Google Bolsters Cloud Platform Security with New Safeguards, New Pricing and More

Google introduces many different layers of security to prevent and defend against attacks and implement enterprise security policies for GCP customers introduces: Titan purpose-built chip and more.

Share online:

At Google Cloud Next '17 in San Francisco, new features bolstering security across Google Cloud Platform (GCP) and G Suite announced including indentity-aware proxy and more.

Identity-Aware Proxy (IAP) for GCP in beta can be easily deploy, and integrate with phishing-resistant security keys. It help to manage granular access to applications based on risk, and provides more secure application access from anywhere, with access determined by user, identity and group.

Data Loss Prevention (DLP) API , also in beta lets identify and redact sensitive data by letting you deep analysis content for more than 40 sensitive data types. DLP API for GCP joins DLP for Gmail and Drive, "so admins can write policies that manage sensitive data in ways that aren't possible on any other cloud," the Cloud team said.

Data Loss Prevention for GCP
Data Loss Prevention for GCP

Key Management System generally available, gives customers an ability to manage their encryption keys in a multi-tenant cloud service, without the need to maintain an on-premise key management system or hardware security module.

Security Key Enforcement (SKE) allows customers to require security keys to use as the two-step verification factor for stronger authentication whenever a user signs into G Suite or accesses a GCP resource. SKE is easy on admins, easy on users and hard on phishers.

Google Vault for Google Drive, Team Drives and Google Groups, an eDiscovery and compliance solution for G Suite allows customers to set retention policies, place legal holds, perform searches across Drive, Gmail, Hangouts and Groups and export search results to support your legal and compliance requirements

Lastly, Titan, a purpose-built chip establish hardware root of trust for both machines and peripherals on cloud infrastructure, allowing Google to more securely identify and authenticate legitimate access at hardware level.

"Purpose-built hardware such as Titan is a part of Google's layered security architecture, spanning the physical security of data centers to secure boot across hardware and software to operational security," writes Google Cloud team.

Google Titan Purpose-built Network Controller
Google Titan Purpose-built Network Controller

App Engine, launched in 2008, today gets a major expansion centered around openness and developer choice now supports "Node.js, Ruby, Java 8, Python 2.7 or 3.5, Go 1.8, plus PHP 7.1 and .NET Core," both in beta.

All these languages are backed by App Engine's 99.95% SLA.

Google Cloud Functions into public beta is a completely serverless environment to build lightweight backends and connect existing cloud services without having to manage infrastructure. And, using it mobile developers can build backends integrated with Firebase platform, as it handles events emitted from the Firebase Realtime Database, Firebase Authentication and Firebase Analytics.

BigQuery Data Transfer Service in public beta launched today, automates data export from select Google applications like Adwords, DoubleClick and YouTube directly into BigQuery, for immediate analysis and visualization.

Google Cloud Dataprep, a new serverless browser-based service dramatically cut the time it takes to prepare data for analysis, as it intelligently connects to data source, identifies data types, identifies anomalies and suggests data transformations.

"Data scientists can then visualize their data schemas until they're happy with the proposed data transformation. Dataprep then creates a data pipeline in Google Cloud Dataflow, cleans the data and exports it to BigQuery or other destinations," explains Google.

Apart from new tools and services, GCP is now availabel in three more regions: California, Montreal and the Netherlands—up from six to more than 17 locations in the future.

In addition, the number of vCPUs are now doubled helping customers to now run in an instance from 32 to 64, and up to 416GB of memory.

In the pricing front, "Committed Use Discounts" announced today provide up to 57% off the list price on Google Compute Engine, "in exchange for a one or three year purchase commitment."

"Committed Use Discounts are based on the total amount of CPU and RAM purchase, and give flexibility to use different instance and machine types; they apply automatically, even if instance types (or size) are changed," the team explained.

They are billed monthly, and are also applicable for Sustained Use Discounts to any additional usage above a commitment.

Additionally, with cut in prices for Compute Engine will offer a 5% drop to customers in US, while in Europe, a 4.9% drop and Tokyo region gets an 8% drop.

Free Tier are extended as well now from 60 days to 12 months, allowing customers to use $300 credit across all GCP services and APIs, at their own pace and schedule.

Always Free products are non-expiring usage limits that can be use to test and develop applications at no cost now include Compute Engine, Cloud Pub/Sub, Google Cloud Storage and Cloud Functions. These additions bringing the number of Always Free products up to 15.

New offerings in GCP's relational database-services portfolio announced today bring customers, a beta of Cloud SQL for PostgreSQL. Cloud SQL for PostgreSQL implements same design principles currently reflected in Cloud SQL for MySQL, and also includes all the familiar advantages of a Google Cloud service.

Improvements to MySQL and SQL Server Enterprise are made as well and include:

Cloud SQL for MySQL comes with increased performance for demanding workloads via 32-core instances with up to 208GB of RAM, and central management of resources via Identity and Access Management (IAM) controls

SQL Server Enterprise images on Google Compute Engine available now support Windows Server Failover Clustering (WSFC) and SQL Server AlwaysOn Availability Groups, both in GA.

SSD persistent disks now have increased throughput and IOPS performance, which are particularly beneficial for database and analytics workloads.

Instances with 32 vCPUs provide up to 40k read IOPS and 30k write IOPS, as well as 800 MB/s of read throughput and 400 MB/s of write throughput. Instances with 16-31 vCPUs provide up to 25k read or write IOPS, 480 MB/s of read throughput, and 240 MB/S of write throughput. Refer to these docs for complete details about Persistent Disk performance limits.

Finally, BigQuery extends its reach to query data inside Google Cloud Bigtable, the NoSQL database service designed for massive analytic or operational workloads that require low latency and high throughput (particularly common in Financial Services and IoT use cases).

The availability of Windows Partner Program announced to grow ecosystem of partners across all Google Cloud Platform (GCP).

"With our increased support for Windows workloads on the technical side, we know that GCP is joining a larger Windows and .NET ecosystem. Part of that is working with top system integrators in the Windows community to make sure that they're ready to help GCP customers take the best advantage of our platform with new and existing Windows and .NET apps and services. Towards that end, we've certified the following partners for Windows on GCP," wrties cloud team.

Kaggle joining Google Cloud, is a home to world's largest community of data scientists and machine learning enthusiasts with more than 800,000 data experts use Kaggle to explore, analyze and understand latest updates in machine learning and data analytics.

Kaggle is the best place to search and analyze public datasets, build machine learning models and grow data science expertise. It'll support machine learning training and deployment services, while offering the community the ability to store and query large datasets.

Customer Reliability Engineering (CRE) based on the principles of Site Reliability Engineering (SRE) launched last year, today gets a all new "Engineering Support," a role-based subscription model that match engineer to engineer.

With this new model, "you pay for only the roles your team needs and can decide what time-frame of support responses best suits the lifecycle stages of your applications and who in your organization needs to interact with support," wrties Google Cloud team.

Advantages of this model include:

  • You can mix and match your support levels and spend to the stages of development maturity for your projects. You can add, remove or change support levels monthly, from our Cloud Console. No more buying the highest tier for the whole company just because one project needs a 15-minute response time.
  • Prices are fixed so you know on the first day of the month what your support bill will be on the last day of the month. No more of the dreaded "success tax" where your support bill increases with cloud usage.
  • You can make adjustments month-to-month as your needs evolve, changing your support needs with shifts in your business

The model offer three choices per support seat:

  • Development engineering support is ideal for developers or QA engineers that can manage with a response within four to eight business hours, priced at $100/user per month.
  • Production engineering support provides a one-hour response time for critical issues at $250/user per month.
  • On-call engineering support pages a Google engineer and delivers a 15-minute response time 24x7 for critical issues at $1,500/user per month.

Pivotal Cloud Foundry is brought in as the first CRE technology partner, and will work hand-in-hand with Google to thoroughly review their solutions and implement changes to address identified risks to reliability.

Google also partnering with Rackspace to offer managed support for GCP.

BigQuery Data Transfer Service in private beta makes it easy for users to quickly get value from all their Google-managed advertising datasets. With just a few clicks, marketing analysts can schedule data imports from Google Adwords, DoubleClick Campaign Manager, DoubleClick for Publishers and YouTube Content and Channel Owner reports.

Cloud Dataprep in private beta is a new managed data service, built in collaboration with Trifacta, for making it faster and easier for BigQuery end-users to visually explore and prepare data for analysis without the need for dedicated data engineer resources.

New Commercial Datasets - Businesses often look for datasets (public or commercial) outside their organizational boundaries. Commercial datasets offered include financial market data from Xignite, residential real-estate valuations (historical and projected) from HouseCanary, predictions for when a house will go on sale from Remine, historical weather data from AccuWeather, and news archives from Dow Jones, all immediately ready for use in BigQuery (with more to come as new partners join the program).

Python for Google Cloud Dataflow is a fully managed data processing service supporting both batch and stream execution of pipelines. Now there's a Python SDK for Cloud Dataflow in GA.

Stackdriver Monitoring for Cloud Dataflow help access and analyze Cloud Dataflow job metrics and create alerts for specific Dataflow job conditions.

Google Cloud Datalab is an interactive data science workflow tool makes it easy to do iterative model and data analysis in a Jupyter notebook-based environment using standard SQL, Python and shell commands.

Cloud Dataproc, a fully managed service for running Apache Spark, Flink and Hadoop pipelines has new support for restarting failed jobs (including automatic restart as needed) in beta, the ability to create single-node clusters for lightweight sandbox development, in beta, GPU support, and the cloud labels feature, for more flexibility managing your Dataproc resources, is now GA.

Cloud SQL for Postgre SQL implements same design principles currently reflected in Cloud SQL for MySQL, namely, the ability to securely store and connect to your relational data via open standards.

Microsoft SQL Server Enterprise now available on Google Compute Engine, plus support for Windows Server Failover Clustering (WSFC) and SQL Server AlwaysOn Availability (GA).

Cloud SQL for MySQL increases performance for demanding workloads via 32-core instances with up to 208GB of RAM, and central management of resources via Identity and Access Management (IAM) controls.

Cloud Spanner is industry's first horizontally scalable, globally consistent, relational database service.

SSD persistent-disk now have increased throughput and IOPS performance, which are particularly beneficial for database and analytics workloads.

Federated query on Cloud Bigtable extends BigQuery's reach to query data inside Cloud Bigtable, the NoSQL database service for massive analytic or operational workloads that require low latency and high throughput (particularly common in Financial Services and IoT use cases).

Cloud Machine Learning Engine (Cloud ML Engine) is for organizations that want to train and deploy their own models into production in the cloud.

Cloud Video Intelligence API lets developers easily search and discover video content by providing information about entities (nouns such as "dog," "flower", or "human" or verbs such as "run," "swim," or "fly") inside video content.

Cloud Vision API reaches GA now recognize millions of entities from Google's Knowledge Graph and offers enhanced OCR capabilities that can extract text from scans of text-heavy documents such as legal contracts or research papers or books.

Machine learning Advanced Solution Lab (ASL) provides dedicated facilities for our customers to directly collaborate with Google's machine-learning experts to apply ML to their most pressing challenges.

Cloud Jobs API now has new features such as Commute Search, which will return relevant jobs based on desired commute time and preferred mode of transportation.

Machine Learning Startup Competition in collaboration with venture capital firms Data Collective and Emergence Capital, and with additional support from a16z, Greylock Partners, GV, Kleiner Perkins Caufield & Byers and Sequoia Capital.

Google Cloud Platform Community is a new site to learn, connect and share with other people like you, who are interested in GCP. You can follow along with tutorials or submit one yourself, find meetups in your area, and learn about community resources for GCP support, open source projects and more.

Google AppEngine Flex expands to new developer communities that emphasizes openness, developer choice, and application portability.

Cloud Functions is a serverless environment for creating event-driven applications and microservices, letting you build and connect cloud services with code.

Firebase integration with GCP - Firebase Storage is now Google Cloud Storage for Firebase and adds support for multiple buckets, support for linking to existing buckets, and integrates with Google Cloud Functions.

Cloud Container Builder, a standalone tool lets you build Docker containers on GCP regardless of deployment environment. It's a fast, reliable, and consistent way to package your software into containers as part of an automated workflow.

Community Tutorials lets anyone can now submit or request a technical how-to for Google Cloud Platform.

Google Container Engine (GKE) has added Automated Monitoring and Repair of GKE nodes, letting customers focus on their applications while Google ensures cluster is available and up-to-date.

Internal Load balancing lets you run and scale your services behind a private load balancing IP address which is accessible only to your internal instances, not the internet.

Cross-Project Networking (XPN), is a virtual network that provides a common network across several Google Cloud Platform projects, enabling simple multi-tenant deployments.

Edit Opportunities in Google Sheets let sales reps sync a Salesforce Opportunity List View to Sheets to bulk edit data and changes are synced automatically to Salesforce, no upload required.

Android Kiosk Apps for Chrome lets users manage and deploy Chrome digital signage and kiosks for both web and Android apps. And with Public Session Kiosks, IT admins can now add a number of Chrome packaged apps alongside hosted apps.

Chrome Kiosk Management Free trial gives customers an easy way to test out Chrome for signage and kiosk deployments.

Chrome Device Management (CDM) APIs for Kiosks offer programmatic access to various Kiosk policies. IT admins can schedule a device reboot through the new APIs and integrate that functionality directly in a third- party console.

Chrome Stability API allows Kiosk app developers to improve the reliability of the application and the system.

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.