: Project POM G Suite

2. Giving you more control over mobile devices with default-on mobile management

Securing endpoints like mobile devices is one of the best ways for businesses to keep data safe. More than 7 million devices are already managed with G Suite’s enterprise-grade mobile management solution. With new proactive security settings, basic device management is automatically enabled for your mobile devices that access G Suite.

This means employees don’t have to install profiles on iOS and Android devices. It also means admins get added security management controls to help them:

  • See which devices access corporate data in a single dashboard.
  • Enforce pass codes and erase confidential data with selective account wipe for Android and iOS.
  • Automatically protect Android and iOS devices, with no user intervention or device profile required.

And you may have noticed we launched updates to Cloud Identity—a way for enterprises to manage users, apps and devices centrally. Cloud Identity includes user lifecycle management, account security, SSO, robust device and app management and unified reporting. Check it out.

Gif 2: Project POM G Suite

3. Offering you more visibility and insights to stay ahead of potential threats

IT admins who operate in the cloud seek tools, visibility and assistive insights to stop threats or gaps in operations before they become security incidents. This is why we introduced the security center for G Suite earlier this year. The security center is a tool that brings together security analytics, actionable insights and best practice recommendations from Google to help you protect your organization, data and users.

Today, we’re introducing additions to the security center for G Suite including:

  • New security charts to show OAuth activity and Business Email Compromise (BEC) scam threats that are specifically focused on phishing emails that may not have links.
  • New mobile management charts to help IT admins examine activity analytics and show when devices have been hijacked, rooted or jailbroken, as well as when other suspicious device activity has been detected.
  • Ways to reorganize the dashboard to focus on what is most important to your organization.
  • Ways to analyze your organization’s security health and get custom advice on security key deployment and protection against phishing scams.

Gif 3: Project POM G Suite

If you’re new to using the G Suite security center, check out these instructions to get started.

4. Providing built-in protections and controls for Team Drives

Enterprises share and store an enormous amount of content, which means admins need more controls to keep this data protected. That’s why we’re enhancing Team Drives with new security controls to give you more ways to safeguard highly-sensitive content. Now, your data can be protected by Information Rights Management (IRM) controls so you can feel confident that your company’s ideas stay “yours.”

Gif 4: Project POM G Suite

Specific updates include the ability to modify settings for Team Drives to:

  • Limit file access privilegesto Team Drives members, or only to users within your domain.
  • Add IRM controls to prevent users from printing, downloading and copying files within Team Drives.

These new security features for Team Drives will roll out over the next few weeks.

Get started

Phishing and mobile management controls are available now across all G Suite versions, and you’ll be able to use Team Drives controls in the coming weeks. If you’re a G Suite Enterprise customer, you can access the security center in the Admin console.

Source: Google Cloud


New ways to secure businesses in the cloud

From collaboration tools that accelerate productivity, to platforms that spur innovation, to AI-powered tools that drive better customer insights, the cloud is increasingly where we turn to transform businesses. It’s also where an increasing number of enterprises are turning to help protect their data and stay secure.

As Urs shared earlier this week, it’s been our belief from the beginning that if you put security first, everything else will follow. We continue to develop new ways to give our customers the capabilities they need to keep up with today’s ever-evolving security challenges. That’s why today we’re announcing more than 20 enhancements aimed to deepen and expand the control businesses have over their security environment. You can read all of our announcements in more detail on our posts covering Google Cloud Platform, G Suite and Chrome Enterprise updates. Here, we’d like to highlight three unique examples of our security functionality.

Unprecedented control to better protect your data

Google Cloud was designed, built, and is operated with security top of mind—from our custom hardware like our Titan chip, to data encryption both at rest and in transit by default. On top of this foundation, our customers have the freedom to deploy their own security controls based on their unique needs and the level of assurance they require. Today, we’re announcing VPC Service Controls to add to our broad set of protections.

Currently in alpha, VPC Service Controls help enterprises keep their sensitive data private while using GCP’s fully managed storage and data processing capabilities. Imagine constructing an invisible border around everything in an app that prevents its data from escaping, and having the power to set up, reconfigure and tear down these virtual perimeters at will. You can think of it like a firewall for API-based services on GCP. Well-defined VPC service controls can give admins a greater level of control to prevent data exfiltration from cloud services as a result of breaches or insider threats.

With this managed service, enterprises can configure private communication between cloud resources and hybrid VPC networks. By expanding perimeter security from on-premise networks to data stored in GCP services, enterprises can feel confident running sensitive data workloads in the cloud.

VPC Service Controls give admins even more precise control over which users can access GCP resources with Access Context Manager. Enterprises can create policies to grant access based on contextual attributes like user location, IP address and endpoint security status. These policies help ensure the appropriate level of protection is in place when allowing access to data in cloud resources from the internet.

Google Cloud is the first cloud provider to offer virtual security perimeters for API-based services with simplicity, speed and flexibility that far exceeds what organizations can achieve in a physical, on-premises environment.


Visibility into data risks, with actionable security insights


As use of cloud services continues to grow, clear visibility into an organization’s cloud footprint and the security status of its infrastructure is more important than ever. Businesses need the right data and actionable insights to stop threats before security incidents turn into damaging breaches. To that end, we’re announcing Cloud Security Command Center, currently in alpha.

Cloud Security Command Center is a security and data risk platform for GCP that helps enterprises gather data, identify threats and act on them before they result in business damage or loss. First, Cloud Security Command Center gives enterprises consolidated visibility into their cloud assets across App Engine, Compute Engine, Cloud Storage and Cloud Datastore. People can quickly understand the number of projects they have, what resources are deployed, where sensitive data is located, and how firewall rules are configured. With ongoing discovery scans, enterprises can view the history of their cloud assets to understand exactly what changed in their environment and act on unauthorized modifications.

Cloud Security Command Center also provides powerful security insights into cloud resources. For example, security teams can determine things like whether a cloud storage bucket is open to the internet or contains personally identifiable information, or whether cloud applications are vulnerable to cross-site scripting (XSS) vulnerabilities—to name just a few.

Finally, Cloud Security Command Center helps enterprises leverage and act on intelligence from Google and other leading security vendors. Administrators can identify threats like botnets, cryptocurrency mining and suspicious network traffic with built-in anomaly detection developed by the Google Security team, as well as integrate insights from vendors such as Cloudflare, CrowdStrike, Dome9, RedLock, Palo Alto Networks, and Qualys to help detect DDoS attacks, compromised endpoints, compliance policy violations, network intrusions and instance vulnerabilities and threats. With ongoing security analytics and threat intelligence, enterprises can better assess their overall security health in a central dashboard or through APIs, and immediately act on risks.

This is just one example of how we’re providing enterprises more visibility. Earlier this year, we announced the security center for G Suite, which provides security analytics and recommendations for our G Suite customers. Today we’re introducing additions to security center, including new charts which highlight phishing threats and suspicious device activity. You can read more about these improvements in our G Suite and GCP posts.

Transparency into how we interact with your data

Trust is paramount when choosing a cloud provider. We want to be as open and transparent as possible, allowing customers to see everything that happens to their data. Cloud Audit Logging helps answer the question of which administrators did what, where, when and why on your GCP projects.

And now, Access Transparency offers an immutable audit trail of actions taken by Google engineers and support whenever they interact with your content on GCP. Access Transparency builds on our already robust controls that restrict Google administrator activity to actions only with valid business justifications, such as responding to a specific ticket our customers have initiated or recovering from an outage.

Together, Cloud Audit Logs and Access Transparency Logs provide a more comprehensive view of admin activity in your cloud environment. We believe that trust is created through transparency, which is why we’re proud that GCP is the first to offer this level of visibility into cloud provider administrative activity.

What cloud security means for businesses

Today’s updates are just a few examples of how we’re making it easier and more secure for businesses to build and grow in the cloud—with many more still to come.

“Businesses’ path to cloud adoption relies heavily on trust; CEOs and CIOs need to feel comfortable that they are gaining significant benefit from the cloud without giving up control,” says Doug Cahill, Senior Analyst, ESG. “With these announcements, Google Cloud is continuing to provide more control and insight to customers—and commendable visibility into administrative activity within their cloud environments through Access Transparency—while offering them the peace of mind that many of the fundamental aspects of security are taken care of and constantly evolving along with the threat landscape.”

Customers like Credit Karma, Lahey Health, and Sanmina Manufacturing are working with Google Cloud to help secure their data.

“A strong security posture plays a critical role in helping us fulfill our mission of helping our members navigate the complex personal finance landscape through a predictive, data-driven recommendation system,” says Credit Karma Chief Technology Officer Ryan Graciano. “User trust is crucial to our business so security was hugely important when selecting a cloud provider. Google Cloud’s end-to-end approach met our high standards. This enables us to spend more time focusing on building the best products for our customers.”

We believe a more secure business landscape is better for everyone, and we’ll continue to develop ways to help businesses be more secure. For a closer look at all our security-related announcements today, read our in-depth posts on GCP, G Suite and Chrome Enterprise.

Source: Google Cloud


Security in the cloud

Security is one of the biggest issues of our time. Countless companies and governments have lost data because of security incidents. And just one breach could cost millions in fines and lost business—and most importantly, lose customer trust.

As a result, security is increasingly top of mind for CEOs and Boards of Directors. That’s why, this week, I’ll join Google Cloud CEO Diane Greene and many of our colleagues in New York, where we’ll meet with more than 100 CEOs to discuss security in the cloud.

At its most basic level, security is a human issue. Whether performed by individuals or organizations, cybersecurity attacks are ultimately carried out by people, regardless of motive.

Often these attacks rely on exploiting human nature, such as through phishing emails. And it’s people that they ultimately affect. By some accounts, 179 million personal records were exposed just in 2017 through data breaches.

And as a human issue, security is something we can tackle together.


Leveraging the cloud to protect against threats


Cloud providers offer a vast army of experts to protect against threats—one far larger than almost any internal team a company could invest in. In fact, if businesses were to go it alone, there wouldn’t be enough security professionals in the world to adequately protect every single company and their users.

In industries from financial services to healthcare to retail, companies are relying on the automation and scale offered by the cloud to protect their data and that of their customers—allowing their employees to focus on building their business. Many are coming to the same conclusion we have: In many cases, if you’re not moving to the cloud, you’re risking your business.

Take the CPU vulnerabilities that were disclosed in January, for example. These were major discoveries; they rocked the tech industry. But for the most part, cloud customers could go about their business. Here at Google Cloud, we updated our infrastructure through Live Migration, which required no reboots, no customer downtime, and did not materially impact performance. In fact, we got calls from customers asking if we had updated our systems to protect against the vulnerabilities—because they experienced no impact.

These won’t be the last security vulnerabilities to be uncovered; humans will never write perfect code. But the cloud makes it much easier to stay on top of them. The scale of the cloud security teams that find and mitigate emerging threats, the ability to update many systems at scale, and the automation to scan, update and protect users all contribute to cloud’s unique position to keep information and people secure.


Security at Google Cloud


Security has been paramount to Google from the very beginning. (I would know!) We’ve been operating securely in the cloud for almost 20 years, and we have seven apps with more than a billion users that we protect from threats every single day, and GCP itself connects to more than a billion IPs every day. We believe that security empowers innovation—that if you put security first, everything else will follow.

Security is in the details—and we pay attention at the most granular level. We were the first to introduce SSL email by default in 2010, we created the U2F security token standard in 2014, Chrome was the first browser to support post-quantum crypto in 2016, and in 2017 we introduced Titan, a purpose-built chip to establish hardware root of trust for both machines and peripherals on cloud infrastructure. These examples show the level of depth that we go into when thinking about security, and the role we take in pushing the industry forward to stay on top of evolving threats.

In addition, Google’s Project Zero team hunts for vulnerabilities across the internet, and have been behind the discoveries of “Heartbleed” as well as the recently-discovered “Spectre” and “Meltdown.” We also provide incentives to the security community to help us look for and find security bugs through our Vulnerability Reward Program.

We know how complex the security landscape is, and we’ve spent a lot of time thinking about how to solve this tough challenge. We’ve developed principles around security that define how we build our infrastructure, how we build our products, and how we operate.

For example, we believe it’s not enough to build something and try to make it secure after the fact. Security should be fundamental to all design, not bolted on to an old paradigm. That’s why we build security through progressive layers that deliver true defense in depth, meaning our cloud infrastructure doesn’t rely on any one technology to make it secure.

Now more than ever, it’s important for companies to make security an utmost priority and take responsibility for protecting their users. That’s true for Google too. At the end of the day, any organization is accountable to people above all, and user trust is crucial to business. If we don’t get security right, we don’t have a business.

That’s one of the reasons why I’m so passionate about cloud as a means to improve security. Google has always worked to protect users across the internet. With Google Cloud, we’re extending those capabilities to help businesses protect their users as well.

In the coming days, we'll share more about how we're pushing cloud security forward. Stay tuned.

Source: Google Cloud


Security in the cloud

Security is one of the biggest issues of our time. Countless companies and governments have lost data because of security incidents. And just one breach could cost millions in fines and lost business—and most importantly, lose customer trust.

As a result, security is increasingly top of mind for CEOs and Boards of Directors. That’s why, this week, I’ll join Google Cloud CEO Diane Greene and many of our colleagues in New York, where we’ll meet with more than 100 CEOs to discuss security in the cloud.

At its most basic level, security is a human issue. Whether performed by individuals or organizations, cybersecurity attacks are ultimately carried out by people, regardless of motive.

Often these attacks rely on exploiting human nature, such as through phishing emails. And it’s people that they ultimately affect. By some accounts, 179 million personal records were exposed just in 2017 through data breaches.

And as a human issue, security is something we can tackle together.

Leveraging the cloud to protect against threats

Cloud providers offer a vast army of experts to protect against threats—one far larger than almost any internal team a company could invest in. In fact, if businesses were to go it alone, there wouldn’t be enough security professionals in the world to adequately protect every single company and their users.

In industries from financial services to healthcare to retail, companies are relying on the automation and scale offered by the cloud to protect their data and that of their customers—allowing their employees to focus on building their business. Many are coming to the same conclusion we have: In many cases, if you’re not moving to the cloud, you’re risking your business.

Take the CPU vulnerabilities that were disclosed in January, for example. These were major discoveries; they rocked the tech industry. But for the most part, cloud customers could go about their business. Here at Google Cloud, we updated our infrastructure through Live Migration, which required no reboots, no customer downtime, and did not materially impact performance. In fact, we got calls from customers asking if we had updated our systems to protect against the vulnerabilities—because they experienced no impact.

These won’t be the last security vulnerabilities to be uncovered; humans will never write perfect code. But the cloud makes it much easier to stay on top of them. The scale of the cloud security teams that find and mitigate emerging threats, the ability to update many systems at scale, and the automation to scan, update and protect users all contribute to cloud’s unique position to keep information and people secure.


Security at Google Cloud

Security has been paramount to Google from the very beginning. (I would know!) We’ve been operating securely in the cloud for almost 20 years, and we have seven apps with more than a billion users that we protect from threats every single day, and GCP itself connects to more than a billion IPs every day. We believe that security empowers innovation—that if you put security first, everything else will follow.

Security is in the details—and we pay attention at the most granular level. We were the first to introduce SSL email by default in 2010, we created the U2F security token standard in 2014, Chrome was the first browser to support post-quantum crypto in 2016, and in 2017 we introduced Titan, a purpose-built chip to establish hardware root of trust for both machines and peripherals on cloud infrastructure. These examples show the level of depth that we go into when thinking about security, and the role we take in pushing the industry forward to stay on top of evolving threats.

In addition, Google’s Project Zero team hunts for vulnerabilities across the internet, and have been behind the discoveries of “Heartbleed” as well as the recently-discovered “Spectre” and “Meltdown.” We also provide incentives to the security community to help us look for and find security bugs through our Vulnerability Reward Program.

We know how complex the security landscape is, and we’ve spent a lot of time thinking about how to solve this tough challenge. We’ve developed principles around security that define how we build our infrastructure, how we build our products, and how we operate.

For example, we believe it’s not enough to build something and try to make it secure after the fact. Security should be fundamental to all design, not bolted on to an old paradigm. That’s why we build security through progressive layers that deliver true defense in depth, meaning our cloud infrastructure doesn’t rely on any one technology to make it secure.

Now more than ever, it’s important for companies to make security an utmost priority and take responsibility for protecting their users. That’s true for Google too. At the end of the day, any organization is accountable to people above all, and user trust is crucial to business. If we don’t get security right, we don’t have a business.

That’s one of the reasons why I’m so passionate about cloud as a means to improve security. Google has always worked to protect users across the internet. With Google Cloud, we’re extending those capabilities to help businesses protect their users as well.

In the coming days, we'll share more about how we're pushing cloud security forward. Stay tuned.

Source: Google Cloud