What’s new at Next
Google Cloud Next ‘21 has begun! We’ll be updating this blog post throughout Next with the latest announcements about Google Cloud products, solutions, and partnerships. Just bookmark this page to get all your Next news in one handy place.
Introducing Google Distributed Cloud—in your data center, at the edge, and in the cloud
Google Distributed Cloud is a portfolio of fully managed hardware and software solutions that extend Google Cloud’s infrastructure and services to the edge and data centers. Enabled by Anthos, it’s ideal for running local data processing, low-latency edge compute workloads, modernizing on-premises environments, running sensitive workloads that meet sovereignty requirements, or deploying private 5G/LTE solutions for customers. Read the full announcement here.
Google Cloud Cortex Framework
The new Google Cloud Cortex Framework is a foundation of endorsed solution reference templates and content for customers to accelerate business outcomes with less risk, complexity, and cost. This allows customers to kickstart insights and reduce time-to-value with reference architectures, packaged services, and deployment accelerators. Customers can deploy templatized solutions from Google Cloud and our trusted partners for specific use cases and business scenarios in a faster, more cost-effective way. In our first release, customers can take advantage of a rich data foundation of building blocks and templates for SAP environments. Read the announcement.
Apigee: Native support for managing lifecycle of GraphQL APIs
Developers can now productize and manage the full lifecycle of GraphQL APIs natively in Apigee, just like REST APIs. Developers can use the GraphQL policy in Apigee to impose restrictions on the payload by setting a maximum on the number of fragments allowed, associate GraphQL with API products, leverage the OAuth2, VerifyAPIKey, and Quota policy features, just as in REST and validate and authenticate requests at the schema level.
Google Cloud Customer Awards: Results are in
Launched this year, Google Cloud Customers Awards recognize innovative thinking, technical excellence and transformation in the cloud. The standard of entries was extremely high and senior technical judges used a set framework to assess each one. Winners will be announced at Next ‘21 and trophies are being sent with our gratitude. As part of Google Cloud’s recognition program that includes Google Cloud Partner Awards, we are thrilled to celebrate our customers in this way. Read the blog.
Opening Anthos to virtual machines
Anthos for Virtual Machines is now in preview, allowing you to standardize on Kubernetes while running some workloads that cannot be easily containerized in VMs. There are two ways to use Anthos for VMs: For customers with active VMware environments, you can attach your vSphere VMs to the Anthos control plane. Alternately, Anthos for VMs allows you to shift VMs as-is onto Anthos with KubeVirt, an open-source virtualization API for Kubernetes. Read the blog.
Anthos: one multicloud management layer for all your applications
We are making it easier to use Anthos to manage workloads already running in other clouds, with the new Anthos Multi-Cloud API. Generally available in Q4 ‘21, this new API lets you provision and manage GKE clusters running on AWS and Azure infrastructure through a centralized Google-Cloud-backed control plane. Learn more here.
Introducing Cloud Build Hybrid
Having consistent CI/CD tooling across environments is critical for developers. Likewise, platform engineers are tired of putting out fires related to maintaining and scaling out CI/CD tooling. Based on an open-source Kubernetes-native Tekton CI/CD framework, the new Cloud Build Hybrid lets you build, test, and deploy across clouds and on-premise systems, while giving you the benefits of a Google-managed, ‘no-hassle’ control plane to manage all your pipelines across environments. Read the announcement.
New build integrity features in Cloud Build
Cloud Build's new build provenance and build attestation features make it easier to improve the security of your software supply chain. As part of the image's provenance, Cloud Build automatically records details like the images generated, the input sources, the build arguments, and the built time, and a new attestor allows you to deploy only trusted images using Binary Authorization. Learn more here.
Managed Service for Prometheus is in preview
Google Cloud’s operations suite already offers Cloud Monitoring for those who want a fully managed metrics service. However, if you just want to offload the hassle of scaling and managing Prometheus infrastructure, updates, storage, we’ve launched a preview of Managed Service for Prometheus. Keep the tools you use now: Prometheus alerting, workflows and Grafana dashboards and avoid vendor lock in. Read the blog.
Introducing Log Analytics
Many customers use the power of BigQuery to analyze logging data and get deep operational and business insights. Log Analytics (currently in preview) makes system and workload logs that are ingested into Cloud Logging available to store, manage, and analyze in BigQuery.
What’s new in serverless
You can now use the simplicity of Cloud Run with traditional workloads like applications written in Java Spring Boot, ASP.NET, and Django, among others. A new second-generation execution environment provides enhanced network and CPU performance, while discounts and CPU allocation controls allow you to save up to 25% on your compute bill. The Cloud Run/Binary Authorization integration, now GA, helps enforce policy-based deployment. Finally, longer execution times for Cloud Functions from 9 to 60 minutes and larger instance types of up to 16 GB to make it easier to build modern, serverless apps.
New GKE autopilot features
The Google Kubernetes Engine (GKE) autopilot mode of operation makes it easy for users to deploy and manage their apps on containers, and now supports committed use discounts, mutating Kubernetes webhooks, and pod-level security controls with OPA Gatekeeper. Watch the NEXT ’21 session for more information.
BeyondCorp Enterprise new features
We’re delivering new capabilities that expand the surface area for our zero trust access solution, BeyondCorp Enterprise, to cover all your apps – both modern and legacy. The new client connector, now in preview, enables identity and context-aware access to client-server applications. App Connector, also in preview, enables access to enterprise web applications outside of Google Cloud. We are also making it easier for admins to diagnose access failure, triage events, and unblock users with the new BeyondCorp Enterprise Policy Troubleshooter feature, which will GA by the end of 2021. Watch the live demo to learn more!
Improved ML-based threat protection with BeyondCorp Enterprise
Three new threat and data protection features are now generally available. First, real-time URL checks provide phishing and malicious site warnings based on a machine-learning URL reputation classification service. Additionally, customers can now customize their warning messages for upload and download analysis of malware and sensitive data. Thirdly, our dynamic malware sandboxing pipeline now leverages machine learning models to detect benign documents to avoid performing dynamic analysis on unnecessary files. Learn more here.
Introducing Google Cybersecurity Action Team (GCAT)
Today, we announced the formation of the Google Cybersecurity Action Team (GCAT). GCAT marshals experts from across Google to form what we believe will be the world’s premier security advisory team. It has a singular mission: supporting the security and digital transformation of governments, critical infrastructure, enterprises and small businesses. Building on existing security solutions engineering efforts, today the GCAT announced a Security and Resilience Framework that delivers a roadmap for a comprehensive security management program aligned with the National Institute of Standards and Technology’s Cybersecurity Framework using cloud technologies from Google Cloud and partners.
Chronicle and Security Command Center integration
To improve your detection and response capabilities, we are providing deep integration between Chronicle and Security Command Center (SCC) on Google Cloud Platform. This new integration in preview centralizes alerts and investigative workflows across the two platforms, and enables threat-specific pivots by enriching SCC alerts with intelligence on associated threat actors and entities.
Protect your sensitive data with Automatic DLP
Automatic DLP, now in preview, is a prime example of how we are making Invisible Security a reality. It’s a game-changing capability that discovers and classifies sensitive data for all the BigQuery projects across your entire organization without you needing to do a single thing. With rich insights for each table and column, you can better manage your data risk.
Introducing Ubiquitous Data Encryption solution
We’re introducing Ubiquitous Data Encryption, a solution which combines our GA Confidential Computing, External Key Management, and Cloud Storage products to seamlessly encrypt data as it’s sent to the cloud, using your external key management solution, and ensure that it can only be decrypted and run in a confidential VM environment, greatly limiting potential exposure.
Zero trust software supply chain
Today, we’re building on our zero trust software supply chain with new launches. Cloud Build is SLSA Level -1 compliant by default, with scripted builds and available provenance. With the new Build Integrity feature, Cloud Build automatically generates a verifiable build manifest - a signed certificate describing the sources that went into the build, the hashes of artifacts used, and other parameters. The manifest can be used to trace a binary to the source code and detect tampering. Binary Authorization’s integration with Cloud Build makes it easy to set up deploy-time constraints. You can also now easily pair Binary Authorization with Cloud Run to ensure only trusted images make it to production. These integrations are now generally available.
What’s new with Cloud Armor - DDoS protection and WAF service
Cloud Armor, our DDoS protection and WAF service, has new updates:
Per-client rate limiting, including two rule actions: throttle- and rate-based-ban is available in Preview, for both Standard and Managed Protection Plus tiers.
Edge security policies allow you to configure filtering and access control policies for content that is stored in cache for Cloud CDN and Cloud Storage; this feature is also now in Preview.
Adaptive Protection, our ML-based, application-layer DDoS detection and WAF protection mechanism, is now Generally Available.
New network security features and updates
The solution blueprint for Cloud network forensics and telemetry, along with a companion blog comparing methods for harvesting telemetry for network security analytics are both now available. These blogs outline the DIY way, whereas the cloud-native approach is the recently announced network-based threat detection tool, Cloud IDS, built with Palo Alto Networks, which is now in Preview.
Cloud NAT has released in Preview new scaling features: destination-based NAT rules and dynamic port allocation, while in Cloud firewalls, the Firewall Insights capability has expanded, along with hierarchical rules.
Customer Breakthrough in Industry
Contact Center AI Insights [GA Announcement]
Contact Center AI (CCAI) Insights extends the impact of Google Cloud’s CCAI solution, which lets businesses enable rich and conversational customer experiences via capabilities such as AI-powered virtual agents and Agent Assist. CCAI Insights builds on these capabilities with out-of-the-box and custom modeling techniques, making it easier for teams to use AI to mine raw contact center interaction data for actionable information, regardless of whether that data originated with a virtual or human agent.
To learn more about CCAI Insights, click here
Contract DocAI [Preview]
Contract DocAI adds to Google Cloud’s DocAI solutions, a scalable cloud-based AI platform to help businesses efficiently scan, analyze, and understand documents. Contract DocAI brings new features purpose-built for the most important and complicated documents of all: contracts. By automatically discerning important terms and the relationships among them, Contract DocAI also helps human reviewers to work more efficiently, leading to faster and less expensive contract processing, while providing new semantic lenses to categorize and analyze contract content.
To learn more about Contract DocAI, click here
Bringing the Google Magic
Data Center Transformation Specialization coming soon!
The Partner Advantage program will be launching a new Data Center Transformation Specialization scheduled for Q1 2022. This Specialization is designed for our service partners who have demonstrated success with complex Data Center Transformation of enterprise workloads from private, public clouds and on-premise to Google Cloud. Stay tuned for the upcoming formal announcement. To understand more about the area that partners who achieve this specialization will support, please read this Data Center Transformation with Google white paper and sign up to learn more.
Announcing new tools to measure—and reduce—your environmental impact
With Carbon Footprint, every Google Cloud user now has access to view and export the gross carbon emissions associated with the services you use in Google Cloud. Users can measure, track, and report their carbon footprint. And with the new integration to Unattended Project Recommender, you will also see recommendations to delete idle projects and reduce your footprint. Read more here.
Leading with Data
Vertex AI Workbench
We’re pleased to announce in public preview Vertex AI Workbench, a natural evolution of Google Cloud’s Notebook offerings, which respond to the ever-changing needs of our customers for standardized, integrated ML tooling.
Vertex AI Workbench is the single environment for data scientists to complete all of their ML work, from experimentation, to deployment, to managing and monitoring models. It is a Jupyter-based, fully-managed, scalable, enterprise-ready compute infrastructure with security controls and user management capabilities.
With Vertex AI Workbench, data analysts, data scientists, and all data and AI practitioners can analyze all their data from BigQuery, Dataproc, Spark, Looker, and Vertex AI in one interface. Vertex AI Workbench facilitates training data at scale, with fewer lines of code, and easy connectivity to our MLOps services to improve model survivability at the hand-off point to ML engineers.
Announcing GA of BigQuery Omni for Cross cloud Analytics
We are excited to announce general availability of BigQuery Omni, a multicloud analytics service that helps data and analytics teams break down barriers by using BigQuery to securely and cost-effectively analyze data across clouds. With this GA announcement, BigQuery Omni will be available to all customers later this month on Amazon Web Services and for select customers on Microsoft Azure.
BigQuery Omni enables secure connections to your S3 data in AWS or Azure Blob Storage data in Azure. Analysts can query that data directly through the familiar BigQuery user interface, bringing the power of BigQuery to where the data resides.
BigQuery Omni provides a truly differentiated solution for all your cross-cloud analytics needs through simplified secure access and a single pane of glass. Watch the multicloud session for more details.
Spanner PostgreSQL interface Preview
We announced in preview a PostgreSQL interface for Spanner. With this new feature, enterprises can now use skills and tools from the popular PostgreSQL ecosystem to take advantage of Spanner’s unmatched global scale, 99.999% availability and strong consistency. This interface supports Spanner’s rich feature set using the most popular PostgreSQL data types and SQL features, reducing the barrier of entry for building transformational applications with Spanner. Developer teams can use the tools and skills they are familiar with and have the assurance that the schemas and queries they build against the PostgreSQL interface can be easily ported to another PostgreSQL environment, if needed, giving them flexibility and peace of mind. Learn more in this blog.
Introducing Google Cloud Innovators
The Google Cloud Innovators program is here to support your journey as you grow your cloud experience. Everyone is welcome to join.
From the beginning, you will receive exclusive invitations to hear from Google Cloud executives and Developer Advocates, exclusive roadmap presentations, and a chance for an invitation to join our new series of semi-annual Innovator events.
We have many more experiences and opportunities in mind for Innovators in the coming months. Join the program to stay informed and come along on the journey. Learn more here.
Work Safer Program
Today we’re announcing Google’s new Work Safer program to help protect organizations against rising cybersecurity threats. Work Safer will provide companies with access to a range of offers that combine Google Workspace with industry-leading solutions from across Google as well from our cybersecurity partners, CrowdStrike and Palo Alto Networks.
Client-side encryption for Google Meet
In June, we announced that Client-side encryption (CSE) was available in beta for Google Drive, Docs, Sheets, and Slides. Now we’re bringing CSE to Google Meet, giving customers complete control over encryption keys while helping them meet data sovereignty and compliance requirements. We’re also pleased to announce the beta of our Key Access Service Public APIs, which enables customers to directly manage their encryption keys without the need for a third-party partner. Interested customers can sign up for the Client-side encryption beta today.
Data Loss Prevention (DLP) for Chat
DLP for Chat is now in beta. This is a continuation of our ongoing commitment to help organizations protect their sensitive data and information from getting into the wrong hands, without impacting the end-user experience. With DLP for Chat, you can enable the power of spontaneous conversation between individuals and teams, while preventing sensitive and confidential information from leaving your organization. Interested customers can sign up for the DLP for Chat beta today.
Drive labels is now generally available. Organizations are now able to classify files stored in Drive based on their sensitivity level. Labels integrate with Google Workspace Data Loss Prevention, making it easier to manage external sharing, downloading, and printing of sensitive files.
Protections against abusive content and behavior
We’re rolling out additional protections to safeguard against abusive content and behavior. If a user opens a file that we think is suspicious or dangerous, we’ll display a warning to the user to help protect them and their organization from malware, phishing, and ransomware. This functionality is now available in Google Docs and will be rolling out soon for Google Sheets and Slides.