Browse articles, resources, and the latest product updates.
As organizations continue to adopt new digital practices and transfer to more cloud-native strategies, digital security becomes increasingly important. Cloud migration can help businesses achieve maximum productivity, but the bigger digital landscape that it provides also means more opportunities for cyber attacks. What is Cloud Security?Cloud security is made up of a wide variety of procedures, technologies, policies, services, and controls that are designed to protect cloud-based applications and systems from various kinds of attacks. There are three main categories of cloud security: Software-as-a-Service (SaaS): any on-demand application software that is ready-to-use and cloud-hosted. Infrastructure-as-a-Service (IaaS): back-end infrastructure that provides on-demand access to both physical and virtual servers for managing workloads and running cloud-based applications Platform-as-a-Service (PaaS): any on-demand access to a ready-to-use, cloud-hosted platform, primarily used for developing, running and maintaining various applications. The Shared Responsibility ModelSome organizations use a shared responsibility model for their cloud security. This model delineates security responsibilities between the customer and the provider to ensure more robust security and safer processes. The shared responsibility model establishes the responsibilities and accountability that:Are always the provider’s Are always the customer’s Depend on the service model Cloud Security ChallengesBroader Area of AttackComplex cloud environments with dynamic workloads require tools that must work seamlessly across any applicable providers and at scale. Because of the cloud’s ever-evolving landscape, risks of Malware, Zero-Day, Account Takeover, and other attacks are always a concern. Privilege ManagementGranting user privileges to those outside an organization or to those who have not been properly trained can lead to malicious attacks, data deletion, and other security risks. This makes it more important than ever to keep privileges organized and grant them only to those in an organization who need them. Compliance and LegalWhile cloud providers are backed by accreditation programs, it is still the responsibility of customers to ensure that their processes are compliant with government regulations. Because of the dynamic landscape that comes with cloud computing, this can become complicated Security That EvolvesZero TrustFirst introduced in 2010, Zero Trust is a principle according to which a system does not automatically trust anyone or anything outside an organization’s network and requires verification and inspection. Users who have access are confined to using only the tools and applications that they require. Furthermore, Zero Trust requires developers to ensure that any web-facing applications have the proper security. Security Service Edge (SSE)Zero Trust is an important part of SSE, which provides secure access to the internet and an organization’s private applications, as well as SaaS and cloud applications. This allows for more streamlined and robust security while also making costs more predictable and reducing operational overhead. The Pillars of Cloud SecurityTo ensure that there are no gaps in security between cloud-based applications and that security solutions can scale in a dynamic cloud environment, there are several best practices organizations should follow. Identity and Access Management (IAM)IAM helps to regulate access to tools and applications in cloud environments. This ensures that there are no users within the cloud who have access where they shouldn’t.Data Protection and EncryptionEncryption should be used for any and all transport layers, and all file shares should be secured. Good data storage practices should also be followed, such as terminating orphan resources and detecting and optimizing misconfigured buckets. Detection ControlsThe use of asset and configuration management systems and vulnerability scanners is beneficial for cloud security and offers a better view of the landscape, as well as any threats looming over the horizon. Anomaly detection algorithms also use AI to quickly detect unknown threats and determine the best course of action. Incident ResponseIncident response should be automated as much as possible. By automating responses to the most common threats and security breaches, IT teams can spend time working on more complex tasks that require human solutions. Learn more about cloud security from our community members today!
It seems like there isn't a day that goes by where new technologies are being introduced or sunsetted in an effort to keep up with the dynamic digital landscape. In an ever-evolving digital world, it's only natural that business practices and technologies evolve in tandem. Two such practices are always at the forefront of this conversation due to their importance to organizations’ digital presences: business analytics and business intelligence. Business Analytics & Business Intelligence: Understanding the DifferenceWhile both practices are vitally important to an organization's healthy digital presence, business analytics and business intelligence are somewhat different. Nevertheless, understanding how both processes work is paramount in developing a sound digital strategy. By harnessing the power of both business analytics and business intelligence as individual services, organizations can understand how powerful both are when used in collaboration. Business IntelligenceBusiness intelligence is often defined as the process that organizations use to generate relevant data reports that can be used to further develop strategy. Business intelligence systems usually consist of four main parts.Data WarehouseThis is where all important company data (from both external and internal sources) is stored. These locations often prioritize the safety of all stored data while remaining easily accessible to applicable employees. Business Performance Management (BPM) ImplementationsBPM tools are vital in benchmarking any progress made towards an organization's goals. These tools often present this data on dashboards where viewers can easily digest the given data. The User DashboardThis is where most eyes will be glued. These dashboards display all relevant information with regard to an organization's goals and often feature data reports and easily digestible scorecards. Better yet, they are often completely customizable so that the most important data is always a click away. Business Analytics or Data Management ImplementationsBusiness analytics (or data management) tools crawl and flag information throughout the data warehouse. That data can then be used by organizations to identify areas of opportunity or those that need further optimization. Business AnalyticsNow we can begin to see how business analytics works best as one part of the entire makeup of business intelligence practices. Essentially, business analytics takes the data found using business intelligence practices and turns it into actionable insights that organizations can use to meet goals. There are four recognizable facets of business analytics. While each can be used individually to gather valuable data, organizations tend to use each in some capacity to get a more complete picture of their data across the board. Descriptive Analytics - "What Happened"Dashboards and scorecards that present an organization's most important data are usually made up of descriptive analytics. This allows any viewer to get a better understanding of any anomalies that are occurring or have occurred. Diagnostic Analytics - "Why it Happened"Diagnostic analytics help organizations to understand why something has happened or will happen. Drill-down data is used to find historical correlations. By looking at this data as a whole, diagnostic analytics can identify repeating patterns of historical behavior, allowing organizations to focus on areas of optimization or better prepare for the future. Predictive Analytics - "What Will Happen Next"Predictive analytics are used every day in countless industries and offer organizations a prediction of events that are likely to happen. This powerful practice helps retailers to understand future consumer spending habits, allows medical organizations to pre-determine patient illnesses, and can even be used to help determine the outcome of court cases. Prescriptive Analytics - "What Should We Do Next"If all other forms of business intelligence are about the “what's” and “why's” of data anomalies, prescriptive analytics are all about taking action. This practice leverages optimization opportunities and decision modeling to help determine the best actions to take for the best possible outcome. Analytics in Action - Quantum MetricBased out of Colorado Springs, Quantum Metric began with the singular goal of improving how organizations use their data. Using a groundbreaking process called Continuous Product Design, they aim to help businesses understand their customers' needs and build digital products faster and better. By harnessing the power of accurate and detailed analytics practices, Quantum Metric has made a name for itself by helping organizations alleviate the frustration that can come with data unfamiliarity. After an organization understands the "how" and "why" of what they're seeing, Quantum Metric can take it to the next level by optimizing marketing campaigns and tracing the customer journey for an overall enhanced customer experience. Google Cloud and Quantum Metric are proud to have partnered together to deliver unparalleled cloud and technology support to strengthen customers in a diverse range of industries. In addition to its partnership with Google Cloud, Quantum Metric is also a partner to C2C Global. Visit our website today to learn more about becoming one of our partners.
Trevor Marshall (@tmarshall), CTO of Current, first joined C2C in person at a 2Gather event in New York City as a guest of our partners at DoiT International. At that event, Trevor coined the unofficial Google Cloud marketing slogan “come for the credits, stay for the kubernetes,” and took home some ideas about C2C partner AMD’s compute instances. At the Cloud Adoption Summit in New York on September 12, 2023, Trevor returned for a customer panel and a fireside chat with DoiT Field Sales Manager Meryl Hayes (@merylhayes).After the event, we caught up with Trevor to see what he thought of AMD’s offerings, get his thoughts on the hysteria over generative AI, and look back on his past as a concert musician. Read on below for a short interview with Trevor, a full recording of his conversation with Meryl, and a fireside chat on security and compliance with Wayne White and Lawrence Chin (@LawrenceChin) of C2C partner Palo Alto Networks. At 2Gather: New York City, you spoke onstage with Michael Brzezinski from AMD. When we spoke afterward, you mentioned you had been considering the AMD-powered C2D compute instances for a proof of concept you were working on. Did you work with AMD on that at all? We tried spinning up some workloads. We have a very C2-heavy stack. Most of what we do is throughput-based. We’re not keeping stake in a lot of processes, so a lot of the compute optimization chips that we’re using are the best thing for what we’re looking for, and that’s most likely going to be the case going forward. Because it’s the C2 family, we get the benefit of any other underlying actual physical substrate coming through. and the benefit of those improvements. We’ll probably stick with that family over the next couple of years in case something else emerges. Did you see or hear anything at this event that applied to your work in a similar way? We’ve been PCI compliant for a couple of years. We’re getting our SOC 2 attestation this year, so standardized control frameworks regarding regulatory oversight and technical oversight have been top of mind. There was a nice presentation from Palo Alto Networks regarding some of what’s on the horizon when it comes to technical regulation, so it was good to see that. We’ll probably look at some of what they call harmonized frameworks, because there’s all sorts of ways of looking at basically the same technical control, and so we’ve taken that approach in the past and we’ll probably just revisit that. Especially now that we’re attesting to multiple certifications. That was cool to see and get more information about. At 2Gather: NYC, you mentioned the tendency of some coders to get carried away experimenting with a new “sweet tool.” Do you have any thoughts about how to manage that tendency when it comes to generative AI? I think that there’s quite a lot of moral hazard that’s emerging. It’s so easy to now get auto-generated code through Copilot or through other products that are emerging. No doubt, if you are an efficient developer, you can leverage that type of technology to become more efficient, produce more code, and things like that, but it’s going to lead pretty quickly to an abstraction and a disconnect away from the actual business logic itself, where something goes wrong in production, you don’t really know what’s happening, and you’re probably going to produce less efficient code.Now, maybe some of these autosuggestions get so much better than the human that eventually they take care of it, but you always end up––and this is the nature of our systems––when we think about ourselves as engineers, we don’t really hold ourselves to the same high standards that a mechanical engineer would where the tolerance is zero percent for failure. Software engineering has always had this built-in, “hey. some things are going to go wrong, but we’ll have incident response and we’ll make sure that we’re operating as correctly as possible.” Especially for a company like us, where we’re in financial services, reliability is super important for us. As these gen-AI code production things come into production, and that “sweet-tooling” of, “oh, look at this sweet intelligent plug-in that now writes half my code,” I’d just keep an eye over the next couple of years on some postmortems that emerge from code that was not written by a human. I read that you used to be a musician. What was your instrument? I played orchestral percussion and I wrote music. Did anything from your music background carry over to what you do in technology? Two big things came for me from my music background. The first was discipline. I was very hardcore, conservative. I was at the Juilliard precollege. Every Saturday from 8 a.m. to 8 p.m., I’m doing music, and then every day besides that I’m practicing 5 hours a day. I wasn’t big into sports. I wasn’t that big into education at the time. Knowing what it took to be exceptional in a true meritocracy, which until very recently, especially in classical music, it’s still pretty much a complete meritocracy. There are some political navigations around that, but for the most part, you can’t fake being a great musician, because everyone ends up finding out in some way or another. Even if you look at the hyper-produced artist, what they have is beyond music, as in image. There’s an artistic integrity generally that’s really hard to fake, so that discipline was really important.The second thing was the creativity with writing music. Actually, a lot of the abstractions that would come up in writing music with metric modulation, those immediately had applications into algebra when I started studying math in college, which is the direction I took once I went to undergrad. It tickles the same part of the brain. So I think those were the two big things: the ability to imagine something and turn that into reality through creativity––you have to completely understand what you’re trying to produce when you’re writing music––and then the discipline of actually being able to produce it and get it to that place that you’re thinking of. DoiT and Current at Cloud Adoption Summit New York City: Palo Alto Networks at Cloud Adoption Summit New York City: Extra Credit:
Google Cloud, CB4, Resonai, Panorays June 14th, 2023 Tel Aviv At this 2Gather event, a panel discussion led by Carine Lev Lahav from Google Cloud focused on both solutions and challenges surrounding leveraging data in order to enhance growth for cloud enterprises. From data analytics to security, the event had an interactive question and answer session that covered a range of topics that involved innovating the cloud journey. Demi Ben- Ari from Panaroys, Natalie Rozenboim from Resonai and Dana Rosenfeld from CB4 provided insights on how they have used specific strategies to enhance the use of the cloud within their own organizations.Palo Alto Networks also shared the benefits of the Prisma Cloud platform. Prisma Cloud secures applications from code to cloud, allowing DevOps teams to collaborate in a secure enviornment. The major advantages of Prisma Cloud include that it has decreased training issues that occur due to the reliance on security tools from external vendors. The platform also helps to avoid friction between security and development teams with cloud-to-code protection. Prisma Cloud’s approach is rooted in going from point security tools to transparent visibility and protection in real-time.
In March 2023, we fielded the C2C Member Pulse to observe trends, skill gaps, and challenges in Google Cloud and how our members use community to enrich their cloud experience. This infographic highlights a portion of the findings. As a valued member of the Google Cloud customer community, we understand that each of you is on a unique journey with Google Cloud. Some of you may be well-versed and advanced in your Google Cloud usage, some are exploring and building business cases, and others may be anywhere in the middle of that spectrum. We recognize that not all cloud investments are the same, considering the wide range of products and services offered by Google Cloud.We also understand that respondents’ overall level of investment in Google Cloud—whether their own choice or their company’s choice—changes to meet digital transformation needs. These findings shed light on the investments made, talent needs, and solution usage patterns within our community, which helps us prioritize how to grow our network, foster connections, and curate content in our community. Investments in Google Cloud The survey results indicate that the majority of respondents, regardless of organizational size, are making increased investments in Google Cloud. Overall, respondents are either maintaining or expanding their investments in Google Cloud. The primary reason for increased investments is the integration and consolidation of systems on the Google Cloud platform, closing in on a digital-native or cloud-first approach. On the other hand, some respondents have reported decreased investments due to transitioning to other cloud vendors, with Amazon Web Services (AWS) and Azure being the most commonly mentioned alternatives. It's worth noting that a percentage (21%) of respondents were unsure about the changes in their investment levels, possibly indicating limited involvement in the decision-making process. Google Cloud Talent As organizations increase their investments in Google Cloud, it becomes evident that there is a growing need for skilled Google Cloud talent. Interestingly, the most common way organizations find skilled talent is by having their permanent staff learn Google Cloud skills on the job. This was also consistent across all organization sizes—no matter how many people may be available to work on these products, they’ll all be learning as they go, emphasizing the ongoing learning and development required for effectively working with Google Cloud products. Solution Area Usage Among the technologies respondents use most, identity and security, as well as data cloud products, take the lead. This aligns with the challenges faced in data maintenance and integration, highlighting the significance of these solution areas.Although AI and ML are among the least currently used technologies, they are the top Google Cloud products that respondents are planning to use at their organizations. This reflects how AI will be increasingly sought-after in the future. AI-enabled software was also noted as a top technology that will be needed for future digital transformation efforts.Respondents are least aware of startup and SMB solutions from Google Cloud. More guidance may be needed to support this solution, as it is the solution most respondents have no plans to use (16%). That said, many more respondents who belong to organizations that have been active for less than one year are currently using Startup and SMB solutions (48%) with 87% awareness and 23% planning to use. Visualizing It All Take a look at how the community ranks the options they were given for Google Cloud investment levels, nurturing Google Cloud talent, and solution area usage. View image as a full-scale PDF here. Get the Most of Community As members of our community, your voices shape our initiatives. While we learned a lot about you collectively in this survey, we also want to meet your needs as an individual. Take a moment to update your profile today, and ensure you're receiving the most relevant and valuable content tailored specifically for your interests. Update Your Preferences
Lytics, Wpromote, Google Cloud. 2Gather Los Angeles June 6th 2023 Buzz Hays, Global Lead Entertainment Industry Solutions and Iman Ghanizada @iman, Global Head of Autonomic Security at Google Cloud opened the event by discussing that the purpose of AI is to improve what people are already doing. Whether they are writers or animators in a designated industry, AI aims to enhance the paintbrush for an artist. With trying to provide businesses with better tools, many questions surrounding security and data arose. One major question was regarding how to collect effective data that would result in projects using AI. A primary example that was discussed during the event was the entertainment industry. Many applications of AI within this industry need a sufficient amount of customer data to be developed. For the entertainment industry, identifying ad breaks and suggested content for streaming platforms are examples of AI use cases. Jascha Kaykas-Wolff from Lytics stated that mature organizations can adapt to data pipelines. Working across different departments makes the decision making process a lot easier, because it demonstrates how data is useful to certain parts of the organization. Paul Dumois , the CTO of Wpromote, also stated that businesses need to focus on specific problems to solve and retrieve data that will be helpful in providing solutions to these issues. Overall, the discussions between the panel and the audience highlighted that AI has many moving parts and trends. An organization should focus on a specific area and start with a singular project to learn about the challenges and dynamics of working with AI in real time. Additionally, analyzing the core metrics of a business and receiving top-down support can help to utilize resources when setting up projects or tasks associated with AI.
Chris Swan (@cpswan), Engineer, At Sign, and Steve Bryen, Director of Engineering Experience, Oxbotica Let’s Talk Tech London: Cloud Conversations with Kelsey Hightower May 11, 2023 For Let’s Talk Tech London, C2C brought its Cloud Conversations with Kelsey Hightower series to the UK and Ireland region for a packed program featuring multiple sessions led by Google’s Principal Developer Advocate. The schedule included an AMA and customer panel with Kelsey and partner sessions hosted by Appsbroker, Workspot, and SADA. At Sign Engineer Chris Swan, who came out specifically to see and meet Kelsey, was not disappointed. “He was on fire,” Chris says. “He absolutely smashed it.” What Chris hadn’t expected was to get actionable tips about security from the C2C partners onsite, and to set a meeting with Steve Bryen of Oxbotica. Will Plano (@Will Plano), a Senior Software Engineer on Steve’s team, who also showed up excited to meet Kelsey, ended up signing up for Appsbroker’s free courses after sitting in on their session. Chris Swan, Engineer, At Sign
In April, C2C hosted its first 2Gather event in the Atlanta, Georgia area, a unique installment of the Let’s Talk Tech series, cohosted with Google Cloud and featuring Google Principal Developer Advocate Kelsey Hightower. Kelsey joined a roster of distinguished speakers including Alex Barnes, Head of Infrastructure at Calendly, Russ Ayres, Senior Vice President of Security Architecture and Engineering at Equifax, and Rae Williams, Director of Customer Engineering at Google, for a full program of conversations tackling some of the biggest issues facing the cloud technology space today. Read on below for a roundup of some of the terms, products, and themes the conversations covered. Open source: Any software whose source code is freely available to all users for collaborative review. Russ and Alex are both sympathizers with open source philosophy, and Kelsey is a veteran of the open source community. In his words, “When you go out into the open-source world, you get to define technology for the world.”Serverless: A cloud computing model allowing customers to access resources allocated by providers on demand without having to interact with a server, which Kelsey called “The final chapter of a mature compute pattern.”Platform engineering: Streamlining infrastructure to make tools and services immediately available to teams for operation and use. According to Alex, platform engineering allows an organization to “present all capabilities as things you can consume programmatically to unlock velocity.”Configuration management: The process for ensuring that products and systems maintain the same design and perform the same way. Russ contrasted configuration management from policy with the mantra, “If it was appropriately written it would be following the policy.” KubernetesGoogle’s open-source containerization solution for software deployment and scaling has been setting standards and unlocking potential in the cloud space for nearly a decade. Kelsey’s history with Kubernetes is well known, and Rae made sure to capitalize on the opportunity to press him for his comments in front of a live audience. For context, Kelsey compared Kubernetes to contemporary projects in DevOps, insisting that DevOps engineers too often miss the forest for the trees. “What Kubernetes represents is a ten-year-old pattern for assigning software to servers,” he said. “It’s the system you would build if you had the big picture.” CalendlyCalendly is a business communication platform offering unique scheduling solutions for organizations looking to maximize efficiency. Head of Infrastructure Alex Barnes joined Aiven Vice President of Product Marketing Amy Krishnamohan (@amy.km) for a fireside chat about the company’s journey on Google Cloud. Calendly was initially built on Ruby on Rails, but later wanted to invest in Kubernetes. Google was an obvious choice for a hosting solution, especially since calendar management is so essential to the company’s offerings. “Google Calendar is a massive part of what we interact with,” Alex explained. “How better to build on that relationship than to build on their platform?”Alex expanded on these comments via email after event. “The partnership with Aiven and Google Cloud has allowed us to build a robust cloud data infrastructure that can handle the demands of our users,” he told C2C. “And it has given us the flexibility to scale up quickly, without having to worry about managing the underlying infrastructure.” AIPredictably, many members of the audience were excited to ask questions about recent developments in AI. Kelsey was quick to dispel any notions that AI is going to make tech professionals irrelevant or push them out of the market. Instead, he said, AI is providing a new baseline for innovation. When looking at generative AI solutions like ChatGPT, Kelsey said, users and developers should ask, “What is the dataset, and where is that dataset created?” Tech practitioners can still develop new solutions beyond the limits of the datasets used to train these products. “If ChatGPT can generate the code,” Kelsey told the audience, “It means we need a different interface.” SecuritySecurity was the main focus of Russ’s comments during the customer panel with Alex and Kelsey. As Senior Vice President of Security Architecture and Engineering at Equifax, Russ is responsible for securing highly sensitive personal data at one of the leading financial services organizations. However, Russ originally came to security as a developer. Coming from that background, Russ believes that “Good security is good engineering,” and vice versa. “Most security solutions try to be everything to everyone,” he added. From his point of view, though, teams should aim to build with purpose on the front end so that solutions are designed to run efficiently and at scale with minimal risk. Hear from more industry leaders on these topics and join the conversation in person at our upcoming 2Gather event in Los Angeles: 2Gather Los Angeles: The Future is Now, Security and AI
A company becomes the victim of ransomware every 11 seconds. Despite billions of dollars spent to thwart ransomware attacks, an astonishing 66% of companies fell victim to these attacks in 2021, according to Sophos's State of Ransomware 2022 report. Organizations must take precautions to stop attacks before they happen, because recovering from ransomware takes a minimum of 30 days.Ransomware numbers are rising everywhere—by attack volume, ransom demands, and average ransom payments. And as threat sophistication increases, virtually every industry is experiencing growing incident rates. No organization is immune. Although attacks may seem inevitable, defensive measures should always be in place, and they're most effective when paired with a strong ransomware recovery plan.Google, NetApp, and Workspot are working together to help customers create a ransomware recovery plan. By using a proven storage platform, innovative clean cloud, and global cloud PCs, they're able to restore productivity for thousands of users around the globe within minutes. At a recent 2Chat event, speakers from these companies discussed the impact of ransomware on organizations and how you can improve your storage options by: Creating an isolated project Preparing regions for capacity Provisioning cloud PCs globally Connecting to NetApp CVS for secure access to files and data Watch a full recording of the conversation here:
As a result of a partnership between Google and Canonical, the launch of Ubuntu Pro provides critical integration options for Google Cloud. Customers now have access to expanded security coverage, patching, and compliance features for public clouds using open-source software.The C2C team was pleased to be able to invite Hugo Huang, Product Manager at Canonical and Ubuntu, to give a presentation on Ubuntu Pro and Google Cloud integration options and sit down afterward for a chat with our community. This session introduced the full product portfolio, including segments on:Using the latest Ubuntu features to secure the Open Source software supply chain A hands-on tutorial for an in-place upgrade from Ubuntu LTS to Ubuntu Pro A demo to create Ubuntu 22.04 on Google CloudWatch the full recording here:
On June 14, C2C hosted an event in Google’s Cambridge office. We believe in-person connections are invaluable to everyone in our community, especially when our members are able to immediately converse with amazing speakers who are sharing their journeys and business outcomes.The stories from this event—presented on stage from Google Cloud customers, partners, and employees—can all be reviewed below. Introduction from Google Yee-chen Tjie (@yeetjie), Google Cloud Life Sciences Head of Customer Engineering, kicked off the program at C2C Connect Live: Cambridge with a few words about how Google is using 10x thinking to make major unique and substantial investments in Healthcare and Life Sciences technology. Tjie made a point of mentioning Google’s record of solving problems using AI and ML, particularly with AlphaFold 2, the focus of the presentation Luke Ge of Intel gave later in the afternoon.After his opening remarks, Tjie hosted a round of Google trivia, inviting everyone in the audience to stand and then sit down every time they answered one of his true-or-false questions incorrectly. After guessing whether Google Suite was initially offered on CD in 2006 (false), the first Google Doodle was about Coachella because the founders were going (false––they were going to Burning Man), and the English translation of Kubernetes is “cargo ship” (false––it’s “pilot”), Tjie handed the lucky winner a free Google hub device. CISO Healthcare and Life Sciences Reflections Before beginning his presentation, Taylor Lehmann (@taylorlehmann1), Director of the Office of the CISO at Google Cloud, thanked the hosts for the opportunity to join and speak, noting that he had just had his “mind blown” talking to fellow presenter Jonathan Sheffi before the event. Lehmann went on to discuss some of the core principles of invisible security, and his office’s mission to “get to this vision where security is unavoidable.” A big part of this project, he explained, is eliminating the shared responsibility model in favor of what Google calls “shared fate.” Under this model, Google provides blueprints, solutions, and curated patterns to enable customers to manage their own security infrastructures. “If you have a bad day on Google Cloud, it’s a bad day for us too,” he summarized. “If you win on Google Cloud, you win too.” The History and Future of Human Genomics Jonathan Sheffi (@sheffi) formerly a Director of Product Strategy at Veeva Systems and Google Cloud, began his presentation by prodding the audience with an enthusiastic “How’s everyone doing?” and then added “First rule of public speaking, make sure the audience is awake.” The focus of Sheffi’s presentation, the history and future of human genomics, took the audience back to the year 1990, when, in Sheffi’s words, “Nirvana’s Nevermind is a year from coming out, it’s a very exciting time.”Sheffi went on to cover the advents of next-gen sequencing and of public cloud computing, government and pharmaceutical adoption of genomic sequencing, and recent cost-cutting advancements in genomics. When he opened things up to the audience for questions, Michael Preston of Healthcare Triangle shared his own experience seeking treatment for melanoma to ask how genomic sequencing can be used to predict patient reactions to prescribed medications. Sheffi took the question to heart, and acknowledged the need for sequencing and screening processes that take into account data on patient-reported side effects. End-to-End Optimization of AlphaFold2 on Intel Architecture Luke Ge (@Liangwei77ge) an AI Solution Specialist at Intel, opened his presentation by saying, “Yesterday I spent 6 hours on a plane to come to this beautiful city,” prompting a round of applause form the audience. Then he asked “How many of you are using Alphafold 2?” A few hands went up. He followed up with, “How many of you have heard of Alphafold 2?” Many more hands raised.Ge’s presentation explored how analyzing human tissue from DNA to protein structure requires using AI for processing huge sequence data. The Google product that handles this processing is AlphaFold 2. Ge explained how Intel’s computing hardware supports Alphafold 2, including by providing a deep Learning model inference and removing memory bottlenecks in AlphaFold 2’s attention and evoformer modules. At the end of his presentation, Ge demonstrated a model generated using non-optimized versus optimized Alphafold 2 code. The difference was clear. Panel Discussion Tjie moderated the panel discussion with Sheffi and Ge by asking each whether he is a Celtics fan or a Warriors fan. Immediately, the tension in the room rose: Sheffi and Ge are from opposite coasts, making Sheffi a Celtics fan and Ge a Warriors fan. The tension was short-lived, however. When Tjie asked Ge what he considers the best way to choose a compute instance, Sheffi followed up to ask Ge if it’s possible to run multiple sequences on a single instance and maintain performance. Ge said yes.When Tjie opened questions to the audience, several guests rose to ask Sheffi questions about genomic sequencing, more than one of them focusing on use cases for genomic research for patients and caregivers. After several of these questions in a row, Tjie turned to the crowd and said, “I warned Luke that if he picked the Warriors then he would get less questions from the audience.” After the laughs in the room died down, Tjie asked Ge where he sees HCLS problems being solved with AI. Ge did not have to think long before citing computer vision as a solution for detecting cancerous cells. Winding Down Following the presentations, all in attendance broke away to connect during a networking reception. To read more about it, check out the exclusive onsite report linked below in the Extra Credit section. Extra Credit
On April 12, 2022, C2C France Team Leads Antoine Castex (@antoine.castex) and Guillaume Blaquiere (@guillaume blaquiere) were excited to welcome Policy Intelligence Product Manager Vandhana Ramadurai to join a powerful session for the Google Cloud space in France and beyond. These sessions intend to bring together a community of cloud experts and customers to connect, learn, and shape the future of cloud. The following points summarize the key takeaways from Ramadurai’s presentation: Policy Intelligence is a suite of 4 major tools which simplify security and IAM (identity and access management) at the project, folder, and organization levels. IAM Recommender analyses, understands, and proposes new roles after an observation period of 90 days. The feature uses AI to increase recommendation accuracy. The least privilege principle is important, but can be complex to enforce at project, folder, and organization level. IAM Recommender helps in that respect, and users can easily enforce or roll back the recommendation with a simple click (or API call). IAM Simulator is a solution for users or organizations who may not trust AI to enforce recommendations. Users can manage IAM policy changes and simulate their potential impact. User accounts or service accounts may not have the permissions required to execute certain actions. IAM Troubleshooter understands mission roles and permissions and grants those required, without breaking the least privilege principle. IAM Analyser, the final tool in the Policy Intelligence suite, lists the permissions granted a user to access a certain resource, the account assigned a specific permission or role, or a combination of both. This tool is particularly useful for auditing granted permissions. The Policy Intelligence tools continue to evolve to include all the developing features in the IAM space (denied policy, for example). In the future, the flagship product, IAM recommender, will include more ability to customize the duration of the observation period. Despite its 60-minute time limit, this conversation didn’t stop. Policy Intelligence is a hot topic, and it certainly kept everyone’s attention. The group spent time discussing asset inventory, AI and ML modeling, and various topics in IAM including security, least privilege, and trust. Ramadurai also fielded questions from attendees, including Damien Morellet (@dmorellet) of SFEIR, who wanted to know if Policy Intelligence includes a dry run feature (it does!). Watch the full video of the event below to learn more about this suite of tools and the many features and use cases of each one: Preview What's Next These upcoming C2C events will cover other major topics of interest that didn’t make it to the discussion floor this time around: Extra Credit Looking for more Google Cloud products, news, and resources? We got you. The following links were shared with attendees and are now available to you! https://youtu.be/IAhJs3-0RoY IAM Recommander IAM Simulator IAM Troubleshooter IAM Analyser
Information Week recently invited C2C Global President Josh Berman (@josh.berman) to contribute an article about the shared roles of businesses and cloud service providers in ensuring cloud security. For broader perspective on this critical topic, Berman spoke with Paul Lewis, CTO of Pythian, a C2C Foundational Platinum Partner and Google Cloud Premier Partner, about the nuanced distinction between “Security of the Cloud” and “Security in the Cloud.”In the article, Berman identifies a series of emerging cybersecurity threats and enumerates a core set of best practices for preventing them—shared responsibility, identity and access management control, security by design, active monitoring, and data protection—ending with a reminder: “Do not stand still.” The considerations Berman offers are many, but all speak to one common essential value: accountability. In Berman’s words, “Cloud security is only effective if businesses and their cloud providers fundamentally agree and share responsibility. They must work in tandem.” Read the full text of the article at Information Week. Extra Credit:
Personal development and professional development are among the hottest topics within our community. At C2C, we’re passionate about helping Google Cloud users grow in their careers. This article is part of a larger collection of Google Cloud certification path resources.The Google Cloud Professional Security Engineer works to verify all controls related to security operations, network security, and compliance within a company’s cloud infrastructure. Exam takers should be prepared to design, develop, configure, and manage secure workloads and data access.The skills a security professional brings to any team help to protect a business’s assets from malicious attacks by identifying threats and applying security best practices. In a fully secure environment, these configurations also shield the business from misstepping in areas of high legal risk. Worldwide, privacy and data protection is trending in national legislative measures, with approximately two thirds of all countries having passed laws and about a dozen more with drafts prepared. And while GDPR-like laws regulate all sectors, cloud security professionals are especially in demand for the financial services, ecommerce, tech, healthcare, and life sciences industries.These laws are turning consumer privacy into a hot topic, but consumer privacy is not the only security concern businesses need to keep in check. In the United States, for example, an executive order was passed earlier this year to improve the nation’s cybersecurity measures. Given the ever-evolving landscape of cybersecurity regulations and the continually expanding arsenal of security technologies, security skills are some of the most in-demand skills in cloud technology professions. However, cybersecurity certifications aren’t limited to security engineers. Across the board, these are the most popular cross-certifications among the respondents to Global Knowledge’s IT Skills and Salary Report. Whether your goal is to specialize in a security role or to boost your credentials and close skill gaps on security-related issues in another cloud technology role, we have answers to the following:What experience should I have before taking this exam? What roles and job titles does Google Cloud Professional Security Engineer certification best prepare me for? Which topics do I need to brush up on before taking the exam? Where can I find resources and study guides for Google Cloud Professional Data Engineer certification? Where can I connect with fellow community members to get my questions answered? View image as a full-scale PDF here. Extra CreditGoogle Cloud’s certification page: Professional Cloud Security Engineer Example questions Exam guide Coursera: Preparing for Google Cloud Certification: Cloud Security Engineer Professional Certification Pluralsight: Preparing for the Google Cloud Professional Security Engineer Exam AwesomeGCP Cloud Security Engineer Playlist Global Knowledge IT Skills and Salary Report 2020 Looking for information about a different Google Cloud certification? Check out the directory in the Google Cloud Certifications Overview.
Cloud security is an emerging technology, and even some of the most seasoned professionals in the cloud community are still learning how it works, or at least thinking about it. If all of your data is stored on the cloud, and all of your apps are running on it, you want to know that those apps and that data are secure, and knowing that the cloud is an open, shared environment might not be an immediate comfort. Luckily, the cloud offers all kinds of security resources you can’t access anywhere else. Understanding how these resources can protect your data and assets is crucial to doing the best work possible in a cloud environment. Vijeta Pai is a C2C contributor and Google Cloud expert whose website Cloud Demystified provides comics and other educational content that makes cloud security accessible and intelligible to the average Google Cloud user. C2C recently invited Pai to give a presentation and host a discussion on all things cloud security, from threat modeling to shared responsibility arrangements to best practices, drawing on her work with Cloud Demystified as well as the content she’s published on the C2C blog. Watch her full presentation below, and read on for some of the key conversations from her C2C Talks: Cloud Security Demystified. After providing some background on types of cloud providers (public, private, and hybrid) and the different elements of cloud security (technologies, processes, controls, and policies), Pai broke down the STRIDE threat model. This model defines every type of cybersecurity attack a cloud security system might be required to prevent. The six types are Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. Watch below for Pai’s breakdown of the definitions and associated security considerations of each one: Next, Pai explained the different possible models used to share the responsibility for security between an organization and a cloud provider. The three models are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), and each allocates responsibility for people, data, applications, and the operating system (OS) differently: Pai kicked off the open discussion portion with a comprehensive review of cloud security best practices, which referred back to a post she wrote for the C2C blog, 10 Best Practices for Cloud Security in Application Development. As she does in the post, Pai went through these strategies one by one, from Identity and Access Management Control to Data Encryption to Firewalls. For anyone in the process of actively implementing their cloud security measures, Pai’s full answer is worth the watch: A unique opportunity for C2C members is the ability to ask questions directly to the experts, and Pai fielded several questions about specific aspects of the technology of Google Cloud itself. The first question came from C2C member Dickson Victor (@Vick), who was concerned with whether the cloud can support better security than an on-premise system. Pai’s answer spoke to the heart of the issue for most prospective cloud users: the policies, processes, and resources available in an open environment like the cloud versus those available in a locked, private system. Her response was nothing but encouraging: Pai also took a moment to let C2C community member Lokesh Lakhwani (@llakhwani17) plug the Google Cloud Security Summit, the first-ever tech summit on cloud security: The discussion wrapped up with a question about cybersecurity insurance and whether it might become an entire industry once cloud security becomes a new standard. Pai wasn’t sure how quickly the industry would explode. Still, she thinks there is room out there for growth and innovation, precisely because of the extent to which technology has become a necessary part of day-to-day life for so many people living through the COVID-19 pandemic, including Pai’s mother, who lives and works in India. Moreover, the more we live our lives on the cloud, the more we will need cloud security, which, to Pai, means there is plenty of opportunities right now for cybersecurity insurance companies to make their mark: Do you have questions or concerns about cloud security that Pai didn’t answer in this session? Feel free to share them in the comments and also to connect with Pai directly. You can find her on LinkedIn or join C2C to keep up with her work and get in touch with other tech professionals working in the cloud security field.
There is a lot of buzz around cloud security on Google Cloud Platform, involving terms and jargon that sound intimidating to beginners and experts alike. Security isn’t an abstract concept but something we practice in our day-to-day life, consciously or subconsciously. Applying security best practices and identifying threats on the cloud is possible.Vijeta Pai (@Vijeta90), technology leader, creator of Cloud Demystified, and regular contributor to C2C hosted this C2C Talks. The presentation portion from this session includes:(1:25) Speaker introduction (3:25) Types of cloud providers Public cloud and space shared between organizations Private cloud and space exclusive for one organization Hybrid cloud using both public and private clouds (9:05) Cloud security technologies, processes, controls, and policies (11:45) STRIDE threat model (17:00) Security as a shared responsibility for IaaS, PaaS, and SaaS (19:45) Google Cloud risk protection program (21:10) Overview of Vijeta’s best practices for cloud security in application developmentOther resources:
Transforming a global manufacturing powerhouse, like Southwire, to a cloud provider is a significant decision. But with 30 years of experience in IT and manufacturing to pull from, Dan Stuart knew the right questions to ask to drive the right decision for Southwire as it navigated a cyberattack, refreshed its hardware, and was in growth mode. As a result, in July 2020, Southwire migrated its SAP environment to Google Cloud Platform, setting a benchmark in the industry for successfully moving an entrenched manufacturing business to the cloud. “Southwire is building a foundation for growth and innovation with the cloud, beginning with the migration of its core SAP business systems and services to Google Cloud,” said Rob Enslin, President at Google Cloud. “We’re proud that Southwire has selected Google Cloud to power its digital transformation.”But how was that decision made? Weren’t there concerns about the business, and more importantly, how secure is it? C2C sat down with Stuart, the senior vice president of IT services at Southwire.“So, I was looking at security, scalability, and modernization of our whole industry, which needed to be fast, flexible, and agile,” Stuart recounted. “But I also wanted to replace our current data centers and move into a more standard Cloud Platform cloud environment, and Google was the right one for us.”A bright brick backyard offset Stuart’s tall frame and created a perfect yellow hue surrounding him, perhaps the light or his proud disposition; Stuart’s confidence in the decision beamed through the Google Meet window. After all, the decision was tough and occurred at an even more challenging time for Southwire, but it proved to be profoundly beneficial, especially when it came to security. “When it comes to security, and you look at the competition out there, Google surpasses,” Stuart said. “From the encryption piece of it, right up and down to their security monitoring, they know what they’re doing.” Google Cloud truly does take security seriously. Their data centers are built with custom-designed servers that run their own operating systems for security and performance. With more than 500 security engineers, Google also has the best minds focused on thwarting risks and is focused on continuous improvement. “As we all know, security just keeps getting more complicated and complicated, and having a partner like Google that you know will stay on top of their game is exactly what we needed,” Stuart said. Completing the Migration To complete the migration, Southwire ran through four major cycles of testing, which occurred over more than ten weeks and involved more than 4,000 scripts. Given the ongoing COVID-19 pandemic, they did the entire operation remotely via conference calls and Microsoft® Teams.The move to Google Cloud will ensure that Southwire remains up to date on the latest supported systems, improves security protocols, and provides a solid foundation for future upgrades, tools, and services to benefit both the organization and its customers.“By moving the SAP environment to Google Cloud, this creates a secure, flexible and scalable environment for Southwire to embark on new projects that move the company forward in areas of strategy important to the long-term growth of the company,” Stuart said. Making the Decision Beyond Google Cloud Platform’s reputation, there were a handful of critical decisions and lessons learned. Among them, which will be shared in more detail in the upcoming Navigator, Stuart said the ability to have a fast and seamless migration was the most important. As they prepared to migrate, the Google Cloud Platform move wasn’t the only major IT project happening. They updated the enhancement pack, the process orchestrator, updated to BW/4HANA. “We didn’t miss a production beat,” Stuart said with emphasis. “We kept on track of our outages at our manufacturing shops, and everything went seamless. Google brought the support; they put the people that needed to be there on this team from the beginning, middle, and at the end.” The 71-year-old manufacturing business just made history. Despite not having any Google experience, they were able to make it happen, and it’s been proven to be a wise decision. Google provided training, education, and a strong governance program, too. But, setting up a governance program earlier in the process is one lesson Stuart can offer others making a lift and shift like this, “Make sure you got the governance in place, make sure you got the right architects helping you build your bill of materials for your deployment of Google and get that training and education upfront for your associates,” Stuart said. “It'll make them more relaxed at knowing what Google's doing, why they're doing it, and what they can expect, and it's helped set the expectations.” Join Us! Stuart sits down with Chief Customer Officer Sean Chinkski for a C2C Navigators discussion on May 18. Register below and bring your questions; Stuart will be answering them live.
This blog from Jian Zhen, Product Manager for Google Cloud, discusses the increasing need for securing access to SaaS applications and introduces a new whitepaper resource for Google Cloud customers.Our new whitepaper, “Secure access to SaaS applications with BeyondCorp Enterprise,'' outlines common scenarios for IT leaders to consider, and provides guidance for how they can approach each one. As with any new deployment, there are a number of security factors organizations must consider, such as: How to govern zero trust access to sanctioned SaaS applications How to prevent leakage of sensitive data from SaaS applications How to prevent malware transfers and lateral movements via sanctioned applications How to prevent visits to phishing URLs embedded in application content Share your thoughts:Have you adopted a zero trust model? What questions do you have about BeyondCorp Enterprise? How are you securing access to SaaS applications?
With the growing adoption of Google Cloud technologies, knowledge of security has gained paramount importance over the years. It is crucial to understand the technologies, policies, processes, and controls to secure Google Cloud Platform applications. Cloud technologies and security go hand in hand, as cybersecurity threats can invade your applications and affect your business’s confidentiality, integrity, and availability. Security is a shared responsibility of the application owner and cloud provider, and it’s essential to understand how to build a robust security model. We have listed 10 security best practices to help keep your cloud environment secure. Understand Your Cloud Locations and Services Understanding your cloud locations and services is a critical best practice to keep your applications secure. Google Cloud services and products are built on top of the core infrastructure, which has in-built security features like access control, segmentation, and data control. However, you need to know how your data is stored, encrypted, and managed to ensure your information is secure. Google Cloud has VPCs, or Virtual Private Cloud, which is an on-demand pool of shared resources. VPC are isolated from each other and can talk through VPC peering. You can control all network ingress, inbound, and egress outbound traffic to any resource via simple firewall rules. When designing a robust security model, the first step is knowing how your applications are hosted and what Google provides all security services and products.Google’s data loss prevention API helps you discover, classify, and protect your sensitive data. It’s a fully managed service that inspects your structured and unstructured data, helping you gain insight and reduce any risk to your data applications. Understand Your External and Internal Security Threats Understanding and being aware of your internal and external threats can help you stay proactive and keep your applications secure. Hazards can be present anywhere, and it’s useful to understand the STRIDE Threat Model to keep on top of all the threats your applications can face on Google Cloud.STRIDE stands for spoofing, tampering, repudiation, denial of service, and elevation of privilege. The infographic below explains each of these threats. Google Cloud Armor helps protect your applications against denial of services and has built-in security against L3 and L4 DDoS attacks. Leveraging this for your applications on Google Cloud can help provide an additional security layer against any of the threats outlined in the STRIDE model. Identity and Access Management Control IAM is a framework of policies and processes defined by the cloud provider to make sure users have appropriate permissions to access resources, applications, and data on the cloud. IAM helps secure the data, prevent unwanted threats, and ensure all the users have the right amount of access to get their work done. Google Cloud Platform has many services and products to protect users and applications by understanding, managing, and controlling access.All resources on Google Cloud are managed hierarchically and are grouped into four parts- organization, folders, projects, and resources. For example, a company using Google Cloud is the top node, followed by folder, project, and resources. Each resource has only one parent, and children inherit the policies of their parents. So, by default, policies set at the organization node are inherited by all the folders, projects, and resources under that organization. Resource Manager lets you centrally manage these resources by projects, folder, and organization. A fundamental way to filter out unwanted users is to set up a robust authentication framework, which gives access only to the users who can validate their identity. Google Authenticator lets you do that without having to put in any extra effort. However, cloud Identity provides additional solutions to secure your account, device, and workspace with advanced protection and password-vaulted applications. You can choose from various solutions like Single Sign-on (one-click access to applications), multi-factor authentication (using two or more devices to validate identity), and endpoint management. To guard access to your applications, you can use Identity-Aware Proxy. You can verify who is trying to access your application and grant access accordingly. This move helps implement a zero-trust model, along with centralized access control. IAP can protect access to applications hosted on Google Cloud, any other cloud, or even on-premise infrastructure. Here are some of the IAM best practices that you can follow to keep the data in your applications secure. Active Monitoring Actively monitoring your environment and application helps discover potential intruders who may be lurking around and targeting your applications’ data. Knowing who is accessing your data and monitoring any suspicious activity can help you stay proactive and keep your applications secure. Google Cloud Monitoring, formerly known as Stackdriver Monitoring, helps monitor, troubleshoot, and improve your applications’ performance on Google Cloud. It’s a fully managed, scalable service that provides easy-to-view and access dashboards with several performance indicators and notifications/alerts. Understand the Shared Responsibility Model Google Cloud Platform provides various services ranging from highly managed (Function as a Service) to highly customizable (Infrastructure as a Service). Each service comes with its security responsibility model. The following diagram shows Google’s Compute offerings, which you can use to run your applications. Knowing and understanding these services would act as a stepping stone to design the shared responsibility model. Like Cloud Functions or Firebase, highly managed offerings have more built-in security than highly customizable offerings that provide more flexibility to the users. The following diagram illustrates the shared security model based on the type of service offering to run your applications. Keep Your Data Encrypted When all data is converted into a secret code or encrypted, the information’s true meaning is hidden. Encryption ensures that the data is not accessible by anyone other than the ones allowed to access it.Google Cloud Platform encrypts data at rest by default, which means it encrypts the data stored by you with no additional action required. Data is encrypted before the application writes it to your disk. A set of master keys encrypt each key and applies to almost all data you have on the cloud. If you have more sensitive data, you can manage your encryption key. For this, you have customer-supplied, and customer-managed keys. The below image compares these two options to help you make the right choice. Thorough Vulnerability and Penetration Testing This complicated term means putting on the hat of the attacker and thinking like one. By this method, the organizations or the cloud service providers attack their infrastructure to test the stability and discover vulnerabilities allowing them to catch and fix vulnerabilities before any outsider can find them. Google Cloud Platform provides a Web Security Scanner as a part of the Security Command Center to detect critical vulnerabilities in your applications, even before its deployment. It identifies vulnerabilities in your App Engine, Kubernetes Engine, and Compute Engine instances and lets you stay ahead in the security game. Establish and Manage Firewalls A firewall is simply a wall or barrier attached to the system to prevent intruders from getting inside. In cloud computing, they are rules attached to systems to block unauthorized access while allowing outward communication.Setting security rules on incoming and outgoing traffic would help establish a barrier between the intruders and the system by filtering traffic inside and blocking outsiders from gaining unwanted access to the data.To allow or deny connections from your virtual machine (VM), you can apply firewall rules in your Virtual Private Cloud (VPC). Within the configuration, you can set, identify and enforce VPC firewall rules allowing you to protect your applications regardless of their configuration and operating system, even if they have not started up. Manage and Institute Cloud Security Guidelines Instituting and managing security best practices and guidelines for the organization is essential to ensure your applications’ safety. It’s necessary to streamline processes to ensure the staff, stakeholders, partners, and leadership are on the same page. Google Cloud has many security partner products you can leverage for all your security needs. Apart from that, they have several infrastructures, data protection, logging, and compliance partners who can guide you and your organization to formulate the best guidelines for your applications. To secure your applications and scan non-compliance resources in your infrastructure, you can leverage open-source tools like Forseti and Config Validator.Here’s a snapshot of some of the partners who can guide you in your security needs on Google Cloud. You can view the complete list under the resources section of this article. Train Your Staff The last but critical best practice is to keep your staff up to date on security threats and best practices. Any security measure is of no use if the organization does not follow it. It’s of paramount importance to ensure everyone is aware of security threats and follow the organization’s best practices instituted. Google Cloud provides training, whitepapers, articles, and support to ensure compliance with all the industry standards to keep your applications secure. Visual Learner? Resource for You. Extra CreditHere are some resources that you can use to understand cloud security better and design a robust security framework for your applications on the Google Cloud Platform: Coursera Professional Certificate on Google Cloud Platform Security Google Cloud Platform Security Best Practices Repository Google Data Loss Prevention API Documentation Google Cloud Virtual Private Cloud (VPC) Documentation Forseti and Config Validator Google Cloud Platform Documentation Google Cloud Platform Security Partners Google Cloud Web Security Scanner Documentation Google Cloud Monitoring Documentation Cloud Identity-Aware Proxy Documentation Cloud Identity Documentation Resource Manager Documentation Google Encryption Documentation Google Cloud Armor Documentation
C2C Deep Dives invite members of the community to bring their questions directly to presenters.Do you have questions about all the options for securing communication between serverless compute products on Google Cloud? In this C2C Deep Dive, Guillaume Blaquiere (@guillaume blaquiere), cloud architect at Sfeir, covered OAuth 2 token usages between access token and identity token, virtual private cloud (VPC) access and private networks access, load balancers, ingress, and egress. Watch the video to learn how you can start taking control of your serverless infrastructure, and see how Guillaume answers the following common security questions:What about the patch management? How do you manage the network? How do you ensure HA? How do you control the access “from” and “to” the service? How do you mitigate DDoS?Download the slides.
Vijeta Pai, a Google Cloud expert, and technology leader demystifies cloud using illustrations, comics, and easy-to-understand explanations. Today, we're bringing you her post about Identity Access Management (IAM). What is IAM? Simply put, it's a framework of policies and processes defined by the Cloud Provider to make sure users have appropriate permissions to access resources, applications, and data on the Cloud. This helps not only secure the data and prevent unwanted threats but also makes sure all the users have the right amount of access to get their work done.There are three main parts to Identity Access Management (IAM) in Google Cloud Platform (GCP). They are Members, Roles, and Policies. You can read more about them on Pai's website, Cloud Demystified. Visual learner? Check out the comic Best Practices On her blog, you'll also find some of the best practices that Google Cloud suggests for IAM, but here is a highlight. Get Connected Keep up with her on the C2C community platform (join here!). Extra Credit Google Cloud IAM DocumentationCloud IAM on QwiklabsIdentity and Access Management (Coursera)
Known as a prominent programmer and entrepreneur in the tech space, Andi Gutmans today serves as the General Manager and VP of engineering for databases at Google Cloud. He is responsible for overseeing a group whose goal is to support customers with their data journeys and with transforming their businesses.“It’s a three-step journey,” he said. “We take them through migration, modernization, and then transformation. The best part of what we do is being able to innovate on behalf of our customers.”Innovating is something Gutmans does well. He co-created PHP, the programming language that is the most widely used web language for creating dynamic web pages, and he also co-founded Zend Technologies, which continues to do much of the work in further developing PHP. Gutmans doesn’t shy away from new challenges. He instead thrives on finding solutions for them. “All customers want to eventually get to transformation,” he said. “But it’s not always easy to make the full leap in one step. I’m excited about the opportunity to partner with them on that journey and to really enable that transformation.”Watch the whole interview below.
This article was originally published on November 20, 2020.Hailed as one of the “Founding Fathers” of the internet for co-creating PHP, Andi Gutmans is just getting started. To discuss his new role at Google and the future of data, Gutmans joins C2C for a discussion in our sixth installment of our thought leadership series where we don’t hold back on both the fun and challenging questions. As a four-citizenship-holding and engineering powerhouse, Gutmans brings a global perspective to both tech and coffee creation.“I love making espresso and improving my latte art,” he mused. “I always say, if tech doesn’t work out for me, that’s where you’re going to find me.But, when he isn’t daydreaming about turning it all in to own a coffee shop and become a barista, he leads the operational database group as the GM and VP of engineering and databases at Google.“Our goal is building a strategy and vision that is very closely aligned with what our customers need,” he said. “Then, my organization works with customers to define what that road map looks like, deliver that, and then operate the most scalable, reliable, and secure service in the cloud.”It’s an enormous responsibility, but Gutmans and his team met the challenge to three steps: migration, modernization, and transformation. They accomplished this, even though they’ve never met in person—Gutmans started working at Google during the COVID-19 pandemic.Driven to support customers through their data journeys as they move to the cloud and transform their business, he digs into the how, the why, and more during the conversation, video above, but these are the five points you should know:Lift, Shift, TransformThe pandemic has changed the way everyone is doing business. For some, the change comes with accelerating the shift to the cloud, but Gutmans said most customers are taking a three-step journey into the cloud.“We’re seeing customers embrace this journey into the cloud,” he said. "They’re taking a three-step journey into the cloud. Migration, which is trying to lift and shift as quickly as possible, getting out of their data center. Then modernizing their workloads, taking more advantage of some of the cloud capabilities, and then completely transforming their business.”Migrating to the cloud allows customers to spend less time managing infrastructure and more time on innovating business problems. To keep the journey frictionless for customers, he and his team are working on a service called Cloud SQL. The service is a managed MySQL, PostgreSQL, and SQL server, for clarity. They also handle any regulatory requirements customers have in various geographies.“By handling the heavy lifting for customers, they have more bandwidth for innovation,” he said. “So the focus for us is making sure we’re building the most reliable service, the most secure service, and the most scalable service.”Gutmans described how Autotrader lifted and shifted into Google’s cloud SQL service and was able to increase deployment velocity by 140% year-over-year, he said. “So, there is an instant gratification aspect of moving into the cloud.”Another benefit of the cloud is auto-remediation, backups, and restoration. Still, the challenge is determining what stays to the edge and what goes into the cloud, and, of course, security. Gutmans said he wants to work with customers and understand their pain points and thought processes better.Modernizing sometimes requires moving customers off proprietary vendors and open-source-based databases, but the Gutmans team has a plan for that. By investing in partners, they can provide customers with assessments of their databases, more flexibility, and a cost reduction.Finally, when it comes to transformation, the pandemic has redefined the scope. A virtual-focused world is reshaping how customers are doing business, so that’s where a lot of Google’s cloud-native database investments have come in, such as Cloud Spanner, Cloud, BigQuery, and Firestore.“It's really exciting to see our customers make that journey,” he said. “Those kinds of transformative examples where we innovate, making scalability seamless, making systems that are reliable, making them globally accessible, we get to help customers, you know, build for [their] future,” he said. “And seeing those events be completely uneventful from an operational perspective is probably the most gratifying piece of innovating.”Gutmans adds that transformation isn’t limited to customers that have legacy data systems. Cloud-native companies may also need to re-architect, and Google can support those transformations, too.AI Is MaturingGartner stated that by 2022, 75% of all databases would be in the cloud, and that isn’t just because of the pandemic accelerating transformation. Instead, AI is maturing, and it is allowing companies to make intelligent, data-driven decisions.“It has always been an exciting space, but I think today is more exciting than ever,” Gutmans said. “In every industry right now, we’re seeing leaders emerge that have taken a digital-first approach, so it’s caused the rest of the industries to rethink their businesses.”Data Is Only Trustworthy if It’s SecureData is quickly becoming the most valuable asset organizations have. It can help make better business decisions and help you better understand your customer and what’s happening in your supply chain. Also, analyzing your data and leveraging historicals can help improve forecasting to better target specific audiences.But with all the tools improving data accessibility and portability, security is always a huge concern. But Gutmans’ team is also dedicated to keeping security at the fore.“We put a lot of emphasis on security—we make sure our customer’s data is always encrypted by default,” he said.Not only is the data encrypted, but there are tools available to decrypt with ease.“We want to make sure that not only can the data come up, [but] we also want to make it easy for customers to take the data wherever they need it,” Gutmans said.Even with the support through the tools Gutmans’ team is working to provide customers, the customer is central, and they have all the control.“We do everything we can to ensure that only customers can govern their data in the best possible way; we also make sure to give customers tight control,” he said.As security measures increase, new data applications are emerging, including fraud detection and the convergence of operational data and analytical systems. This intersection creates powerful marketing applications, leading to improved customer experience.“There are a lot of ways you can use data to create new capabilities in your business that can help drive opportunity and reduce risk,” Gutmans said.Leverage APIs Without Adding Complexity There are two kinds of APIs, as Gutmans sees it: administration API and then API for building applications.On the provisioning side, customers can leverage the DevOps culture and automate their test staging and production environments. On the application side, Gutmans suggests using the DevOps trend of automating infrastructure as code. He points to resources available here and here to provide background on how to do this.But when it comes to applications, his answer is more concise, “if the API doesn’t reduce complexity, then don’t use them.”“I don’t subscribe to the philosophy where, like, everything has to be an API, and if not...you’re making a mistake,” he added.He recommends focusing on where you can gain the most significant agility benefit to help your business get the job done.Final Words of WisdomGutmans paused and went back to the importance of teamwork and collaboration and offered this piece of advice:“Don’t treat people the way you want to be treated; treat people the way they want to be treated.”He also added that the journey is different for each customer. Just remember to “get your data strategy right.”
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.OK
Sorry, our virus scanner detected that this file isn't safe to download.OK