Libraries Without Borders US takes San Antonio’s digital divide head-on

Google Fiber works with incredible partners across the country working to make digital equity a reality in our communities. Back in 2019, we shared the innovative work of Libraries Without Borders US (LWB US) in San Antonio, TX, and now we’re thrilled to welcome Victoria Becker, Communications and Engagement Associate, to provide an update on those efforts through the pandemic and beyond. LWB US is a non-profit organization that delivers access to information, education, and cultural resources. From parks in Baltimore to laundromats in San Antonio, LWB US designs innovative tools and programs that meet people where they are with the resources they need most. 




Libraries Without Borders US (LWB US) has been working to promote access to information in underserved communities across the country since 2015. Fundamental to our work is designing and implementing innovative programs that reimagine libraries, often by transforming nontraditional spaces into hubs for community learning and engagement. With this mission in mind, we took our work to the laundromat, prompting the birth of the Wash and Learn Initiative (WALI).

Why laundromats? The average laundromat user has an income of $28,000; 1 in 4 individuals in this income bracket do not have access to broadband internet. By partnering with local libraries and organizations, LWB US brings not only books, computers, and internet connection directly to laundromats, but also digital skills trainings and curated resources that promote literacy, digital access, health education, legal information, and other issues. In doing this, LWB US could ensure that community members had easy access to critical resources, all while doing their weekly wash.

In March 2020, with the onset of the COVID-19 pandemic, we completely reimagined our work and shifted gears in response to swiftly growing needs. We designed and implemented the ConnectED Technology Kit program: an initiative to provide our constituents with a backpack equipped with a laptop, mobile hotspot, and a curated educational resource packet to be used at home. Last year, LWB US distributed over 120 kits to families in San Antonio outside Wash and Learn Initiative laundromats, including our newest WALI laundromat Laundry Rey’s.



We’re building on the work we did last year outside by bringing programming back inside. LWB US recently reinstalled the bookshelf at Laundry Rey’s, the first hint of WALI reinstall. With the support of Google Fiber, we are able to safely reimplement programming in our San Antonio WALI laundromats to continue to serve our community. Check out the video below see this incredible program up close and hear from our staff and stakeholders:

(((youtube)))

For more information about WALI or LWB in San Antonio, contact Lisa Alvarenga, our San Antonio Project Coordinator.

Posted by Victoria Becker, Communications and Engagement Associate, Libraries without Borders - US.



~~~

author: Victoria Becker

title: Communications and Engagement Associate, Libraries without Borders - US

yturl: https://www.youtube.com/embed/hCrb7rtHspc

category: community_impact

Updates on our continued collaboration with NIST to secure the Software Supply Chain

Posted by Eric Brewer and Dan Lorenc


Yesterday, we were honored to participate in President Biden’s White House Cyber Security Summit where we shared recommendations to advance the administration’s cybersecurity agenda. This included our commitment to invest $10 billion over the next five years to expand zero-trust programs, help secure the software supply chain, and enhance open-source security.

At Google, we’ve long advocated for securing the software supply chain both through our internal best practices and industry efforts that enhance the integrity and security of software. That’s why we're thrilled to collaborate with the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) to support and develop a new framework that will help to improve the security and integrity of the technology supply chain.

This builds on our previous work in June of this year, where we submitted four statements in response to the National Telecommunications and Information Administration (NTIA) and NIST’s call for position papers to help guide adoption of new software supply chain security standards and guidelines that fulfill components of the Executive Order on Improving the Nation’s Cybersecurity.

The papers lay out concrete ways to increase the nation’s cybersecurity, based on Google’s experience building secure by design systems for our users and enterprise customers. Each of the suggestions are enactable solutions for software supply chain security, and were drawn from Google’s research and innovations in engineering away entire classes of vulnerabilities.

NIST and NTIA also released their guidelines in July for several of the Executive Order’s target areas (SBOM Minimum Elements, Critical Software Guidelines, Developer Verification of Software), incorporating specific recommendations from Google. Below are summaries of each of Google’s position papers, and background on our contributions and impact in each area.

High-Confidence, Scalable Secure Development

Instead of being reactive to vulnerabilities, we should eliminate them proactively with secure languages, platforms, and frameworks that stop entire classes of bugs.

Preventing problems before they leave the developer’s keyboard is safer and more cost effective than trying to fix vulnerabilities and their fallout. (Consider the enormous impact of the SolarWinds attack, which is predicted to take $100 billion to remediate.) Google promotes designs that are secure by default and impervious to simple errors that can lead to security vulnerabilities.

We want to see secure systems used as widely as possible, so we have invested in initiatives such as getting Rust into the Linux Kernel, published research papers, and shared guidance on secure frameworks.

Security Measures for Critical Software

Critical software does not exist in a vacuum; we must also harden the broader systems and run environments. Our paper outlines a list of actionable steps for critical software's configuration, the privileges with which it runs, and the network(s) to which it is connected.

Our suggestions are based on practices that have withstood the tests of time and scale, such as in our Google Cloud Products, built on one of the industry’s most trusted clouds.

Google contributes to open-source tools that help maintainers adopt these practices, such as gVisor for sandboxing, and GLOME for authentication and authorization. Additionally, to share the knowledge we have gained securing systems that serve billions of users, we released our book Building Secure and Reliable Systems, a resource for any organization that wants to design systems that are fundamentally secure, reliable, and scalable.
 
Software Source Code Testing

Continuous fuzzing is indispensable for identifying bugs and catching vulnerabilities before attackers do. We also suggest securing dependencies using automated tools such as Scorecards, Dependabot, and OSV.

Google has made huge contributions to the field of fuzzing, and has found tens of thousands of bugs with tools like libFuzzer and ClusterFuzz.

We have made continuous fuzzing available to all developers through OSS-Fuzz, and are funding integration costs and fuzzing internships. We are leading a shift in industry support: on top of bug bounties, which are rewards programs for finding bugs, we have also added patch rewards, money that can help fund maintainers remediate uncovered bugs.

Software Supply Chain Integrity

Google strongly encourages adoption of SLSA, an end-to-end framework for ensuring the integrity of software artifacts throughout the software supply chain. Four “SLSA Levels” provide incrementally adoptable guidelines that each raise the bar on security standards for open-source software.

SLSA is based on Google’s internal framework Binary Authorization for Borg (BAB) that ensures that all software packages used by the company meet high integrity standards. Given BAB’s success, we have adapted the framework to work for systems beyond Google and released it as SLSA to help protect other organizations and platforms.

We have shared many of Google’s practices for security and reliability in our Site Reliability Engineering book. Following our recent introduction of SLSA to the wider public, we are looking forward to making improvements in response to community feedback.

Minimum Requirements for SBOMs

Google submitted an additional paper in response to the NTIA’s request for comments on creating SBOMs, which will give users information about a software package’s contents. Modern development requires different approaches than classic packaged software, which means SBOMs must also deal with intermediate artifacts like containers and library dependencies.

SBOMs need a reasonable signal-to-noise ratio: if they contain too much information, they won’t be useful, so we urge the NTIA to establish both minimum and maximum requirements on granularity and depth for specific use-cases. We also recommend considerations for the creation of trustworthy SBOMs, such as using verifiable data generation methods to capture metadata, and preparing for the automation and tooling technologies that will be key for widespread SBOM adoption.

Improving Everyone’s Security

We are committed to helping advance collective cybersecurity. We also realize that too many guidelines and lists of best practices can become overwhelming, but any incremental changes in the right direction make a real difference. We encourage companies and maintainers to start evaluating today where they stand on the most important security postures, and to make improvements with the guidance of these papers in the areas of greatest risk. No single entity can fix the problems we all face in this area, but by being open about our practices and sharing our research and tools, we can all help raise the standards for our collective security.

A new model for inclusive computer science education

The lack of diversity in the computing education pipeline has been a remarkably persistent problem. Something that’s stalled progress in addressing disparities is that there’s largely been a focus on individuals, such as teachers and students, rather than on how equity plays out across multiple levels of the computer science (CS) education ecosystem. This is why our work at the University of Texas since 2014 focuses on understanding the root causes of inequities in the CS education pipeline and how every level of the system influences equity.


With the support of a CS-ER (computer science education research) grant from Google, my colleague Jayce Warner and I developed a framework for thinking about equity across the CS education ecosystem. We began this work after digging into data in Texas in 2014 and finding that only about a quarter of Texas high schools offered any kind of CS course and fewer than 3% of Texas students were taking a CS course each year.  The students enrolled in CS courses were also not reflective of the student population in our diverse state. We launched what became the WeTeach_CS professional development program, with the ultimate objective of seeing equitable enrollment in CS courses in Texas. To achieve this goal, we first had to improve access to CS courses and increase the number of CS-certified teachers in the state. 


At the time, we thought equity had to wait until we had solved the capacity, access and participation challenges. But as we began thinking more deeply about this model and asking our colleagues in the Expanding Computing Education Pathways (ECEP) Alliance for feedback, we realized several things:


True Equity is about more than just diversity in the classroom, and just because something is available to everyone doesn’t mean that everyone can or will benefit. Also, education is very complex and the things we can easily measure (such as AP class participation) may not be the best indicators of change or success.


We developed a new framework that reflects how things connect at different levels of CS education.  Most importantly, this model helps us better understand how equity plays out at each level. We’ve called it the CAPE framework and it consists of four interdependent components: capacity for CS education, access to CS education, participation in CS education and experience of CS education. 


Each level affects the next. For example, if we want students to have equitable experiences in CS, we first need to make sure they’re participating equitably. Equitable participation relies on equitable access and equitable access relies on equitable capacity. 




CAPE is represented as a triangle with four levels. Capacity for CS Education is the foundational level of the triangle, with access to CS education above that, participation in CS education above that, and experiences of CS education at the top. Example questions that can be asked at the Capacity level address teachers, funding and policies such as Do districts in all areas have the resources to offer CS and to train and certify teachers? Access questions deal with course offerings such as Are CS courses offered in low-income schools at similar rates to other schools? Questions at the participation level address student enrollment such as Which subgroups are underrepresented in CS courses and to what extent? Experience level questions can address student outcomes such as How does instruction and learning differ across student subgroups and do all students feel a sense of belonging in CS?

The CAPE Framework helps the entire CS education community think about the systems they work in and the types of questions they should ask to ensure equity and inclusion in computing. One example is Jackie Corricelli, a PreK-12 CS Curriculum Specialist in West Hartford Public Schools (CT), who’s used the CAPE framework to evaluate her district’s K-12 CS program. In another example, Bryan Cox, Computer Science Specialist at the Georgia Department of Education, is building a public dashboard to track access and participation in K-12 CS education in Georgia. In Texas, we’ve used CAPE to frame our state and regional CSEd Profiles and recently released a new interactive visualization to explore capacity, access and participation across the state’s 1,200 school districts and more than 2,000 high schools. 


Google supported these efforts with a CS-ER grant awarded to UT Austin, which was instrumental in the development and evolution of the CAPE framework. In 2021, Google awarded seven new CS-ER grants. This year’s grant awardees are: Amy J. Ko, University of Washington; Derek Aguiar, University of Connecticut; Jean Ryoo, University of California, Los Angeles; Jennifer Parham-Mocello, Oregon State University; Joshua Childs and Tia Madkins, The University of Texas at Austin; Melanie Williamson and Audrey Brock, Bluegrass Community & Technical College; and Mounia Ziat, Bentley University.


For more information about each of the recipient’s projects, or to submit an application to be considered for future cohorts, you can visit Google Research’s Outreach page.

Watch With Me on Google TV: Hasan Minhaj’s watchlist

Movies and TV can make us laugh, cry and even shape who we are. Our watchlists can be surprisingly revealing. We’re teaming up with entertainers, artists and cultural icons on a new ongoing Watch With Me series on Google TV to share their top picks and give you a behind-the-scenes look at the TV and movies that inspired them.


Writer, comedian, producer and TV host Hasan Minhaj is best known for his sharp, earnest political commentary. When he isn’t on screen tackling any number of current issues, he’s happy to sit back and rewatch one of his favorite films. 


“Movies and TV shows are an opportunity to watch something with loved ones,” Hasan says. “Whether they make you laugh or feel something deep. Or they can be a source of respite, or help you realize how big the world is.”


We sat down with Hasan to learn more about his own Google TV watchlist and discover any hidden gems he has on repeat. “To me, rewatchability is everything. So my watchlist is everything that I can watch over and over, whether it's with my wife, dad or kids. That's what's on my watchlist: Comfort food in the form of movies.”

Google TV showing Watch With Me page with Hasan Minhaj’s watchlist.

Do you prefer watching movies alone or with others?

Hasan Minhaj: I love watching movies with people, but now that I’m a dad with two kids, I’ll watch movies any way I can when I get the chance. 


Who is the first person you call to talk about a new movie or show?

Hasan Minhaj: My best friend, Prashanth. We can get really argumentative and petty and just go head-to-head about why we love or hate something. But we’re still friends when it’s all said and done. 


What’s your must-have movie snack?

Hasan Minhaj: I like to have the best of both worlds. I go one salty, one sweet, which to me is why the Peanut M&Ms are probably one of the greatest movie snacks ever.


Do you read reviews before seeing a movie or show? 

Hasan Minhaj: No, I listen to my friends. If a friend texts me, "Hey, you have to check out ‘Ted Lasso,’" I'll check it out. 


How would you describe your watchlist?

Hasan Minhaj: I’d say it’s a guaranteed good time. I think if someone were to look at my watchlist, they would be like, "Hey, he loves movies that are really funny. He's definitely a dad. And he definitely has a soft spot for 80s, 90s and early 2000s nostalgia."


To check out Hasan’s watchlist and learn more about how Chris Rock inspired his start in comedy, catch his full interview and watchlist on Google TV's For You tab, coming in the next few days. Be sure to join in on the fun and share your favorites using #WatchWithMe.

From startup founder to product manager in Nairobi

Welcome to the latest edition of “My Path to Google,” where we talk to Googlers, interns and alumni about how they got to Google, what their roles are like and even some tips on how to prepare for interviews.

This week we spoke with Andrew Kamau, a Noogler — new Googler — who recently joined as a Product Manager in Nairobi. Learn how Andrew’s career took him from startups in Kenya to creating products at Google.

What do you do at Google?

I’m a product manager working on the Privacy team for Chrome Browser. Product management typically involves wearing multiple hats, but I can summarize it as supporting my team in ensuring that we are delivering product features that help our users stay and feel safe while using Chrome to access the web.

I work closely with a team of engineers, designers, product managers and other cross-functional roles to anticipate our users’ needs such as easy-to-use privacy controls and protection from online threats. We then design product strategy that meets those needs. This usually involves weaving together inputs from our users and colleagues across different teams and then making product decisions that align with the company’s mission.

How would you describe your path to Google?

I’ve had a somewhat unusual path compared to most folks in my position. My career background is largely in tech startups. I live in Nairobi, which has a thriving community of creative talent from which I’ve benefited from and to which I’ve contributed. My time as an entrepreneur working on financial technology exposed me to opportunities that helped diversify my experiences and build up the empathy and skill set that is extremely invaluable as a product manager.

Coming from a startup background, I was — on one hand — nervous about moving to a global corporation. I worried that I might not fit into the culture, having not worked at any organization with more than 40 people in the entirety of my career before this. On the other hand, the interesting thing about working at Google is that I’m still able to channel my scrappy, entrepreneurial approach to experimenting and building products. The difference is that I now have access to world-class technology and talent to support me every step of the way and the impact of my work has increased exponentially.

What’s the one thing that surprised you about the interview process?

Considering that I went through the entire process in the midst of the pandemic and working from home, I was pleased to find that everyone involved was gracious enough to accommodate my preferences, so I didn’t have to worry about awkward situations like my son barging in on our video calls.

I did have some preconceived notions about what the recruiting process would look like. One that took me by surprise was how helpful and supportive my recruiter was. She helped make the process less jarring and more rewarding; even going so far as to set up calls with product managers and engineers who work at roles similar to the one I was interviewing for. They voluntarily provided guidance and advice, which helped me be better prepared for the technical interviews.

Andrew and his son smile at the camera holding a Noogler hat.

Andrew and his son

What gets you most excited in your role?

Chrome is used on over three billion devices across the world to access the web. Building and maintaining safe and reliable product experiences for our users at this scale is a huge responsibility and source of motivation for me. I enjoy working on technical solutions to advance our mission and deliver value to our users. I’m particularly fortunate to work with incredibly smart engineers and designers on our teams.

In my role, every day is different. Some days are spent largely on meetings, chat and email with my colleagues brainstorming and planning, while others are heads-down working on synthesizing feedback from users and developing product requirements. 

I regularly carve out time on my weekly calendar for virtual coffees and lunches where I get to meet folks in the company based in Munich, London, Dublin, and other locations globally. Due to the diversity of backgrounds and experiences in the company, there’s always something fun and interesting to learn from others.

Any tips for aspiring Googlers in Africa?

First and foremost, focus on being great at your craft while maintaining a low ego. I strongly believe that confidence, ambition and humility can co-exist.

Having mostly worked in the African tech industry, I’m constantly blown away by the talent and creativity that I encounter. I’d encourage anyone who aspires to make the jump not to doubt themselves and apply. You don’t need to know anybody (I didn’t!) or pull any strings.

It’s also important to take time to find a role and team that is an ideal match. For example, I had to delay my process for a few months until I found the role and team that best matched my interests. Eventually, I ended up interviewing for a different role from the one I was invited to apply for — and it worked out great.

Related Article

Using AI to map Africa’s buildings

Google's Open Buildings uses AI to provide a digital footprint of buildings.

Read Article

More support for women founders in Asia

Ketty Lie remembers her college graduation like it was yesterday. Her mother held her hand tightly as they walked across the lawn to the ceremony and told her how proud she was that Ketty had achieved the dream she never got to fulfill herself.


That investment in education led Ketty to become an entrepreneur. Today, her company ErudiFi is focused on expanding access to education for young people across Southeast Asia. And Ketty is getting ready to start the twelve-week Women Founders Academy with Google for Startups.
Ketty Lie, the founder of ErudiFi, in a black t-shirt looking directly at the camera

Ketty Lie is excited to join the program and meet her fellow women entrepreneurs.

Following a successful first year in 2020, the Women Founders Academy 2021 will offer a new group of founders training to sharpen their leadership skills, build strong teams and address their unique growth needs, including funding. They will take part in workshops, connect with a community of Google advisors, venture capitalists and business executives and receive mentoring from dedicated subject matter experts. The 10 participants, from five countries in Asia Pacific, are:

  • Dorothy Yio, (Singapore). Engage Rocket is a cloud-based software company that helps organizations improve their employee experience.
  • Sophie Jokelson, (Singapore). Cove is a co-living company that makes it easier, faster and more flexible to rent comfortable homes at honest prices.
  • Vanessa Geraldine, (Indonesia). Prieds Technology offers an all-in-one business and technology solution to improve business efficiency.
  • Utari Octavianty, (Indonesia). Aruna is a fisheries platform that connects small-scale fishermen to the global market through technology.
  • Ketty Lie, (Indonesia). ErudiFi is a technology company focused on expanding access to education in Southeast Asia.
  • Angela Jihee Park, (Korea). Kokozi offers an audio content platform and device that provides children with unique audio experiences. 
  • Ji Eun Chung, (Korea). CODIT runs an AI data intelligence platform that helps companies manage legal, regulatory and policy risks and opportunities.
  • Monika Mehta, (India). Zealth-AI is a platform that helps manage cancer through digital remote monitoring and patient engagement.
  • Laina Emmanuel, (India). BrainSightAI is building a neuroinformatics platform that uses technology to help answer questions about neuro-oncological and neuro-psychiatric disorders.
  • Yugari Nagata, (Japan)DATA VIZ LAB is a data analytics and visualization consulting company that builds on cloud technology.

Ketty is ready to meet her fellow founders and excited about the opportunity to share lessons and experiences. “Sometimes it’s lonely being a woman founder in the tech startup world,” she says. “Finding a community of like-minded women who are building tech-based businesses in Asia hasn’t been easy and this program provides a unique platform that I wouldn’t otherwise have.”


The Women Founders Academy class of 2021 will celebrate its graduation in November. We’re looking forward to helping these founders take their next steps as entrepreneurs and business leaders.

More support for women founders in Asia

Ketty Lie remembers her college graduation like it was yesterday. Her mother held her hand tightly as they walked across the lawn to the ceremony and told her how proud she was that Ketty had achieved the dream she never got to fulfill herself.


That investment in education led Ketty to become an entrepreneur. Today, her company ErudiFi is focused on expanding access to education for young people across Southeast Asia. And Ketty is getting ready to start the twelve-week Women Founders Academy with Google for Startups.
Ketty Lie, the founder of ErudiFi, in a black t-shirt looking directly at the camera

Ketty Lie is excited to join the program and meet her fellow women entrepreneurs.

Following a successful first year in 2020, the Women Founders Academy 2021 will offer a new group of founders training to sharpen their leadership skills, build strong teams and address their unique growth needs, including funding. They will take part in workshops, connect with a community of Google advisors, venture capitalists and business executives and receive mentoring from dedicated subject matter experts. The 10 participants, from five countries in Asia Pacific, are:

  • Dorothy Yio, (Singapore). Engage Rocket is a cloud-based software company that helps organizations improve their employee experience.
  • Sophie Jokelson, (Singapore). Cove is a co-living company that makes it easier, faster and more flexible to rent comfortable homes at honest prices.
  • Vanessa Geraldine, (Indonesia). Prieds Technology offers an all-in-one business and technology solution to improve business efficiency.
  • Utari Octavianty, (Indonesia). Aruna is a fisheries platform that connects small-scale fishermen to the global market through technology.
  • Ketty Lie, (Indonesia). ErudiFi is a technology company focused on expanding access to education in Southeast Asia.
  • Angela Jihee Park, (Korea). Kokozi offers an audio content platform and device that provides children with unique audio experiences. 
  • Ji Eun Chung, (Korea). CODIT runs an AI data intelligence platform that helps companies manage legal, regulatory and policy risks and opportunities.
  • Monika Mehta, (India). Zealth-AI is a platform that helps manage cancer through digital remote monitoring and patient engagement.
  • Laina Emmanuel, (India). BrainSightAI is building a neuroinformatics platform that uses technology to help answer questions about neuro-oncological and neuro-psychiatric disorders.
  • Yugari Nagata, (Japan)DATA VIZ LAB is a data analytics and visualization consulting company that builds on cloud technology.

Ketty is ready to meet her fellow founders and excited about the opportunity to share lessons and experiences. “Sometimes it’s lonely being a woman founder in the tech startup world,” she says. “Finding a community of like-minded women who are building tech-based businesses in Asia hasn’t been easy and this program provides a unique platform that I wouldn’t otherwise have.”


The Women Founders Academy class of 2021 will celebrate its graduation in November. We’re looking forward to helping these founders take their next steps as entrepreneurs and business leaders.

Why we’re committing $10 billion to advance cybersecurity

We welcomed the opportunity to participate in President Biden’s White House Cyber Security Meeting today, and appreciated the chance to share our recommendations to advance this important agenda. The meeting comes at a timely moment, as widespread cyberattacks continue to exploit vulnerabilities targeting people, organizations, and governments around the world.


That’s why today, we are announcing that we will invest $10 billion over the next five years to strengthen cybersecurity, including expanding zero-trust programs, helping secure the software supply chain, and enhancing open-source security. We are also pledging, through the Google Career Certificate program, to train 100,000 Americans in fields like IT Support and Data Analytics, learning in-demand skills including data privacy and security. 


Governments and businesses are at a watershed moment in addressing cybersecurity. Cyber attacks are increasingly endangering valuable data and critical infrastructure. While we welcome increased measures to reinforce cybersecurity, governments and companies are both facing key challenges: 


First, organizations continue to depend on vulnerable legacy infrastructure and software, rather than adopting modern IT and security practices. Too many governments still rely on legacy vendor contracts that limit competition and choice, inflate costs, and create privacy and security risks. 


Second, nation-state actors, cybercriminals and other malicious actors continue to target weaknesses in software supply chains and many vendors don’t have the tools or expertise to stop them. 


Third, countries simply don’t have enough people trained to anticipate and deal with these threats. 


For the past two decades, Google has made security the cornerstone of our product strategy. We don’t just plug security holes, we work to eliminate entire classes of threats for consumers and businesses whose work depends on our services. We keep more users safe than anyone else in the world — blocking malware, phishing attempts, spam messages, and potential cyber attacks. We’ve published over 160 academic research papers on computer security, privacy, and abuse prevention, and we warn other software companies of weaknesses in their systems. And dedicated teams like our Threat Analysis Group work to counter government-backed hacking and attacks against Google and our users, making the internet safer for everyone.


Extending the zero-trust security model 

We’re one of the pioneers inzero-trust computing, in which no person, device, or network enjoys inherent trust.  Trust that allows access to information must be earned.  We’ve learned a lot about both the power and the challenges of running this model at scale. 


Implemented properly, zero-trust computing provides the highest level of security for organizations.  We support the White House effort to deploy this model across the federal government. 


As government and industry work together to develop and implement zero-trust solutions for employee access to corporate assets, we also need to apply the approach to production environments. This is necessary to address events like Solarwinds, where attackers used access to the production environment to compromise dozens of outside entities. The U.S. government can encourage adoption by expanding zero-trust guidelines and reference architecture language in the Executive Order implementation process to include production environments, which in addition to application segmentation substantially improves an organization’s defense in depth strategy. 


Securing the software supply chain 

Following the Solarwinds attack, the software world gained a deeper understanding of the real risks and ramifications of supply chain attacks. Today, the vast majority of modern software development makes use of open source software, including software incorporated in many aspects of critical infrastructure and national security systems. Despite this, there is no formal requirement or standard for maintaining the security of that software. Most of the work that is done to enhance the security of open source software, including fixing known vulnerabilities, is done on an ad hoc basis. 


That’s why we worked with the Open Source Security Foundation (OpenSSF) to develop and release Supply Chain Levels for Software Artifacts (SLSA or “salsa”), a proven framework for securing the software supply chain. In our view, wide support for and adoption of the SLSA framework will raise the security bar for the entire software ecosystem. 


To further advance our work and the broader community’s work in this space, we committed to invest in the expansion of the application of our SLSA framework to protect the key components of open-source software widely used by many organizations. We also pledged to provide $100 million to support third-party foundations, like OpenSSF, that manage open source security priorities and help fix vulnerabilities.


Strengthening the digital security skills of the American workforce

Robust cybersecurity ultimately depends on having the people to implement it. That includes people with digital skills capable of designing and executing cybersecurity solutions, as well as promoting awareness of cybersecurity risks and protocols among the broader population. In short, we need more and better computer security education and training.  


Over the next three years, we're pledging to help 100,000 Americans earn Google Career Certificates in fields like IT Support and Data Analytics to learn in-demand skills including data privacy and security. The certificates are industry-recognized and supported credentials that equip Americans with the skills they need to get high-paying, high-growth jobs. To date, more than half of our graduates have come from backgrounds underserved in tech (Black, Latinx, veteran, or female). 46% of our graduates come from the lowest income tertile in the country. And the results are strong: 82% of our graduates report a positive career impact within six months of graduation. Additionally, we will train over 10 million Americans in digital skills from basic to advanced by 2023.


Leading the world in cybersecurity is critical to our national security. Today’s meeting at the White House was both an acknowledgment of the threats we face and a call to action to address them. It emphasized cybersecurity as a global imperative and encouraged new ways of thinking and partnering across government, industry and academia. We look forward to working with the Administration and others to define and drive a new era in cybersecurity. Our collective safety, economic growth, and future innovation depend on it.


Why we’re committing $10 billion to advance cybersecurity

We welcomed the opportunity to participate in President Biden’s White House Cyber Security Meeting today, and appreciated the chance to share our recommendations to advance this important agenda. The meeting comes at a timely moment, as widespread cyberattacks continue to exploit vulnerabilities targeting people, organizations, and governments around the world.


That’s why today, we are announcing that we will invest $10 billion over the next five years to strengthen cybersecurity, including expanding zero-trust programs, helping secure the software supply chain, and enhancing open-source security. We are also pledging, through the Google Career Certificate program, to train 100,000 Americans in fields like IT Support and Data Analytics, learning in-demand skills including data privacy and security. 


Governments and businesses are at a watershed moment in addressing cybersecurity. Cyber attacks are increasingly endangering valuable data and critical infrastructure. While we welcome increased measures to reinforce cybersecurity, governments and companies are both facing key challenges: 


First, organizations continue to depend on vulnerable legacy infrastructure and software, rather than adopting modern IT and security practices. Too many governments still rely on legacy vendor contracts that limit competition and choice, inflate costs, and create privacy and security risks. 


Second, nation-state actors, cybercriminals and other malicious actors continue to target weaknesses in software supply chains and many vendors don’t have the tools or expertise to stop them. 


Third, countries simply don’t have enough people trained to anticipate and deal with these threats. 


For the past two decades, Google has made security the cornerstone of our product strategy. We don’t just plug security holes, we work to eliminate entire classes of threats for consumers and businesses whose work depends on our services. We keep more users safe than anyone else in the world — blocking malware, phishing attempts, spam messages, and potential cyber attacks. We’ve published over 160 academic research papers on computer security, privacy, and abuse prevention, and we warn other software companies of weaknesses in their systems. And dedicated teams like our Threat Analysis Group work to counter government-backed hacking and attacks against Google and our users, making the internet safer for everyone.


Extending the zero-trust security model 

We’re one of the pioneers inzero-trust computing, in which no person, device, or network enjoys inherent trust.  Trust that allows access to information must be earned.  We’ve learned a lot about both the power and the challenges of running this model at scale. 


Implemented properly, zero-trust computing provides the highest level of security for organizations.  We support the White House effort to deploy this model across the federal government. 


As government and industry work together to develop and implement zero-trust solutions for employee access to corporate assets, we also need to apply the approach to production environments. This is necessary to address events like Solarwinds, where attackers used access to the production environment to compromise dozens of outside entities. The U.S. government can encourage adoption by expanding zero-trust guidelines and reference architecture language in the Executive Order implementation process to include production environments, which in addition to application segmentation substantially improves an organization’s defense in depth strategy. 


Securing the software supply chain 

Following the Solarwinds attack, the software world gained a deeper understanding of the real risks and ramifications of supply chain attacks. Today, the vast majority of modern software development makes use of open source software, including software incorporated in many aspects of critical infrastructure and national security systems. Despite this, there is no formal requirement or standard for maintaining the security of that software. Most of the work that is done to enhance the security of open source software, including fixing known vulnerabilities, is done on an ad hoc basis. 


That’s why we worked with the Open Source Security Foundation (OpenSSF) to develop and release Supply Chain Levels for Software Artifacts (SLSA or “salsa”), a proven framework for securing the software supply chain. In our view, wide support for and adoption of the SLSA framework will raise the security bar for the entire software ecosystem. 


To further advance our work and the broader community’s work in this space, we committed to invest in the expansion of the application of our SLSA framework to protect the key components of open-source software widely used by many organizations. We also pledged to provide $100 million to support third-party foundations, like OpenSSF, that manage open source security priorities and help fix vulnerabilities.


Strengthening the digital security skills of the American workforce

Robust cybersecurity ultimately depends on having the people to implement it. That includes people with digital skills capable of designing and executing cybersecurity solutions, as well as promoting awareness of cybersecurity risks and protocols among the broader population. In short, we need more and better computer security education and training.  


Over the next three years, we're pledging to help 100,000 Americans earn Google Career Certificates in fields like IT Support and Data Analytics to learn in-demand skills including data privacy and security. The certificates are industry-recognized and supported credentials that equip Americans with the skills they need to get high-paying, high-growth jobs. To date, more than half of our graduates have come from backgrounds underserved in tech (Black, Latinx, veteran, or female). 46% of our graduates come from the lowest income tertile in the country. And the results are strong: 82% of our graduates report a positive career impact within six months of graduation. Additionally, we will train over 10 million Americans in digital skills from basic to advanced by 2023.


Leading the world in cybersecurity is critical to our national security. Today’s meeting at the White House was both an acknowledgment of the threats we face and a call to action to address them. It emphasized cybersecurity as a global imperative and encouraged new ways of thinking and partnering across government, industry and academia. We look forward to working with the Administration and others to define and drive a new era in cybersecurity. Our collective safety, economic growth, and future innovation depend on it.


New intelligent suggestions for formulas and functions in Google Sheets

Quick summary 

You’ll now see in-line, sequential, context-aware suggestions for formulas and functions when working with data in Google Sheets. 

Formula suggestions will make it easier to write new formulas accurately and help make data analysis quicker and easier.

Simply begin inserting a formula in Sheets—suggestions will be automatically displayed and as you continue to type. You can view additional incremental suggestions in the drop-down menu.

Google Sheets will intelligently suggest formulas and functions as you work with data in Sheets.


We hope these formula suggestions make it easier and faster for you to work with and analyze your data.

Getting started

  • Admins: There is no admin control for this feature.
  • End users: This feature will be available  by default and can be disabled by going to Tools > Enable formula suggestions or from the three-dot menu of the suggestion dialog box. Visit the Help Center to learn more about using formulas and functions in Google Sheets

Rollout pace


Availability

  • Available to all Google Workspace customers, as well as G Suite Basic and Business customers
  • Available to users with personal Google accounts

Resources