If you’re like me, you may have noticed that AI has become a part of daily life. I wake up each morning and ask my smart assistant about the weather. I recently applied for a new credit card and the credit limit was likely determined by a machine learning model. And while typing the previous sentence, I got a word choice suggestion that “probably” might flow better than “likely,” a suggestion powered by AI.
As a member of Google’s Responsible Innovation team, I think a lot about how AI works and how to develop it responsibly. Recently, I spoke with Patrick Gage Kelley, Head of Research Strategy on Google’s Trust & Safety team, to learn more about developing products that help people recognize and understand AI in their daily lives.
How do you help people navigate a world with so much AI?
My goal is to ensure that people, at a basic level, know how AI works and how it impacts their lives. AI systems can be really complicated, but the goal of explaining AI isn’t to get everyone to become programmers and understand all of the technical details — it’s to make sure people understand the parts that matter to them.
When AI makes a decision that affects people (whether it’s recommending a video or qualifying for a loan), we want to explain how that decision was made. And we don’t want to just provide a complicated technical explanation, but rather, information that is meaningful, helpful, and equips people to act if needed.
We also want to find the best times to explain AI. Our goal is to help people develop AI literacy early, including in primary and secondary education. And when people use products that rely on AI (everything from online services to medical devices), we want to include a lot of chances for people to learn about the role AI plays, as well as its benefits and limitations. For example, if people are told early on what kinds of mistakes AI-powered products are likely to make, then they are better prepared to understand and remedy situations that might arise.
Do I need to be a mathematician or programmer to have a meaningful understanding of AI?
No! A good metaphor here is financial literacy. While we may not need to know every detail of what goes into interest rate hikes or the intricacies of financial markets, it’s important to know how they impact us — from paying off credit cards, to buying a home, or paying for student loans. In the same way, AI explainability isn’t about understanding every technical aspect of a machine learning algorithm – it’s about knowing how to interact with it and how it impacts our daily lives.
How should AI practitioners — developers, designers, researchers, students, and others — think about AI explainability?
Lots of practitioners are doing important work on explainability. Some focus on interpretability, making it easier to identify specific factors that influence a decision. Others focus on providing “in-the-moment explanations” right when AI makes a decision. These can be helpful, especially when carefully designed. However, AI systems are often so complex that we can’t rely on in-the-moment explanations entirely. It’s just too much information to pack into a single moment. Instead, AI education and literacy should be incorporated into the entire user journey and built continuously throughout a person’s life.
More generally, AI practitioners should think about AI explainability as fundamental to the design and development of the entire product experience. At Google, we use our AI Principles to guide responsible technology development. In accordance with AI Principle #4: “Be accountable to people,” we encourage AI practitioners to think about all the moments and ways they can help people understand how AI operates and makes decisions.
How are you and your collaborators working to improve explanations of AI?
We develop resources that help AI practitioners learn creative ways to incorporate AI explainability in product design. For example, in the PAIR Guidebook we launched a series of ethical case studies to help AI practitioners think through tricky issues and hone their skills for explaining AI. We also do fundamental research like this paper to learn more about how people perceive AI as a decision-maker, and what values they would like AI-powered products to embody.
We’ve learned that many AI practitioners want concrete examples of good explanations of AI that they can build on, so we’re currently developing a story-driven visual design toolkit for explanations of a fictional AI app. The toolkit will be publicly available, so teams in startups and tech companies everywhere can prioritize explainability in their work.
The visual design toolkit provides story-driven examples of good explanations of AI.
I want to learn more about AI explainability. Where should I start?
This February, we released an Applied Digital Skills lesson, “Discover AI in Daily Life.” It’s a great place to start for anyone who wants to learn more about how we interact with AI everyday.
We also hope to speak about AI explainability at the upcoming South by Southwest Conference. Our proposed session would dive deeper into these topics, including our visual design toolkit for product designers. If you’re interested in learning more about AI explainability and our work, you can vote for our proposal through the SXSW PanelPicker® here.
As viewers continue to shift from traditional TV to connected TV (CTV), marketers are looking for effective ways to connect with streamers and measure the reach of their campaign across a variety of CTV apps. So we’re introducing new CTV solutions in Display & Video 360 to give you the option to pick the inventory and measurement solutions that work best for you.
First we’re adding audience guarantees based on Nielsen Digital Ad Ratings (DAR) to Display & Video 360 and expanding advanced Programmatic Guaranteed features to more exchanges. Programmatic Guaranteed lets you access top CTV ad placements, combining the best of the direct deal buying experience with the automation and personalization of programmatic. Leading brands like Uber already use this buying technique to secure coveted CTV inventory around high-visibility events while still enjoying the efficiency of programmatic advertising.
Second, we’re making it simpler to buy YouTube CTV and other CTV apps in a consolidated workflow. This will give you a chance to improve your media performance by managing your campaign goals seamlessly across any CTV inventory.
CTV and video buyers often use Nielsen Digital Ad Ratings as the system of record to understand how many unique viewers they reached within their core audiences and prove campaign impact across digital media platforms. That’s why we’re launching Nielsen audience guarantees across streaming TV and video in Display & Video 360. This will make it easier to plan, buy and measure an entire connected TV upfront in Display & Video 360 in a way that’s comparable to linear TV. Being able to reach your key audiences has been central to effective traditional TV advertising — the same goes for CTV.
When setting up your guaranteed deal, you can now choose a specific age and gender demographic, like adults ages 18 to 49, and pay only for the ad impressions that reach your target audience as measured by Nielsen DAR. This feature works for all types of video campaigns — including for connected TV ads — and comes at no additional cost for advertisers.
Nielsen-based audience guarantees enable Display & Video 360 users to buy inventory programmatically and pay only for impressions that reached their target audience as reported in Digital Ad Ratings.
For now, audience guarantees are available for Programmatic Guaranteed ads running with a set of publishers on Google Ad Manager in the U.S. We look forward to onboarding more publishers and exchanges.
Speaking of expansion, we’re making Google audiences for Programmatic Guaranteed available across a variety of exchanges including Google Ad Manager but also Xandr and Magnite and looking to add more. We've already expanded capabilities for you to reach Google audiences on CTV campaigns when bidding on open auction inventory. Google audiences can help drive a higher return on investment by reaching the groups of consumers who are most likely to respond to your message based on Google’s understanding of intent. Now, you can also use Google affinity, in-market and demo segments while buying Programmatic Guaranteed deals across a variety of participating publishers, giving you even more flexibility in your audience strategies for CTV.
For these exchanges, we’re also improving how ad frequency management works for Programmatic Guaranteed deals, helping to enhance the viewing experience for your audiences. Once your campaign frequency goal is reached for certain users, whether via open auction, Programmatic Guaranteed, or a combination of the two, Display & Video 360 now stops showing ads to these users while still prioritizing and delivering the agreed number of impressions from your guaranteed deals.
We're doubling down on programmatic reservation, particularly in the growing CTV landscape. So managing frequency for Programmatic Guaranteed deals with more exchanges is critical to help us further reduce waste associated with ad overexposure.
For many marketers, simplifying campaign execution for a variety of CTV apps is fundamental to effectively reaching streamers. And Display & Video 360’s capacity to plan, manage ad frequency and measure performance across YouTube and other CTV inventory sources saves them time and money. To help CTV buyers deliver more coordinated ad campaigns, YouTube ads can now be purchased within Display & Video 360’s insertion order dedicated to connected TV ad buying. This simplified workflow features parameters designed specifically for CTV campaigns to help minimize technical blockers that typically limit reach on CTV devices. Because it puts YouTube side-by-side with other top CTV inventory, it also makes it easier to optimize for common goals or control ad frequency across your entire CTV media mix.
Test this integrated workflow and advanced Programmatic Guaranteed capabilities today and combine them with new CTV frequency management solutions in Display & Video 360 to get the most efficient reach out of your CTV deals.
We launched Google Workspace Individual over a year ago to help solo business owners reach new customers and bring their big ideas to life. Since then, customers in the U.S., Canada, Mexico, Brazil, Japan and Australia have all used it to grow, run and protect their businesses.
They’ve used Google Meet for consultations, Calendar for scheduling and customized layouts in Gmail to easily communicate in ways that reflect their brands. We’ve loved seeing how businesses of all stripes have brought their passions to the world — from caterers, creative consultants and real estate agents to pet sitters, hair stylists and life coaches.
Now, we’re launching Google Workspace Individual in Europe. This means that customers in France, Italy, Spain, Germany, the U.K., and Switzerland can benefit from new and upcoming capabilities designed to help individual business owners stay focused on what they love, and spend less time on tasks like scheduling appointments and sending emails.
We’ve recently added powerful new capabilities to Workspace Individual, including:
And soon, customers will have the ability to add e-signatures directly to Google Docs. They’ll be able to quickly execute agreements from the familiar interface of Docs, without having to switch tabs or apps. See the full list of new and coming-soon features.
With this expansion of Google Workspace Individual, solo business owners in Europe can run, grow and protect their businesses with apps they’re already familiar with. This means more time helping customers and less time scheduling, emailing and updating calendars. In the months ahead, we’ll continue to bring Workspace Individual to an expanding list of countries.
Sign up for Google Workspace Individual today with a 14-day trial, or learn more about Google Workspace Individual on our website. If you’re not a business owner but still want premium capabilities for personal use, Google Workspace premium is also now available with Google One 2TB+ plans
Google Play turned 10 this year, and we’ve been keeping the celebrations going with local developer communities around the world. It’s an extra special occasion in Asia Pacific, which is home to one of the largest app developer populations (nearly a third of the 26.9 million app developers worldwide) and one of the most engaged audiences. In fact, people in Asia Pacific download and use mobile apps more than any other region.
Developers in Asia Pacific are reaching global audiences, with hundreds of millions of downloads outside the region. Some of these apps have become global names and inspired new trends on Play, like multiplayer gaming (Mobile Legends: Bang Bang), super apps (Grab), rapid delivery e-commerce (Coupang) and fintech solutions for the unbanked (Paytm).
Let’s take a closer look at some other emerging themes on Play — like mental health, news and music — where developers in Asia Pacific are making their mark globally.
Developer: Seekrtech, Taiwan
Listed on Play: August 2014
“The main goal of Forest is to encourage users to put down their phones and focus on the more important things around them,” says Shaokan Pi, CEO of Forest. Here’s how it works — you set a focus time period, whether you’re working at the office or at dinner with friends. Once you put down your phone, a virtual tree starts growing. If you stay focused (and don’t look at your phone), the sapling grows into a big tree. And you can earn virtual coins to grow more trees, and eventually a whole forest. There’s a real-world benefit, too — thanks to a partnership between Forest and Trees for the Future, you can spend your coins to plant real trees on Earth.
The Forest team planting a tree in Kenya
Developer: SmartNews, Japan
Listed on Play: March 2013
SmartNews, which is also celebrating its 10th anniversary this year, uses artificial intelligence to collect and deliver a curated view of news from all over the world. But it’s not just an echo chamber — its News From All Sides feature shows people articles across a wide spectrum of political perspectives. SmartNews has also developed timely products like a COVID-19 dashboard and trackers for wildfires and hurricanes.
Developer: Evolve, India
Listed on Play: July 2020
Evolve, a health-tech startup supporting the wellbeing of the LGBTQ+ community, landed on Google Play’s Best of 2021 list in India. The app offers educational content for members of the LGBTQ+ community, covering topics like embracing your sexuality and coming out to loved ones. “There is a need for more customized solutions for this community,” says Anshul Kamath, co-founder of Evolve. “We hope to provide a virtual safe space where members can work on themselves and specific challenges that impact their daily mental health.”
The Evolve team with their “Best of Play” trophy in 2021
Developer: Amanotes, Vietnam
Listed on Play: February 2017
This musical game app quickly found fans in the U.S., Japan, Brazil and Russia. Magic Tiles 3 is designed to let anyone — even those without a musical background — play instruments like the piano, guitar and drums on their smartphone. You can choose from over 5,000 songs across genres like pop, rap, jazz and electronic dance music, and compete in an interactive game with others around the world.
Developer: Mom Sitter, Korea
Listed on Play: September 2021
Mom Sitter, a platform connecting parents with babysitters, topped the Play Store’s childcare category in Korea last year. But it didn’t actually start as a mobile app. It was founded as a website to help parents find babysitters while they were at work or when daycare centers were too full. After attending the ChangGoo program, Google’s training program for developers and startups in Korea, the Mom Sitter team learned they could reach more people if they went mobile. Today, caretakers all over the world use their services. “Childcare issues concern not only working women but everyone who raises children, and it’s important that they can find support,” says Jeeyea Chung, founder of Mom Sitter.
Movies and TV can make us laugh, cry and even shape who we are. Our watchlists can be surprisingly revealing. We’re teaming up with entertainers, artists and cultural icons on our Watch With Meseries on Google TV to share their top picks and give you a behind-the-scenes look at the TV and movies that inspired them.
Actress, producer and director Kerry Washington believes movies and TV have the power to influence us as individuals, and ultimately change the world. “When you step into a story and see yourself immersed in a part of the world that you’ve never been exposed to,” Kerry says, “that’s a magical experience.”
Kerry’s love for movies started when she was a young “latchkey kid” in the Bronx. Movies and TV helped connect her with others and feel a sense of belonging. “When you can connect to a story, you can connect more deeply to your humanity,” Kerry says. “ That’s why we watch, to be human and to connect to ourselves and each other.”
We sat down with Kerry to dig in more on her favorite movie and TV picks.
What do you think your watchlist says about you?
Kerry Washington: A lot of the films I love are about compassion, belonging and finding your way.
Are there specific moments where you used movies or TV to escape?
Washington: I am an only child and spent a lot of time alone. The people in shows? They were my friends.
What inspired you to create your YouTube series Street You Grew Up On?
Washington: I was so excited when we started our series, Street You Grew Up On. It was really fun because the whole point is that we are each the center of our own story. It’s really fun to talk to people we admire about the “once upon a time” in their life.
What new frontiers and environments interest you in movies and TV?
Washington: There’s all this attention on sci-fi and space travel, but [I think] there’s more real estate in the ocean that’s unexplored than in space. I think there’s magic to discover down below.
Your watchlist features many movies with mermaids. Do you believe in mermaids?
Washington: As a child, I really did think that maybe I was part mermaid. To this day, I keep trying to convince my kids that my DNA breakdown includes a percentage of mermaid.
Can movies or TV shows make any change in the world?
Washington: One of the things that I love about being a storyteller is that you really do see that hearts and minds are transformed by the best narratives.
Is it a crime to text during a movie?
Washington: I try to silence notifications so that when I’m watching, I can have as sacred an experience as possible.
Do you watch credits all the way through?
Washington: In my house, we watch the credits all the way through out of respect for the people I work with. The credits that matter the most are not just ones at the beginning of the show. It’s the folks at the end of the show that also make it happen.
Check out Kerry’s watchlist to see the incredible movies and shows that inspired this aspiring mermaid turned storyteller onGoogle TV, rolling out over the next few days. Share your favorites as well using #WatchWithMe.
The climate and energy provisions in the Inflation Reduction Act of 2022 represent the most comprehensive investments to combat climate change in U.S. history. These investments offer the opportunity to bring about a renaissance of American-made clean energy and renewed energy security, putting the country on a path to historic emissions reductions by the end of this decade.
At Google, we’ve set a goal to achieve net zero emissions across all of our operations and value chain by 2030. Our net zero goal also includes a moonshot to operate on 24/7 carbon-free energy for all of our data centers and campuses. The climate and energy provisions in the Inflation Reduction Act of 2022 will provide the glide path to the clean electricity resources needed to decarbonize U.S. grids and reach these goals. We’re founding members of the 24/7 Carbon-Free Energy Compact, a coalition of over 70 companies united in this pursuit, and I’m confident that with the tailwinds on climate and energy provided by these policy measures, that number will grow.
We’ve also integrated sustainability into our core products, like helping drivers and air passengers find fuel-efficient routes in Google Maps and Google Flights or giving homeowners the tools to efficiently heat and cool their house with a Nest Thermostat. It’s our goal to make the sustainable choice the easier choice. The clean energy and climate provisions in this bill will help amplify those small daily choices by making it easier for citizens to adopt clean electric vehicles and upgrade their homes to be more energy efficient.
Climate change is the most urgent challenge of our time. This historic climate legislation will help the country tackle that challenge, build energy resilience and power the industries of tomorrow.
Each year, Google Developer Groups (GDGs) come together for DevFest conferences around the world – not only to exchange knowledge and share experiences, but also to get inspired, celebrate the community and simply be together. It’s a cheerful gathering, focused both on technology and the people behind it.
GDGs in Ukraine organized the first DevFest in 2012. After 10 years of building a thriving community, 2022 turned out to be different for thousands of Ukrainian developers. Ever since the anti-aircraft sirens woke them up for the first time on February 24, many in the tech industry have been working non-stop for the sake of their country – helping refugees, providing medical assistance to those in need, and trying to work from bomb shelters. Luckily, they’re not alone.
The developer community in Ukraine and abroad decided to use the DevFest conference to raise awareness and funds for those in need. "This time, because of the war in my country, DevFest Ukraine is happening for Ukraine," says Vitaliy Zasadnyy, co-founder of GDG Lviv. "It's a brilliant way to celebrate the future of technology, learn new things, connect with other tech experts and raise funds for a good cause."
Fireside chat with Android team members in the London studio.
On July 14-15, DevFest for Ukraine gathered more than 20 industry-leading speakers over two days, featuring live streams from London and Lviv. From tech sessions and inspirational keynotes to networking and overviews of the latest developer tools, the event brought together people who shape the future of Android, Web and AI technologies.
Funds were raised for those in need by participants donating a sum of their choice to access the live stream and recordings after the event. Topics ranged from API design based on AndroidX libraries, to applied ML for Healthcare, to next-generation apps powered by machine learning with TensorFlow.js, and more. Check out the highlights video.
Preparing the AI Stream livestream from the studio in Lviv, Ukraine.
All the funds raised during DevFest for Ukraine go to three NGOs that are supporting the country at this turbulent time. The goal was to provide humanitarian aid and direct assistance to affected families. The GDG Ukraine team carefully selected them to ensure efficient use of funds and transparent reporting.
And here’s the best part: DevFest for Ukraine raised over $130k for the cause so far, and counting! You can still access the recorded sessions to learn about the future of tech.
At our annual Google for Korea event today, we showcased some of the most inspiring Korean creators and entrepreneurs. I also had the chance to sit down with the founders of two standout startups: AI FOR PET and Blip. Since their start, both have won over not just the people of Korea, but people all over the world.
Huh Eun-A, founder of AI FOR PET, and Kim Hong-ki, founder of Blip
AI FOR PET, founded by Huh Eun-A, has developed a smartphone app called TTcare that uses artificial intelligence (AI) to assess pets’ health. When someone takes a picture of their pet’s eyes or skin, the app assesses the image and alerts the owner if their pet is showing any concerning symptoms of eye or skin related disease. AI FOR PET was a part of this year’s Google for Startups Cloud Academy and the ChangGoo program.
Blip, founded by Kim Hong-ki, is a content platform for Korean pop (K-pop) fans to keep track of their favorite idols - including their latest updates and tour schedules. Blip, which participated in the 2021 ChangGoo program, has amassed over a million downloads on Google Play, to date. 60% of those downloads are from users outside of Korea.
So, what inspired the beginnings of your startup?
Huh Eun-A: I’m a pet owner, and know very well that like all living things, pets will fall sick at some point in their lives. I want to help fellow pet owners quickly diagnose any illnesses their pets may have, simply by using the TTcare mobile app. My hope is for animal lovers around the world to never be in the dark about their pet’s health, and for no pet to ever be without healthcare.
Kim Hong-ki: K-pop artists bring so much positive influence to fans all over the globe. I built Blip to help fans feel closer to their favorite K-Pop artists, and to let them experience the world of K-pop in a new way. My aspiration is for Blip to one day become a verb, and for people to ask the question “Who do you Blip?” instead of “Who do you love?”
What challenges did you face while growing your startup, and how did the ChangGoo program help you?
Kim: Blip’s key challenge was growing our user base of K-pop fans, and we wanted to understand how we could do that in a global and sustainable way. Google’s ChangGoo program seemed like a good place to start because it’s a well-known, highly-sought after accelerator program among Korean startups. And so in 2020, we applied to join the program with a beta version of our app but failed to get selected. That motivated us to work hard to improve the product. The next year, we tried again and were accepted. The entire Blip team was thrilled!
To me, ChangGoo feels like a program created by people who truly want to help startups. The mentors deeply cared about Blip’s team and needs, much like supportive K-pop fans. They provided insights and advice that helped us whenever we weren’t sure of our next steps.
What made you join the Google for Startups Cloud Academy, and how did the program help you?
Huh: Building out our AI was core to our product. We developed our model by first exposing it to more than a million photos of eyes so it could differentiate between canine and non-canine eyes, and then exposing it to canine eyes with and without diseases. It only took us a year to develop the model by using TensorFlow, Google’s open-source AI tool that’s accessible to all developers.
But as important as the technology was, we wanted to make sure the app experience itself was high quality, too. So we reached out to the Google for Startups Cloud Academy to help us improve the app performance - and we even got support from the very team who initially developed TensorFlow! Now, we're able to detect canine ocular disease with just a single photo at 90 percent accuracy.
The growth you’ve seen so far is really amazing! Can you share any upcoming plans for your startup?
Huh: We’re training our AI model with cat data, so that cat owners - in addition to dog owners - can use our app. We're also exploring adding capabilities to detect skin and joint conditions in pets. We’ve recently expanded to the US, and hope that with our technology and reach, we can help demonstrate that Korean startups can build great products for the whole world.
Kim: I’ll be focusing on my employees’ wellbeing. My aspiration is for Blip employees to love their job as much as our fans love their favorite artists on Blip. After all, the slogan of Blip is “Love what you love more”. I want Blip to be a workplace where every employee can do what they love and really enjoy themselves.
Even the simplest human tasks are unbelievably complex. The way we perceive and interact with the world requires a lifetime of accumulated experience and context. For example, if a person tells you, “I am running out of time,” you don’t immediately worry they are jogging on a street where the space-time continuum ceases to exist. You understand that they’re probably coming up against a deadline. And if they hurriedly walk toward a closed door, you don’t brace for a collision, because you trust this person can open the door, whether by turning a knob or pulling a handle.
A robot doesn’t innately have that understanding. And that’s the inherent challenge of programming helpful robots that can interact with humans. We know it as “Moravec's paradox” — the idea that in robotics, it’s the easiest things that are the most difficult to program a robot to do. This is because we’ve had all of human evolution to master our basic motor skills, but relatively speaking, humans have only just learned algebra.
In other words, there’s a genius to human beings — from understanding idioms to manipulating our physical environments — where it seems like we just “get it.” The same can’t be said for robots.
Today, robots by and large exist in industrial environments, and are painstakingly coded for narrow tasks. This makes it impossible for them to adapt to the unpredictability of the real world. That’s why Google Research and Everyday Robots are working together to combine the best of language models with robot learning.
Called PaLM-SayCan, this joint research uses PaLM — or Pathways Language Model — in a robot learning model running on an Everyday Robots helper robot. This effort is the first implementation that uses a large-scale language model to plan for a real robot. It not only makes it possible for people to communicate with helper robots via text or speech, but also improves the robot’s overall performance and ability to execute more complex and abstract tasks by tapping into the world knowledge encoded in the language model.
PaLM-SayCan enables the robot to understand the way we communicate, facilitating more natural interaction. Language is a reflection of the human mind’s ability to assemble tasks, put them in context and even reason through problems. Language models also contain enormous amounts of information about the world, and it turns out that can be pretty helpful to the robot. PaLM can help the robotic system process more complex, open-ended prompts and respond to them in ways that are reasonable and sensible.
PaLM-SayCan shows that a robot’s performance can be improved simply by enhancing the underlying language model. When the system was integrated with PaLM, compared to a less powerful baseline model, we saw a 14% improvement in the planning success rate, or the ability to map a viable approach to a task. We also saw a 13% improvement on the execution success rate, or ability to successfully carry out a task. This is half the number of planning mistakes made by the baseline method. The biggest improvement, at 26%, is in planning long horizon tasks, or those in which eight or more steps are involved. Here’s an example: “I left out a soda, an apple and water. Can you throw them away and then bring me a sponge to wipe the table?” Pretty demanding, if you ask me.
With PaLM, we’re seeing new capabilities emerge in the language domain such as reasoning via chain of thought prompting. This allows us to see and improve how the model interprets the task. For example, if you show the model a handful of examples with the thought process behind how to respond to a query, it learns to reason through those prompts. This is similar to how we learn by showing our work on our algebra homework.
So if you ask PaLM-SayCan, “Bring me a snack and something to wash it down with,” it uses chain of thought prompting to recognize that a bag of chips may be a good snack, and that “wash it down” means bring a drink. Then PaLM-SayCan can respond with a series of steps to accomplish this. While we’re early in our research, this is promising for a future where robots can handle complex requests.
Complexity exists in both language and the environments around us. That’s why grounding artificial intelligence in the real world is a critical part of what we do in Google Research. A language model may suggest something that appears reasonable and helpful, but may not be safe or realistic in a given setting. Robots, on the other hand, have been trained to know what is possible given the environment. By fusing language and robotic knowledge, we’re able to improve the overall performance of a robotic system.
Here’s how this works in PaLM-SayCan: PaLM suggests possible approaches to the task based on language understanding, and the robot models do the same based on the feasible skill set. The combined system then cross-references the two to help identify more helpful and achievable approaches for the robot.
For example, if you ask the language model, “I spilled my drink, can you help?,” it may suggest you try using a vacuum. This seems like a perfectly reasonable way to clean up a mess, but generally, it’s probably not a good idea to use a vacuum on a liquid spill. And if the robot can’t pick up a vacuum or operate it, it’s not a particularly helpful way to approach the task. Together, the two may instead be able to realize “bring a sponge” is both possible and more helpful.
We take a responsible approach to this research and follow Google’s AI’s Principles in the development of our robots. Safety is our number-one priority and especially important for a learning robot: It may act clumsily while exploring, but it should always be safe. We follow all the tried and true principles of robot safety, including risk assessments, physical controls, safety protocols and emergency stops. We also always implement multiple levels of safety such as force limitations and algorithmic protections to mitigate risky scenarios. PaLM-SayCan is constrained to commands that are safe for a robot to perform and was also developed to be highly interpretable, so we can clearly examine and learn from every decision the system makes.
Whether it’s moving about busy offices — or understanding common sayings — we still have many mechanical and intelligence challenges to solve in robotics. So, for now, these robots are just getting better at grabbing snacks for Googlers in our micro-kitchens.
But as we continue to uncover ways for robots to interact with our ever-changing world, we’ve found that language and robotics show enormous potential for the helpful, human-centered robots of tomorrow.
For this year’s Doodle for Google contest, we asked students across the country to illustrate a Doodle around the prompt, “I care for myself by…” In July, we announced the national finalists, and the thoughtfulness, heart and artistry of one artist stood out in particular. Today, we’re announcing Sophie Araque-Liu of Florida is our 2022 contest winner!
Sophie’s Doodle, titled “Not Alone,” speaks to the importance of leaning on your support system and asking for help in tough times. I chatted with Sophie to learn more about her and the meaning behind her Doodle, which is on the Google.com homepage today.
How did you start making art?
I started making art by doodling in my notebooks in class. Soon it shifted from something I did to pass the time when I was bored to something I looked forward to and loved to do.
Why did you enter the Doodle for Google contest?
I entered the Doodle for Google contest this year, because I really wanted to give back to my parents. I feel like it’s very hard for me to show them just how much I appreciate them, so I’m grateful for the chance to be able to show them just how much I love them and give back to them in any way I can.
I want other people to know that you are also valuable, and you are worth something too, just like anyone else.
Can you share why you chose to focus on the theme of asking for help?
I chose to focus on the theme of asking for help based on my own experiences. A couple years ago, I was struggling a lot mentally and I was honestly pretty embarrassed and scared to tell my friends and family. But when I did open up to them, I was met with so much love and support. So I really wanted to encourage others to not be afraid to look for help if they need it!
Why is self-care important to you?
Self care is important to me because I believe that mental health is just as important as physical health. For me and for so many other people, it can be easy to sacrifice too much of yourself and to push yourself too hard. I want other people to know that you are also valuable, and you are worth something too, just like anyone else.
How does it feel to be the winner of this year’s Doodle for Google contest?
It feels incredible! I truly did not think that I would win, so I am so surprised and happy! I’m really really proud of myself for making it so far, and I know the competition wasnot easy at all. I think I’m honestly in shock and I still haven’t processed it yet. It’s just so amazing and every time I think about it I can’t help but smile hard!
Congratulations, Sophie! Be sure to bookmark the Doodle for Google websitefor updates around the 2023 contest, set to open submissions again this winter.
Local news is local knowledge. It’s shared understanding. It’s a chronicle of the places we live and the culture that defines them. Local news is essential to people and their communities. But at the same time, we also recognize the job of gathering and monetizing news is increasingly challenging for local news publishers.
Today, we’re hosting more than 100 American and Canadian local news leaders at our annual Community News Summit in Chicago. Journalists and business leaders are sharing their successes and challenges in running small, community-oriented news organizations. The program features hands-on workshops on specific Google products and tools, best practices on topics such as search and sustainability, and discussion about local news consumer behavior.
Through our products, partnerships and programs, like the Google News Initiative, Google has long worked to help people cut through the noise and connect to the stories that matter most in their local communities. In June, we announced a redesigned, more customizable Google News experience for desktop to help people dive deeper into important stories and more easily find local news from around the world.
The newly redesigned Google News on desktop, with local news now easier to find.
We’ve also improved our systems so authoritative local news sources appear more often alongside national publications, when relevant, in our general news features such as Top Stories. This improvement ensures people will see authoritative local stories when they’re searching for news, helping both the brand and the content of news publishers reach more people.
We also recently introduced a new way to help people identify stories that have been frequently cited by other news organizations, giving them a simple way to find the most helpful or relevant information for a news story. This label appears on Top Stories, and you can find it on anything from an investigative article, to an interview, an announcement, a press release or a local news story, as long as other publishers indicate its relevance by linking to it. The highly cited label is currently available in English in the U.S. with plans to expand globally over the coming weeks.
An example of new information literacy tips on notices for rapidly evolving situations.
We work closely with publishers and news industry associations to build a sustainable digital future for local news media. Having a digital news revenue strategy through subscribers and advertising is a key component for local news publishers to be sustainable. That’s why we're partnering with six different news associations in the U.S., each serving a unique constituency of publishers, to develop custom programs that support their members’ digital capabilities.
In addition to publishers, we’re also working with local broadcasters. The National Association of Broadcasters’ PILOT innovation division recently launched a Google News Initiative-supported program designed to improve online audience engagement and monetization for local broadcasters. The program helps stations implement their first-party data and direct-to-consumer business models.
We’ve also launched a $15 million digital and print ad campaign placed exclusively with U.S. local news media. The campaign directly supports publishers through the purchase of ad space in their papers and on their websites, and highlights our work with local publishers across the country. We’re encouraging readers everywhere to support their local news publishers, and are showcasing publishers who have made significant contributions to their communities through innovative reporting.
Local news publishers are the heart of the communities they serve. They are one of our most trusted sources of information that impacts our daily lives. Their stories connect us to our neighbors, hold power to account, drive civic engagement and more. We hope you’ll join us and support local publishers in your area by subscribing, donating or advertising today. Together, we can help ensure a sustainable future for local news and all who depend on it.
Android 13 helps ensure your devices feel unique to you – on your terms. It comes jam-packed with new capabilities for your phone and tablet, like extending app color theming to even more apps, language settings that can be set on an app level, improved privacy controls and even the ability to copy text and media from one Android device and paste it to another with just a click.
There are many reasons to love Android 13, but here are our top 13:
1. Android 13 comes with an evolved look and style that builds on Material You. You can customize non-Google apps to match your phone’s wallpaper theme and colors, making your home screen more cohesive and unique to your style.
2. For the many Android users who speak more than one language, we’ve added a top feature request. You can assign specific languages to individual apps so you can keep your phone’s system in one language, and each of your apps in a different language.
3. Android 13 features an updated media player that tailors its look and feel based on the music or podcast you’re listening to. For example, when you’re listening to music, the media player spotlights album artwork and has a playback bar that dances as you progress through a song. It even works for media played through Chrome.
4. Your wellbeing has been an important theme for Android – and getting enough sleep is key! Android 13 allows you to further customize Bedtime mode with wallpaper dimming and dark theme. These screen options help your eyes adjust to the dark when you're about to go to bed – and get back to sleep if you wake up and check your phone in the middle of the night.
5. Gone are the days when you had to share your entire media library with your apps. In Android 13, you can select only the specific photos and videos they’ll need to access.
6. Prevent any unwanted access to your clipboard. If you copy sensitive data like your email address, phone number or login credentials on your device, Android will automatically clear your clipboard history after a period of time.
7. Android 13 helps keep your notifications under control and makes sure you only get the alerts you ask for. The apps you download will now need your explicit permission to send notifications, rather than being allowed to send notifications by default.
8. Feel like you’re in the middle of the action with Spatial Audio. On supported headphones that enable head tracking, Spatial Audio shifts the source of the sound to adapt with how you turn your head, giving you a more immersive listening experience on your Android phone or tablet.
9. When you’re on your laptop, you don’t want to break your workflow to respond to a chat from your phone. Soon, you'll be able to stream your messaging apps directly to your Chromebook so you can send and receive messages from your laptop.
10. Android 13 adopts Bluetooth Low Energy (LE) Audio, a new Bluetooth audio standard that results in lower latency than classic audio. This allows you to hear audio that’s in better sync with the sound’s source, reducing delay. With Bluetooth Low Energy (LE) Audio, you can also enjoy enhanced audio quality and broadcast audio to multiple devices at the same time.
11. You’ll soon be able to copy content — like a URL, picture, text or video — from your Android phone and paste it on your tablet. Or you can start on your tablet and paste to your phone.
12. Multitasking on your tablet is even easier with Android 13. With the newly updated taskbar on tablets, you can see all your apps at a glance and easily drag and drop any app in your library into split-screen mode.
13. Android tablets will register your palm and stylus pen as separate touches. So whether you’re writing or drawing on your tablet, you’ll experience fewer accidental stray marks that come from simply resting your hand on the screen.
Android 13 is packed with these and many other features, like HDR video support on third-party camera apps, an updated media output switcher, braille displays for Talkback and more. And it goes beyond the phone to give you a connected set of experiences across your other devices like your tablets and laptops.
Android 13 is rolling out to Pixel devices starting today. Later this year, Android 13 will also roll out to your favorite devices from Samsung Galaxy, Asus, HMD (Nokia phones), iQOO, Motorola, OnePlus, Oppo, Realme, Sharp, Sony, Tecno, vivo, Xiaomi and more.
Every year, Google’s Veterans Network (VetNet) employee resource group hosts its VetNet Career Week to offer veterans, transitioning service members and their spouses or partners the tools, support and advice needed to help translate their experience and skills into civilian careers. This year’s event partnered with over 30 companies and welcomed more than 3,000 attendees to attend panel discussions, free skill-building sessions and 1-on-1 resume reviews with Google representatives. Also unique for this year, Google partnered with Welcome.US to extend Career Week to those seeking refuge in the U.S.
Our team sat down with Googlers Chris House and Tony Mendez, who attended last year's event as participants and are now Googlers, and Jenna Clark, a Googler and veteran who volunteered at last year’s event.
There is a ton of opportunity out there, and veterans have the skills.
Can you share a little about your military background?
Tony: I enlisted in the U.S. Army in 2009 as an infantry soldier and was commissioned as one of the Army’s first cyber operations officers in 2014. I led an incident response team that investigated breaches in control systems networks for a few years, and eventually transitioned to conducting proactive security assessments.
Chris: I was in the U.S. Navy for eight years, working on a submarine and on naval nuclear reactor design and operation.
Jenna: I enlisted into the Air Force in 2002 and spent just shy of 10 years working as an all-source intelligence analyst. In the Air Force, I spent my first six years attached to an aircrew, working to keep them informed of threats in the area, and later I was transferred to an intelligence squadron.
What drew you to participate in VetNet career week?
Tony: I learned about VetNet Career Week through a friend who was considering leaving the military. I’ve always had a hobby interest in Android security and loved Google products since the Nexus 5 phone, but never thought I was “ready” to apply. I signed up for the resume review to help me articulate how my experience was relevant to a company like Google.
Jenna: When I left the military, I struggled to find an opportunity. It was after attending networking and resume workshops that I was able to get my foot in the door at a startup in Boston. Within six months, I was promoted. This is what draws me to volunteer at Career Week. Veterans have diverse skill sets that are easily transferable to corporate — we just need a chance.
Lisa Gevelber, VP of Grow with Google, Google for Startups, and Americas Marketing, hosted a fireside chat during the virtual VetNet Career Week event last year.
Fast forward one year, how does it feel to be a Googler?
Chris: It feels great! It’s an incredible place to be, and I think the aspect that I’m most enthused about is how supportive, transparent and energizing the company culture has been. I’ve enjoyed the support VetNet has offered, whether it’s through events like Career Week to guide the post-military transition process, or simple social hours where we’ve all just bonded over shared experiences in the military and at Google.
Tony: Admittedly, I didn’t match with the first team that interviewed me, but it was a blessing in disguise. My current team in Android security is a perfect fit for my skill set and managerial style. I couldn’t be happier!
Why do you think events like this are so important for the military communities and their families?
Jenna: I think it’s important because it shows support towards veterans in a very real and helpful way. There is a ton of opportunity out there, and veterans have the skills — it’s just those skills need to be translated, and that requires commitment on both sides.
Tony: It’s hard to leave an organization that so thoroughly affects all aspects of your life. VetNet Career Week helps really demonstrate caring and support for the military community that’s uncommon outside of the military.
Chris: Probably the most important aspect, for me, was just seeing how many people had made similar transitions and how many well regarded companies valued a veteran's experience. I'm grateful for the time that the Googler I chatted with invested in my resume review and supporting my transition from the military.
With thousands of highly-valued tech companies, a global-first market approach, and a strong economy dominated by entrepreneurship, it’s clear why Israel’s nickname is 'The Startup Nation.'
However, this thriving startup ecosystem isn’t equally supportive of all aspiring founders. According to the latest Israeli Tech Gender Distribution Report, spearheaded by Google for Startups and IVC Data and Insights, only 2% of startups with a woman founder raised above $50 million between 2018 and 2021. While the number of entirely women-led companies has doubled in the past decade, they still only comprise 6.3% of Israeli startups — and only 13.9% of startups had at least one woman co-founder in a mixed-gender founding team.
I fall into the latter category. My cofounder Gal Benbeniste and I met during college, where we bonded over how outdated the investment world is. What started with trying to figure out a simple way to automate became FinityX, a deep-tech startup that helps investors implement AI tools as part of their investment process to save time and resources, and improve quality.
While I have been humbled byFinityX’s rapid growth and recognition, as one of the very few women in the deep-tech space I’ve always wanted to be able to access the same capital, business networks, and mentorship readily available to my male cofounder.
So I was thrilled when Google for Startups launched a Growth Academy program tailored specifically for the needs of early-stage women founders. Based on the successful Startup Growth Lab curriculum, the program includes leadership workshops with Israeli VCs such as Entree Capital, Ibex and Viola, leadership sessions with top industry lecturers, and one-on-one Google product mentorship. “Ever since Google for Startups opened Campus Tel Aviv in 2012, diversity and inclusion has been an essential focus to our work," said Marta Mozes, marketing manager of Google for Startups in Israel. "When we discovered this data about female founders in Israel, we knew we had to be part of the change."
Meet the other Israeli entrepreneurs, representing industries from family vacation-planning to finance, who joined me at Google for Startups Growth Academy: Women Founders:
The Growth Academy: Women Founders cohort celebrating their accomplishments with the Google for Startups team and Israeli Minister of Innovation, Science and Technology, Orit Farkash HaCohen (center)
Google for Startups Growth Academy: Women Founders connected me to knowledge, tools and fields I needed to open my mind and increase my skill set. Googlers like Marta helped us with actionable skills such as how to nail our one-line pitch, how to navigate the cooling market, and the importance of a customer journey (hint: it starts at the very first meeting, and never ends). With help from Google mentors, I established FinityX’s go-to-market strategy and secured our first paying customers, including large hedge funds and brokers.
Most importantly, Growth Academy: Women Founders created a tight-knit support system of women entrepreneurs (and male allies) to help push each other forward. We can be real with one another and talk about the shiny expectations versus reality of being a founder. And now that four members of my cohort are moving their offices to Campus Tel Aviv, I’ll be able to visit any time!
Last week, three months of hard work wrapped up with a graduation ceremony, hosted by Israel’s Minister of Innovation, Science and Technology, Orit Farkash HaCohen. In the spirit of the program, women were represented in every aspect of the event — from the caterers, to the speakers and the DJ.
I think Minister HaCohen summarized my feelings about Growth Academy: Women Founders best when she said, "I am invited to many events, but this is the kind that warms the heart. This is a prime example of business leadership that engages in social change.”
Alex Mahadevan is director of MediaWiseat the Poynter Institute. He has taught digital media literacy to thousands of middle and high schoolers, and has trained hundreds of journalists from around the world in verification and digital investigative tools. We caught up with Alex to find out about a recent information literacy survey his organization conducted in partnership with YouGov, with support from Google. Learn moreabout how Google is working on information literacy and helping you spot misinformation online.
Why was this survey conducted?
Misinformation isn’t a new problem, but it’s becoming increasingly difficult to separate fact from fiction, especially on the internet. We wanted to learn more about how people across generational lines verify information and decide what to trust and share online. And we knew this research would help us expand on the educational resources MediaWise has to offer.
What were the parameters for the survey?
We surveyed more than 8,500 respondents of various ages in the United States, Brazil, the United Kingdom, Germany, Nigeria, India and Japan. We asked a wide range of questions aimed at assessing information literacy skills and verification habits. Those include queries about everything from the tools and techniques someone uses to investigate a post they see online, to the reasons why they may have shared misleading information in the past.
What are some of the biggest takeaways?
The survey found that 62% of respondents think they see false or misleading information on at least a weekly basis – that’s a staggering number. And people are aware that it’s a serious issue. Roughly 50% of all Gen X, Millennial and Gen Z respondents (these are people ages 18 to 57) said they’re concerned about their family being exposed to it.
Sixty-two percent of respondents think they see false or misleading information daily or weekly.
What did the survey tell you about how people cross-check information they find online?
Gen Zers are two times more likely than the Silent Generation (people 68 or older) to use a search engine to verify information, and also two times more likely than Baby Boomers to check social media comments to verify something they’ve seen online. They’re also more likely to use advanced search techniques, like reverse image search, or to engage in lateral reading – that’s when you open multiple tabs and perform multiple searches at once — an effective technique studied by the Stanford History Education Group.
We also learned that, when deciding if something they’ve heard or read about is true, respondents across all generations agree that the most important thing is whether conclusions are supported by sources or facts. That was important for us to see: Facts matter.
Gen Z, Millennials and Gen X feel slightly more confident in identifying false or misleading information than boomers and the Silent Generation.
Any final thoughts?
Our findings underscore how important it is to be able to trust the information you find online, and how taking the time to check multiple sources to verify what you see or to use resources like Google Search can be helpful in making sense of a complicated digital landscape. That’s why we’re working together to educate people about information literacy. We have a long running partnership with the Google News Initiative, which has provided support for projects like Find Facts Fast – our free microlearning course which anyone can take via text message or WhatsApp to improve their digital media literacy skills — and the Spanish version, MediaWise en Español.
Today we are also announcing a new partnership with Google, Poynter Institute for Media Studies, MediaWise and PBS NewsHour’s Student Reporting Labs to develop weekly information literacy lesson plans for teachers of middle and high school students across the U.S. The lesson plans will be available for free to teachers using PBS LearningMedia and for download on Poynter’s website. We’re excited to build on our partnership to give people the skills they need to recognize misinformation when they see it and help stop its spread.
People turn to Google every day for information in the moments that matter most. Sometimes that’s to look for the best recipe for dinner, other times it’s to check the facts about a claim they heard about from a friend.
No matter what you’re searching for, we aim to connect you with high-quality information, and help you understand and evaluate that information. We have deeply invested in both information quality and information literacy on Google Search and News, and today we have a few new developments about this important work.
We design our ranking systems to surface relevant information from the most reliable sources available – sources that demonstrate expertise, authoritativeness and trustworthiness. We train our systems to identify and prioritize these signals of reliability. And we’re constantly refining these systems — we make thousands of improvements every year to help people get high-quality information quickly.
Today we’re announcing one such improvement: a significant innovation to improve the quality of featured snippets. Featured snippets are the descriptive box at the top of the page that prominently highlights a piece of information from a result and the source, in response to your query. They’re helpful both for people searching on Google, and for web publishers, as featured snippets drive traffic to sites.
By using our latest AI model, Multitask Unified Model (MUM), our systems can now understand the notion of consensus, which is when multiple high-quality sources on the web all agree on the same fact. Our systems can check snippet callouts (the word or words called out above the featured snippet in a larger font) against other high-quality sources on the web, to see if there’s a general consensus for that callout, even if sources use different words or concepts to describe the same thing. We've found that this consensus-based technique has meaningfully improved the quality and helpfulness of featured snippet callouts.
With a consensus-based technique, we’re improving featured snippets.
AI models are also helping our systems understand when a featured snippet might not be the most helpful way to present information. This is particularly helpful for questions where there is no answer: for example, a recent search for “when did snoopy assassinate Abraham Lincoln” provided a snippet highlighting an accurate date and information about Lincoln’s assassination, but this clearly isn’t the most helpful way to display this result.
We’ve trained our systems to get better at detecting these sorts of false premises, which are not very common, but are cases where it’s not helpful to show a featured snippet. We’ve reduced the triggering of featured snippets in these cases by 40% with this update.
Beyond designing our systems to return high-quality information, we also build information literacy features in Google Search that help people evaluate information, whether they found it on social media or in conversations with family or friends. In fact, in a study this year, researchers found that people regularly use Google as a tool to validate information encountered on other platforms. We’ve invested in building a growing range of information literacy features — including Fact Check Explorer, Reverse image search, and About this result — and today, we’re announcing several updates to make these features even more helpful.
About this result helps you see more context about any Search result before you ever visit a web page, just by tapping the three dots next to the result. Since launching last year, people have used About this result more than 2.4 billion times, and we’re bringing it to even more people and places - with eight more languages including Portuguese (PT), French (FR), Italian (IT), German (DE), Dutch (NL), Spanish (ES), Japanese (JP) and Indonesian (ID), coming later this year.
This week, we’re adding more context to About this result, such as how widely a source is circulated, online reviews about a source or company, whether a company is owned by another entity, or even when our systems can’t find much info about a source – all pieces of information that can provide important context.
And we’ve now launched About this page in the Google app, so you can get helpful context about websites as you’re browsing the web. Just swipe up from the navigation bar on any page to get more information about the source – helping you explore with confidence, no matter where you are online.
With About this page in the Google app, you can get helpful context on websites as you’re browsing.
Sometimes interest in a breaking news topic travels faster than facts, or there isn’t enough reliable information online about a given subject. Information literacy experts often refer to these situations as data voids. To address these, we show content advisories in situations when a topic is rapidly evolving, indicating that it might be best to check back later when more sources are available.
Now we’re expanding content advisories to searches where our systems don’t have high confidence in the overall quality of the results available for the search. This doesn’t mean that no helpful information is available, or that a particular result is low-quality. These notices provide context about the whole set of results on the page, and you can always see the results for your query, even when the advisory is present.
New content advisories on searches where our systems don’t have high confidence in the overall quality of the results.
Beyond our products, we’re making investments into programs and partnerships to help educate people about misinformation. Since 2018, the Google News Initiative (GNI) has invested nearly $75 million in projects and partnerships working to strengthen media literacy and combat misinformation around the world.
Today, we’re announcing that Google is partnering with MediaWise at the Poynter Institute for Media Studies and PBS NewsHour Student Reporting Labs to develop information literacy lesson plans for teachers of middle and high school students. It will be available for free to teachers using PBS Learning Media and for download on Poynter’s website. We’ve partnered with MediaWise since it was founded. And today’s announcement builds on the GNI’s support of its microlearning course through text and WhatsApp called Find Facts Fast.
We also announced today the results of a survey conducted by the Poynter Institute and YouGov, with support from Google, on the ways people across generational lines verify information. You can read more in our blog post.
Google was built on the premise that information can be a powerful thing for people around the world. We’re determined to keep doing our part to help people everywhere find what they’re looking for and give them the context they need to make informed decisions about what they see online.
As we announced in June, we’re upgrading the Google Duo experience to include all Google Meet features and bringing our two video calling services together into a single solution. This upgrade, which started rolling out last month, gives everyone access to new features like scheduling and joining meetings, virtual backgrounds, in-meeting chat and more, in addition to your current video calling features.
Additional meeting features let you start an instant video call with your entire study group or connect with your colleagues at a recurring scheduled time. Before you join a meeting, you’ll be able to change your background or apply visual effects. During the meeting, you’ll also be able to use in-meeting chat and captions for more ways to participate.
We’re also launching live sharing for Google Meet. Live sharing allows all meeting participants to interact with the content that’s being shared. So whether you’re co-watching videos on YouTube, curating a playlist on Spotify, taking turns while playing games like Heads Up!, UNO! Mobile or Kahoot! during an ice breaker, everyone will be able to join in on the action.
Over the past few weeks, we’ve started rolling out these new features to your Duo app, and now, users are beginning to see their app name and icon update to Google Meet. This upgrade will take place throughout the month across mobile and tablet devices, and will come later for other devices. To ensure a smooth transition, keep your app updated to the latest version.
If you’re using the existing Google Meet app, there will be no change to your experience. Your existing Meet app and icon will change to Google Meet (original). You can continue using this app to join and schedule meetings, but we recommend using the updated Google Meet app to get combined video meeting and calling features all in one place. We will continue to invest in bringing more features to Google Meet to help people to connect, collaborate and share experiences on any device, at home, at school and at work.
We're committed to making the transition as smooth as possible. For more information, please see our Help Center.
Over the past three years, more than 30 million kids have read more than 120 million stories on Read Along. The app, which was first released as Bolo in India in 2019 and released globally as Read Along the following year, helps kids learn to read independently with the help of a reading assistant, Diya.
As kids read stories aloud, Diya listens and gives both correctional and encouraging feedback to help kids develop their reading skills. Read Along has been an Android app so far, and to make it accessible to more users, we have launched the public beta of the website version. The website contains the same magic: Diya’s help and hundreds of well illustrated stories across several languages.
With the web version, parents can let their children use Read Along on bigger screens by simply logging into a browser from laptops or PCs at readalong.google.com. Just like the Android app, all the speech recognition happens in the browser so children’s voice data remains private and we do not send it to any servers. You can learn more about data processing on the website version by reading our privacy policy.
The website also opens up new opportunities for teachers and education leaders around the world, who can use Read Along as a reading practice tool for students in schools. The product supports multiple popular browsers like Chrome, Firefox and Edge, with support for iOS and more browsers such as Safari coming soon. With the sign-in option, you can login from a unique account for each child on the same device. We recommend using Google Workspace for Education accounts in schools and Google accounts with Family Link at home.
In addition to the website launch, we are also adding some brand-new stories. We have partnered with two well-known YouTube content creators, ChuChu TV and USP Studios, to adapt some of their popular videos into a storybook format. Our partnership with Kutuki continues as we adapt their excellent collection of English and Hindi alphabet books and phonics books for early readers; those titles will be available later this year.
Reading is a critical skill to develop at a young age, and with Read Along Web, we are taking another step towards ensuring each kid has that option. Join us by visiting readalong.google.com and help kids learn to read with the power of their voice.
Not to brag, but I have a pretty excellent group chat with my friends. We use it to plan trips, to send happy birthdays and, obviously, to share lots and lots of GIFs. It’s the best — until it’s not. We don’t all have the same kind of phones; we’ve got both Android phones and iPhones in the mix. And sometimes, they don’t play well together. Enter “green bubble issues” — things like, missing read receipts and typing indicators, low-res photos and videos, broken group chats…I could go on describing the various potential communication breakdowns, but you probably know what I’m talking about. Instead, I decided to ask Google’s Elmar Weber: What’s the problem with messaging between different phone platforms?
First, can you tell me what you do at Google?
I lead several engineering organizations including the team that builds Google’s Messages app, which is available on most Android phones today.
OK, then you’re the perfect person to talk to! So my first question: When did this start being a problem? I remember wayback when I had my first Android phone, I would text iPhone friends…and it was fine.
Texting has been around for a long time. Basic SMS texting — which is what you’re talking about here — is 30 years old. SMS, which means Short Message Service, was originally only 160 characters. Back then you couldn’t do things like send photos or reactions or read receipts. In fact, mobile phones weren’t made for messaging, they were designed for making phone calls. To send a message you actually had to hit the number buttons to get to the letters that you’d have to spell out. But people started using it a ton, and it sort of exploded. So this global messaging industry took off. MMS (Multimedia Messaging Service) was then introduced in the early 2000s, which let people send photos and videos for the first time. But that came with a lot of limitations too.
Got it. Then the messaging apps all started building their own systems to support modern messaging features like emoji reactions and typing indicators, because SMS/MMS were created long before those things were even dreamed of?
Yes, exactly.
I guess…we need a new SMS?
Well the new SMS is RCS, which stands for Rich Communication Services. It enables things like high-resolution photo and video sharing, read receipts, emoji reactions, better security and privacy with end-to-end encryption and more. Most major carriers support RCS, and Android users have been using it for years.
How long has RCS been around?
Version one of RCS was released December 15, 2008.
Who made it?
RCS isn’t a messaging app like Messages or WhatsApp — it’s an industry-wide standard. Similar to other technical standards (USB, 5G, email), it was developed by a group of different companies. In the case of RCS, it was coordinated by an association of global wireless operators, hardware chip makers and other industry players.
RCS makes messaging better, so if Android phones use this, then why are texts from iPhones still breaking? RCS sounds like an upgrade — so shouldn’t that fix everything?
There’s the hitch! So Android phones use RCS, and iPhones still don’t. iPhones still rely on SMS and MMS for conversations with Android users, which is why your group chats feel so outdated. Think of it like this: If you have two groups of people who use different spoken languages, they can communicate effectively in their respective languages to other people who speak their language, but they can’t talk to each other. And when they try to talk to one another, they have to act out what they're saying, as though they're playing charades. Now think of RCS as a magic translator that helps multiple groups speak fluently — but every group has to use the translator, and if one doesn’t, they’re each going to need to use motions again.
Do you think iPhones will start using RCS too?
I hope so! It’s not just about things like the typing indicators, read receipts or emoji reactions — everyone should be able to pick up their phone and have a secure, modern messaging experience. Anyone who has a phone number should get that, and that’s been lost a little bit because we’re still finding ourselves using outdated messaging systems. But the good news is that RCS could bring that back and connect all smartphone users, and because so many different companies and carriers are working together on it, the future is bright.
Check outAndroid.com/GetTheMessageto learn why now is the time for Apple to fix texting.
Summer is my favorite season, and whenever it comes around, I always try to soak up as much sunshine as I can. But with my schedule, it can be tough to carve out quality outdoor time. So as we hit the end of summer in the U.S., I set a challenge for myself — to get outside every day during the week. And as a member of the Google Assistant team, I knew Assistant could help give me that extra nudge out the door. Here’s how it went.
After a full day of meetings at the office, I needed to clear my head. Instead of just heading home like I normally would, I asked my Assistant, “Hey Google, what parks are nearby?” It showed a handful of options near me. I ended up heading to Murphey Candler Park, one of my favorites in Atlanta, for a long walk to help me recharge my batteries.
Murphey Candler Park in Atlanta was one of the nearby park options Assistant shared with me.
I typically work out on Tuesdays, so in the spirit of my outdoor challenge, I decided to go for a swim. To help keep me accountable and on schedule, I told my Assistant, "Hey Google, remind me to go for a swim at 5 p.m." When I got that 5 p.m. nudge, I packed up for the day and headed to the pool at my apartment complex.
I took my Tuesday workout to the pool, thanks to a helpful reminder from my Assistant.
During a walk around my neighborhood, I started thinking about my weekend plans. The weather forecast showed that Saturday was going to be particularly beautiful, so I texted my friends to see if they’d be up for a picnic. After we agreed on a place and time, I said to my Assistant “Hey Google, add ‘picnic with friends’ to my calendar for Saturday at 4 p.m.” to make sure it was blocked on my schedule.
One of the things I love most about working at Google is celebrating work anniversaries, or what we call “Googleversaries.” My friend Akilah hit her third Googleversary on Thursday, so we headed to the pool after work to celebrate. For an extra treat (and to cool off), we decided to get some ice cream — but we didn’t want to lose our poolside spot. This was the perfect opportunity to try out our new Assistant feature with Uber Eats. With a quick, “Hey Google, order ice cream on Uber Eats,” Assistant opened my Uber Eats app to show us nearby delivery options and let us customize our order. Soon enough, our ice cream was on its way.
Enjoying our ice cream order from Uber Eats.
I wanted to start my weekend on the right foot, and my friend Jessica immediately came to mind. She’s an avid hiker and is always looking for someone to explore new trails with. So as I was packing up at the office, I told my Assistant “Hey Google, text Jessica, ‘Let’s go hiking.’” We did a three-mile, scenic hike on the East Palisades Trail — a great way to wrap up the week and my outdoor challenge.
Assistant can help you easily send a text, especially when you have your hands full.
These Google Assistant features made it easy to stick to my goal of getting outside every day, and they’re continuing to help me soak up the rest of the summer. I hope they do the same for you!
Every student and educator deserves access to learning tools that are private and secure. Google Workspace for Education and Chromebooks have positively transformed teaching and learning, while creating safe learning environments for more than 170 million students and educators around the world. Our education products are built with data protection at their core, enabling school administrators to demonstrate their privacy compliance when using our services.
Before using the products and services of technology providers like Google, schools in Europe may be required by the EU’s General Data Protection Regulation (GDPR) or similar laws to conduct Data Protection Impact Assessments (DPIAs). A school using Google Workspace for Education is considered a controller of the personal data that it and its students submit, store, send or receive via those Core Services. Under the GDPR, a controller is responsible for assessing whether a DPIA is required, and completing one as appropriate.
Navigating the complex DPIA requirements under the GDPR can be challenging for many of our customers, and while only customers, as controllers, can complete DPIAs, we are here to help them meet these compliance obligations. Our Cloud DPIA Resource Center outlines the obligations related to DPIAs that customers may have under the GDPR, and provides information about Google Workspace for Education that our customers (and their lawyers) can use as a starting point for assessing and meeting these legal obligations.
For Google Workspace for Education core services like Gmail, Classroom, Calendar, Groups, Drive, Docs, and similar products, Google only processes data (including personal data) provided by customers and their end users in accordance with each customer’s documented instructions. Data in these core services is never used for advertising purposes, and no ads are shown in core services.
Below are a few examples of how those core services can benefit students and educators:
When using Google Workspace for Education core services, schools are in control of their content from start to finish, and the domain administrator of the school’s system can directly manage this data using our privacy and security settings. Domain administrators have flexibility and autonomy to change default settings and use/enable advanced security upgrade options to meet their data protection requirements.There are equivalent controls in Chrome which would guarantee Google does not have access to the data. Administrators can encrypt Chrome Sync data with a custom passphrase, to which Google doesn’t have access, or even turn off Chrome Sync entirely, so that no sync data is sent to Google
We share the same goals as the schools that use our products: keeping educators and students safe, while supporting learning. As schools evaluate their technology needs and undertake risk assessments, we’ll work with them to help answer any questions they may have along the way. Google has cooperated with numerous customers across Europe who conduct DPIAs and we regularly engage with customers, regulators, policymakers, and other stakeholders to provide transparency into our operations, policies, and practices - this is core to who we are and encapsulates our ongoing commitment to privacy compliance.
In one recent example of this type of collaboration, the Dutch government conducted a DPIA into Google Workspace for Education to facilitate cloud adoption by schools in the Netherlands. As a result of that engagement, Google announced our intention to offer new contractual privacy commitments for service data that align with the commitments we offer for customer data. Once those new commitments become generally available, we will process service data as a processor under customers’ instructions, except for limited processing that we will continue to undertake as a controller. We are confident that these changes will address the requirements of our customers and regulators in Europe.
And you may be aware of the Danish DPA’s recent decision on the use of Google Workspace for Education and Chromebooks by the local municipality of Helsingør. Although this decision affects only Helsingør municipality and does not impose a country-wide ban on the use of Google Workspace for Education in Denmark, we know this issue raised questions in many European countries, and has lead to some misconceptions on the privacy and security of the use of Google Workspace for Education and Chromebooks in schools. The Danish DPA has clearly communicated - including in the national media - that the underlying reason for their decision is not a deficiency of privacy, security or GDPR compliance in Google Workspace for Education.
Google has worked with Helsingør Municipality to answer questions, review technical settings in their Workspace for Education Admin Console, and share best practices from other European customers who have undertaken a data protection impact assessment. Our sophisticated encryption technology which is not currently matched by any other cloud provider can also guarantee that Google personnel cannot decrypt customer data without their permission.
At Google, we recognise the utmost importance of schools assessing the risks that apply to their data when using any technology platform or online service to process student data. We hope that our Cloud DPIA Resource Center helps our customers complete these assessments for Google Workspace for Education, in compliance with the GDPR, and we’ll continue to provide the tools, resources, and support our customers need to ensure appropriate protection of student data.
For more information about what data we collect and how it is used, please see the Google Workspace for Education Privacy Notice.
1. According to the GDPR, the controller determines the purposes and means of processing of personal data.
2. For example, billing and account management, capacity planning and forecast modeling, detecting, preventing and responding to security risks and technical issues.
Editor’s note: Kaluza is a UK-based technology company that provides energy retailers with real-time billing, smart grid services, and seamless customer experiences. In this blog, Tom Mallett, Sustainability Manager, Kaluza, explains how Kaluza leverages Google Cloud to improve energy visibility throughout the company. He also explores how better emissions data informs sustainability solutions that make the world’s energy greener, smarter, and more reliable.
Consumers are facing tough times right now, with energy bills a very real and rising cost. But meanwhile, the climate crisis hasn’t gone away - and sustainability is very much still front of mind for boths consumers and for businesses, as it rightly should be. In the UK, 40% of emissions come from households, which includes electricity, heating, and transport. But people often do not have the time or resources to investigate and test out myriad ways to save energy, while grappling with lots of other demands at once. That’s why at Kaluza, we’ve made it our mission to help people save money and reduce their household emissions.
Born out of OVO Energy back in 2019, Kaluza is a software-as-a-service company that helps to accelerate the shift to a zero carbon world. With our Kaluza Energy Retail product, energy companies can put their customers at the heart of this transition, by providing them with real-time insights to help reduce their bills. And with Kaluza Flex, advanced algorithms charge millions of smart devices at the cheapest and greenest possible times. Kaluza works with some of the biggest energy and auto OEM businesses around the world including AGL in Australia, Fiat and Nissan in the UK, and Mitsubishi Corporation and Chubu in Japan.
By 2030, we want to avoid the production of 10 million tons of CO2, by reaching 100 million energy users and reducing our energy retail clients’ cost to serve by 50%. And that’s only the half of it. As we’re accelerating the energy transition for our customers, we also want to drastically reduce our own emissions. While the world is rushing towards net zero, we’re going one step further, committing to be carbon negative by 2030.
But we can only reduce what we can measure. That’s why we’ve developed an internal carbon footprint tool to track the impact of our cloud usage. Our technology stack spans a multicloud estate, and it’s especially easy to get emissions data from Google Cloud applications – thanks to the Carbon Footprint solution.
For every single process we run through Google Cloud, we get half-hourly electricity usage information, enabling us to point to the exact carbon emission of every process we run on Google Cloud. These insights have helped us shape Kaluza’s own carbon footprint tool, which we use to pull together information from all of our cloud providers in our multi-cloud setup, and create much more effective dashboards, which has been invaluable for our data teams.
Today, our teams can use our carbon emissions tool to really dig down into the granularity of the data. This enables them to understand what drives their carbon footprint and how to address it. And this is where things get interesting, because better data translates into actual sustainability projects. So far, we’ve launched two large-scale initiatives.
First, there’s Green Software Development. We’ve created a Green Development handbook, which contains a list of guides and best practices our software developers and engineers can use to make their software greener. With information from our carbon footprint tool, for example, we’ve been able to consolidate a number of large BigQuery queries into a single query at a greener time of day and location, resulting in a 97% reduction of emissions. That means, we’ve reduced the amount of CO2 from 200kg to 6kg, every time we run this query. And that’s just one way we’re making a difference.
Our second big initiative relates to our cloud infrastructure. Choosing a cleaner cloud and a cleaner cloud region to run workloads is one of the simplest and most effective ways we can reduce our carbon emissions. Fortunately, Google Cloud publishes carbon data for all cloud regions. This includes the average percentage of carbon free energy consumed in that particular location on an hourly basis and the grid carbon intensity of the local electricity grid.
By digging into the data, we can identify cloud waste and take action. For example, while many of our workloads have to run throughout the day, not all of them have to run at certain times. This creates potential for optimization. We’re using data from Google Cloud to understand the state of our workloads. By combining this information with carbon intensity data from the grid, we can identify and reschedule workloads to lower intensity times, and have a positive impact on Kaluza’s emissions.
Many of our sustainability projects have one important thing in common: they’re bottom-up initiatives, developed by and with our team. With emissions data at our fingertips, we’re constantly organizing hackathons or Green Development days to inspire action and test new ideas.
Making sustainability actionable and accessible for everyone is part of our core mission, and we’re bringing that same idea to our own teams. The feedback has been encouraging too. At a recent Green Development day, one of our employees said he now really understands how his role can impact on the sustainability of Kaluza and the world. We’re putting sustainability at the heart of our organization, by empowering our employees to take direct climate action in their roles. And by showing employees the direct impact of their work, we can encourage them to build even stronger solutions that will result in more carbon savings for our customers.
There are many ways to make a difference at Kaluza. Our internal pledge to reduce carbon emissions, and pass these savings on to our energy retail clients and their customers, is just one of our sustainability pillars. We’re also using Google Cloud solutions for many other exciting projects, for example the world’s first and largest domestic vehicle-to-grid (V2G) technology deployment we are leading with OVO Energy and Nissan.
With V2G, drivers can charge their electric vehicles when renewable energy is in abundance, and sell it back to the grid when it’s short of supply. By analyzing grid and vehicle data in real time with Google Cloud, we’re essentially turning millions of cars into dynamic batteries, to build a greener, more resilient energy system while helping drivers earn hundreds of pounds a year. In a market such as California, this could reduce the stress on the grid at peak times by 40%.
From houses to vehicles and beyond, at Kaluza, we’re using technology to make the energy transition a simple and affordable option for our clients and their customers. We’re excited to keep working with Google Cloud to scale our business and bring new energy solutions to life. We’re striving to be a market leader in sustainability, and with Google Cloud, we’ve found a cloud vendor whose sustainability goals really align with ours. Together, we’re building a world where net zero is in everyone’s reach.
Business leaders and IT professionals come to Google Workspace to build secure, cloud-first collaboration solutions that transform how people work together. Here’s the latest from Google Workspace leaders and partners about the evolving future of work and collaboration, all in one place.
Empowering everyday innovation to build a more adaptive business
How organizations can rethink their approach to time management coaching
Google Workspace and Google Cloud help build the future of work at Airbus
Shaping the future of work for frontline workers in Asia Pacific
Boosting collaboration and participation in the hybrid work world
The future of work requires a more human approach to security
Insights from our global hybrid work survey
In this article we'll explore the networking components of Google Kubernetes Engine (GKE) and the various options that exist. Kubernetes is an open source platform for managing containerized workloads and services and GKE is a fully managed environment for running Kubernetes on Google Cloud infrastructure.
Various network components in Kubernetes utilize IP addresses and ports to communicate. IP addresses are unique addresses that identify various components in the network.
Components
Containers - These are the smallest components for executing application processes. One or more containers run in a pod.
Pods - A collection of containers that are physically grouped together. Pods are assigned to nodes.
Nodes - Nodes are worker machines in a cluster (a collection of nodes). A node runs zero or more pods.
Services
ClusterIP - These addresses are assigned to a service.
Load balancer - Load balances internal traffic or external traffic to nodes in the cluster.
Ingress - Special type of Load balancer that handles HTTP(S) traffic.
IP addresses are assigned from various subnets to the components and services. Variable length subnet masks (VLSM) are used to create CIDR blocks. The amount of available hosts on a subnet depends on the subnet mask used.
The formula for calculating available hosts in Google Cloud is 2n- 4, not 2n- 2, which is normally used in on-premise networks.
The flow of IP address assignment looks like this:
Nodes are assigned IP addresses from the cluster's VPC network
Internal Load balancer IP addresses by default are automatically assigned from the Node IPv4 block. If necessary, you can create a specified range for your Load balancers and use the loadBalancerIP option to specify the address from that range.
Pods are assigned addresses from a range of addresses issued to pods running on that node. The default max pods per node is 110. To allocate an address to this number the amount is multiplied by 2 (110*2=220) and the nearest subnet is used which is /24. This allows a buffer for scheduling of the pods. This limit is customizable at creation time.
Containers share the IP address of the Pods they run on.
Service (Cluster IP) addresses are assigned from an address pool reserved for services.
The IP address ranges for VPC-native clusters section of the VPC-native clusters document gives you an example of planning and scoping address ranges.
DNS allows name to IP address resolution. This allows automatic name entries to be created for services. There are a few options in GKE.
kube-dns - Kubernetes native add-on service. Kube-dns runs on a deployment that is exposed via a cluster IP. By default pods in a cluster use this service for DNS queries. The “Using kube-dns'' document describes how it works.
Cloud DNS - This is Google Cloud DNS managed service. This can be used to manage your cluster DNS. A few benefits of Cloud DNS over kube-dns are:
Reduces the management of a cluster-hosted DNS server.
Supports local resolution of DNS on GKE nodes. This is done by caching responses locally, which provides both speed and scalability.
Integrates with GoogleCloud Operations monitoring suite.
Service Directory is another service from Google Cloud that can be integrated with GKE and Cloud DNS to manage services via namespaces.
The gke-networking-recipes github repo has some Service Directory examples you can try out for Internal LoadBalancers, ClusterIP, Headless & NodePort.
For a deeper understanding of DNS options in GKE please check out the article DNS on GKE: Everything you need to know.
These control access and distribute traffic across clutter resources. Some options in GKE are:
These handle HTTP(S) traffic destined to services in your cluster. They use an Ingress resource type. When this is used it creates an HTTP(S) load balancer for GKE. When configuring, you can assign a static IP address to the load balancer, to ensure that the address remains the same.
In GKE there you can provision both external and internal Ingress. The links to the guides below show you how to configure:
GKE allows you to take advantage of container-native load balancing which directs traffic directly to the pod IP using Network Endpoint Groups (NEGs).
There are three main points to understand in this topic:
Frontend-This exposes your service to clients through a frontend that accepts the traffic based on various rules. This could be a DNS name or Static IP address.
Load balancing-Once the traffic is allowed the load balancer distributes to available resources to serve the request based on rules.
Backend-Various endpoints that can be used in GKE.
In GKE you have several ways you can design your clusters networking:
Standard - This mode allows the admin the ability to configure the clusters underlying infrastructure. This mode is beneficial if you need a deeper level of control and responsibility.
Autopilot - GKE provisions and manages the cluster's underlying infrastructure. This is pre-configured for usage and gives you a bit of hand-off management freedom.
Private Cluster (This allows only internal IP connections). If you need a client to have access to the internet (e.g. for updates) you can use a Cloud NAT.
Private Service Access, (Lets your VPC communicate with service producer services via private IP addresses. Private Service Connect, (Allows private consumption of services across VPC networks)
Below is a short high-level recap.
IP addresses are assigned to various resource in your cluster
Nodes
Pods
Containers
Services
These IP address ranges are reserved for the various resource types. You have the ability to adjust the range size to meet your requirements by subnetting. Restricting unnecessary external access to your cluster is recommended.
By default pods have the ability to communicate across the cluster.
To expose applications running on pods you need a service.
Cluster IPs are assigned to services.
For DNS resolution you can rely on the native option like kube-dns or you can utilize Google Cloud DNS within your GKE cluster.
Load balancers can be used internally and external with your cluster to expose applications and distribute traffic.
Ingress handles HTTP(S) traffic. This utilizes HTTP(S) load balancers service from Google cloud. Ingress can be used for internal and external configurations.
To learn more about GKE networking, check out the following:
Want to ask a question, find out more or share a thought? Please connect with me on Linkedin or Twitter: @ammettw.
A critical component of any security operations team’s job is to deliver high-fidelity detections of potential threats across the breadth of adversary tactics. But increasingly sophisticated threat actors, an expanding attack surface, and an ever-present cybersecurity talent shortage make this task more challenging than ever.
Google keeps more people safe online than anyone else. Individuals, businesses and governments globally depend on our products that are secure-by-design and secure-by-default. Part of the “magic” behind Google’s security is the sheer scale of threat intelligence we are able to derive from our billions of users, browsers, and devices.
Today, we are putting the power of Google’s intelligence in the hands of security operations teams. We are thrilled to announce the general availability of curated detections as part of our Chronicle SecOps Suite. These detections are built by our Google Cloud Threat Intelligence (GCTI) team, and are actively maintained to reduce manual toil in your team.
Our detections provide security teams with high quality, actionable, out-of-the-box threat detection content curated, built and maintained by Google Cloud Threat Intelligence (GCTI) researchers. Our scale, and depth of intelligence, gained by securing billions of users everyday, gives us a unique vantage point to craft effective and targeted detections. These native detection sets cover a wide variety of threats for cloud and beyond, including Windows-based attacks like ransomware, remote-access tools (RAT), infostealers, data exfiltration, suspicious activity, and weakened configurations.
With this launch, security teams can smoothly leverage Google’s expertise and unique visibility into the threat landscape. This release helps understaffed and overstressed security teams keep up with an ever evolving threat landscape, quickly identify threats, and drive effective investigation and response. With this new release, security teams can:
Enable high quality curated detections with a single click from within the Chronicle console.
Operationalize data with high-fidelity threat detections, stitched with context available from authoritative sources (such as IAM and CMDB).
Accelerate investigation and response by finding anomalistic assets and domains with prevalence visualization for the detections triggered.
Map detection coverage to the MITRE ATT&CK framework to better understand adversary tactics and techniques and uncover potential gaps in defenses.
Detections are constantly updated and refined by GCTI researchers based on the evolving threat landscape. The first release of curated detections includes two categories that cover a broad range of threats, including:
Windows-based threats: Coverage for several classes of threats including infostealers, ransomware, RATs, misused software, and crypto activity.
Cloud attacks and cloud misconfigurations: Secure cloud workloads with additional coverage around exfiltration of data, suspicious behavior, and additional vectors.
Let’s look at an example of how you can put curated detections to work within the Chronicle dashboard, monitor coverage, and map to MITRE ATT&CK®.
An analyst can learn more details around specific detections and understand how they map to the MITRE ATT&CK framework. There are customized settings to configure deployment and alerting, and specify exceptions via reference lists.
You can see each rule which has generated a detection against your log data in the Chronicle rules dashboard. You can observe detections associated with the rule and pivot to investigative views. For example, here is the detection view from the timeline of an Empire Powershell Stager launch triggered by the Windows RAT rule set. You can also easily pivot to associated information and investigate the asset on which it was triggered.
By surfacing impactful, high-efficacy detections, Chronicle can enable analysts to spend time responding to actual threats and reduce alert fatigue. Our customers who used curated detections during our public preview were able to detect malicious activity and take actions to prevent threats earlier in their lifecycle. And there’s more to come. We will be delivering a steady release of new detection categories covering a wide variety of threats, community-driven content, and other out-of-the-box analytics.
Ready to put Google’s intelligence to work in your Security Operations Center? Contact Google Cloud sales or your customer success CSM team. You can also learn more about all these new capabilities in Google Chronicle in our product documentation.
Thank you to Mike Hom (Product Architect, Chronicle) and Ben Walter (Engineering Manager, Google Cloud Threat Intelligence), who helped with this launch.
Diagnosing and treating chronic pain can be complex, difficult, and full of uncertainties for a patient and their treating physician. Depending on the condition of the patient and the knowledge of the physician, making the correct diagnosis takes time, and experimenting with different treatments might be required.
This trial-and-error process can leave the patient in a world of pain and confusion until the best remedies can be prescribed. It’s a situation similar to the daily struggle that many of today’s security operations teams face.
Screaming from the mountain tops “just patch it!” isn’t very helpful when security teams aren't sure if applying a patch might create even worse issues like crashes, incompatibility, or downtime. Like a patient with chronic pain, they may not know the source of the pain in their system. Determining which vulnerabilities to prioritize patching, and ensuring those fixes actually leave you with a more secure system, is one of the hardest tasks a security team can face. This is where a Vulnerability Exploitability eXchange (VEX) comes in.
In previous blogs, we’ve discussed how establishing visibility and awareness into patient safety and technology is vital to creating a resilient healthcare system. We’ve also looked at how combining software bills of materials (SBOM) with Google’s Supply chain Levels for Software Artifacts (SLSA) framework can help build more secure technology that enables resilience.
The SBOM provides visibility into the software you’re using and where it comes from, while SLSA provides guidelines that help increase the integrity and security of software you then build. Rapid diagnostic assessments can be added to that equation with VEX, which the National Telecommunications and Information Administration describes as a “companion” document that lives side-by-side with SBOM.
To go back to our medical metaphor, VEX is a mechanism for software providers to tell security teams where to look for the source of the pain. VEX data can help with software audits when inventory and vulnerability data need to be captured at a specific point in time. That data also can be embedded into automated security tools to make it easier to prioritize vulnerability patching.
You can then think of SBOM as the prescription label on a bottle of medication, SLSA as the child-proof lid and tamper-proof seal guaranteeing the safety of the medication, and VEX as the bottle’s safety warnings. As a diagnostic aide, a VEX can help security teams make accurate diagnoses of “what could hurt” and system weaknesses before the bad guys do.
Yet making an accurate assessment of that threat model can be challenging, especially when looking at the software we use to run systems. The ability to quickly and accurately evaluate an organizations’ weaknesses and pain points can be vital to hastening response to a vulnerability and stopping cyberattacks before they become destructive. We believe that VEX is an important part of the equation to help secure the software supply chain.
As an example, look no further than the Apache Log4j vulnerabilities revealed in December 2021. Global industries including healthcare were dealt another blow when Apache’s Log4j 2 logging system was found to be so vulnerable that relatively unsophisticated threat actors could quickly infiltrate and take over systems. Through research conducted by Google and information contributed by CISA, we learned of examples of where vulnerabilities in Log4j 2, a single software component, could potentially impact thousands of companies using software that depend on it because of its near-ubiquitous use.
While a VEX would not capture zero-day vulnerabilities, it would be able to inform security teams of other known vulnerabilities in Log4j 2. Once vulnerabilities have been published, security teams could use SBOM to find them, and use VEX to understand if remediation is a priority or not.
A key reason we focus on visibility mechanisms like SBOM and SLSA is because they give us the ability to understand our risks. Without the ability to see into what we must protect, it can be difficult to determine how to quickly reduce risk.
Visibility is a crucial first step to stopping malicious hackers. Yet without context, visibility leaves security teams overwhelmed with data. Why? Well, where would you start when trying to mitigate the 30,000 known vulnerabilities affecting just open source software, according to the Open Source Vulnerabilities database (OSV)? NIST’s National Vulnerability Database (NVD) is tracking close to 181,000 vulnerabilities. We’ll be patching into the next millennium if we adopt a “patch everything” approach.
It’s impossible to address every vulnerability individually. To make progress, security teams need to be able to prioritize findings and go after the ones that will have the greatest impact first. The goal of a VEX artifact is to make prioritization a little easier.
While SBOMs are created or changed when the material included in a build is updated, VEXs are intended to be changed and distributed when a new vulnerability or threat has changed. This means that VEX and SBOM should be maintained separately. Since security researchers and organizations are constantly discovering new cybersecurity vulnerabilities and threats, a more dynamic mechanism like VEX can help ensure builders and operators have the ability to quickly ascertain the risks of the software they are using.
Let’s dig into this VEX example from CycloneDX. You can see the list of vulnerabilities found, third parties who track and report those vulnerabilities, vulnerability ratings per CVSS, and most importantly, a statement from the developer that guides the operator reading the VEX to those vulnerabilities that are exploitable and need to be protected. At the bottom, you’ll see the VEX “affects” an SBOM.
This information allows the user of the VEX document to refer to its companion SBOM. By necessity, the VEX is intentionally decoupled from the SBOM because they need to be updated at different times. A VEX document will need to be updated when new vulnerabilities emerge. An SBOM will need to be updated when changes to the software are made by a manufacturer. Although they can and need to be updated separately, the contents of each document can stay aligned because they are linked.
VEX could dramatically improve how security vulnerabilities are handled. It’s not uncommon to find operators buried in vulnerabilities, best-guessing the ones that need fixing, and trying to make sense of tens (and sometimes hundreds) of pages of documentation to determine the best, lowest impact fix.
With SBOM+SLSA+VEX, operators are using software-driven mechanisms to conduct analyses and evaluate risk instead of relying on intuition and best guesses. The tripartite SBOM+SLSA+VEX approach provides an up-to-date list of issues and perspective on what needs attention. This is a transformative development in security—enabling teams to get a better handle on doing vulnerability mitigation, starting where it could hurt the most.
Driven by repeated cyberattacks on critical infrastructure such as healthcare, government regulators have taken a more interested stance in software security and supply chains. Strengthening the effectiveness of SBOMs in the United States is a big part of the newly
proposed Protecting and Transforming Cyber Health Care (PATCH) Act. The law would require medical device manufacturers adhere to minimum cybersecurity standards in their products, including the creation of SBOMs for their devices, and plans to monitor and patch any cybersecurity vulnerabilities that are discovered during the device’s lifetime.
Meanwhile, new draft medical device cybersecurity guidance from the FDA continues that agency’s involvement in aggressively encouraging medical device manufacturers to improve the cybersecurity resilience of their products. The White House spoke for SBOMs, as well. An Executive Order from May 2021 lays out requirements for secure software development, including the production and distribution of SBOM for software used by the federal government.
Regardless of how these initiatives pan out, Google believes controls like those provided by SBOM+SLSA+VEX are critical to protect software and build a resilient healthcare ecosystem. This approach provides detailed, critical risk exposure data to security teams so they can take necessary steps to reduce immediate and long-term risks.
At Google, we are working with the Open Source Security Foundation on supporting SBOM development. Our Know, Prevent, Fix report on secure software development creates a broader outline of how Google thinks about securing open source software from preventable vulnerabilities. You can read more about these efforts for securing workloads on Google Cloud from our Cloud Architecture Center. Take a look at Cloud Build, a Google Cloud service that can be used to generate up to SLSA Level 2 build artifacts.
Customers often have difficulty getting full visibility and control over vulnerabilities because of their dependence on open source software (OSS). Assured Open Source Software (Assured OSS) is the Google Cloud service that helps teams both secure the external OSS packages they use and overcome avoidable vulnerabilities by simply eliminating them from the code base. Finally, ask us about Google's Cybersecurity Action Team, the world’s premier security advisory team and its singular mission supporting the security and digital transformation of governments, critical infrastructure, enterprises, and small businesses.
If you’re a software supplier, please consider our suggestions above. Whether you are or not, you should begin:
Contractually mandating SBOM+VEX+SLSA (or their equivalent) artifacts to be provided for all new software.
Train procurement teams to ask for and use SBOM+VEX+SLSA to make purchasing decisions. There should be no reason an organization procures software or hardware with known, preventable issues. Even if they do, the information these mechanisms provide should help security teams decide if they can live with the risks before equipment enters their networks.
Establishing a governance program that ensures those who control procurement decisions are aware of and owning the risks associated with software they are buying.
Enabling security teams to build pipelines to ingest SBOM+VEX+SLSA artifacts into their security operations and use it to strategically advise and drive mitigation activities.
At Google, we believe the path to resilience begins with building visibility and structural awareness into the software, hardware, and equipment it rides on as a critical first step. Time will tell if VEX becomes widely adopted, but the point behind it won’t change—we can’t know how we are vulnerable without visibility. VEX is an important concept in this regard.
Next month, we’ll be shifting gears slightly to focus on building resilience by establishing a security culture that obsesses over its patients and products.
Want to know the latest from Google Cloud? Find it here in one handy location. Check back regularly for our newest updates, announcements, resources, events, learning opportunities, and more.
Tip: Not sure where to find what you’re looking for on the Google Cloud blog? Start here: Google Cloud blog 101: Full list of topics, links, and resources.
asia-southeast2 (Jakarta)
us-east1 (South Carolina)
us-west1 (Oregon)
us-west3 (Salt Lake City)
asia-east2 (Hong Kong)
europe-west2 (London)
europe-west3 (Frankfurt)
us-east4 (N. Virginia)
us-west2 (Los Angeles)
Read the latest Cloud Data Hero Story. This edition focuses on Francisco, the founder of Direcly, a Google Cloud partner. Francisco immigrated from Quito, Ecuador and founded his company from the ground up, without any external funding. Now, he’s finding innovative ways to leverage Google Cloud’s products for companies like Royal Caribbean International.
Launched higher reservation limits for BigQuery BI Engine. BigQuery BI Engine now supports a default maximum reservation of 250GB per project for all customers. Previously this was at 100GB. You can still request additional BI Engine reservations for your projects here. This is being rolled out in the Google Cloud Console over the next few days to all customers. Alternatively, all customers can already use DDL statement as follows
ALTER BI_CAPACITY `<PROJECT_ID>.region-<REGION>.default` SET OPTIONS(size_gb = 250);
We're excited to announce the general availability of Media CDN — a content and media distribution platform with unparalleled scale.
New Google Cloud research shows shoppers are paying closer attention to the values of consumer goods brands and care more about eco-friendly products.
Meditech’s cloud EHR gives clinicians time back with patients helping them make better decisions and diagnoses.
Cloud is supercharging 5G development, transforming every industry along the way. How 5G and Cloud will change every industry, including yours.
Google’s Area 120 incubator shares 5 lessons on sustaining innovation at scale.
Introducing SWIFT on Google Cloud - modernize your payments by bringing it to the cloud.
Advance your technical skills and boost your career by getting hands-on practice with Google Cloud projects.
Discover how the Google Workspace Administrator role has evolved and why certification training is vital for this in-demand position.
Upgraded Anthos clusters on bare metal to use Kubernetes version 1.22;
AddedEgress Network Address Translation (NAT) gateway capability to provide persistent, deterministic routing for egress traffic from clusters
Enabled IPv4/IPv6 dual-stack support
Additional enhancements in the release can be found in the the release note here
Now you can control how your alerts handle missing data from telemetry data streams using Alert Policies in the Cloud Console or via API. In cloud ecosystems there are millions of data sources, and often, there are pauses or breaks in their telemetry data streams. Configure how this missing data influences your open incidents:
Option 1: Missing data is treated as “above the threshold”- and your incidents will stay open.
Option 2: missing data is evaluated as “below the threshold” and the incident will close after your retest window period.
Pub/Sub Lite goes regional. Pub/Sub Lite is a high-volume messaging service with ultra-low cost that now offers regional Lite topics, in addition to existing zonal Lite topics. Unlike zonal topics which are located in a single zone, regional topics are asynchronously replicated across two zones. Multi-zone replication protects from zonal failures in the service. Read about it here.
Google Workspace is making it easy for employees to bring modern collaboration to work, even if their organizations are still using legacy tools. Essentials Starter is a no-cost offer designed to help people bring the apps they know and love to use in their personal lives to their work life. Learn more.
We’re now offering 30 days free access to role-based Google Cloud training with interactive labs and opportunities to earn skill badges to demonstrate your cloud knowledge. Learn more.
Security Command Center (SCC) Premium adds support for additional compliance benchmarks, including CIS Google Cloud Computing Foundations 1.2 and OWASP Top 10 2017 & 2021. Learn more about how SCC helps manage and improve your cloud security posture.
The most-read blogs about Google Cloud compute, networking, storage and physical infrastructure in 2021. Read more.
Four cloud security trends that organizations and practitioners should be planning for in 2022—and what they should do about them. Read more.
Google Cloud announces the top data analytics stories from 2021 including the top three trends and lessons they learned from customers this year. Read more.
Explore Google Cloud’s Contact Center AI (CCAI) and its momentum in 2021. Read more.
An overview of the innovations that Google Workspace delivered in 2021 for Google Meet. Read more.
Google Cloud’s top artificial intelligence and machine learning posts from 2021. Read more.
How we’ve helped break down silos, unearth the value of data, and apply that data to solve big problems. Read more.
A recap of the year’s infrastructure progress, from impressive Tau VMs, to industry-leading storage capabilities, to major networking leaps. Read more.
Google Cloud CISO Phil Venables shares his thoughts on the latest security updates from the Google Cybersecurity Action Team. Read more.
Google Cloud - A cloud built for developers — 2021 year in review. Read more.
API management continued to grow in importance in 2021, and Apigee continued to innovate capabilities for customers, new solutions, and partnerships. Read more.
Join Cloud Learn, happening from Dec. 8-9: This interactive learning event will have live technical demos, Q&As, career development workshops, and more covering everything from Google Cloud fundamentals to certification prep. Learn more.
Get a deep dive into BigQuery Administrator Hub– With BigQuery Administrator Hub you can better manage BigQuery at scale with Resource Charts and Slot Estimator Administrators. Learn more about these tools and just how easy they are to usehere.
New data and AI in Media blog - How data and AI can help media companies better personalize; and what to watch out for. We interviewed Googlers, Gloria Lee, Executive Account Director of Media & Entertainment, and John Abel, Technical Director for the Office of the CTO, to share exclusive insights on how media organizations should think about and ways to make the most out of their data in the new era of direct-to-consumer. Watch our video interview with Gloria and John and read more.
Datastream is now generally available (GA): Datastream, a serverless change data capture (CDC) and replication service, allows you to synchronize data across heterogeneous databases, storage systems, and applications reliably and with minimal latency to support real-time analytics, database replication, and event-driven architectures. Datastream currently supports CDC ingestion from Oracle and MySQL to Cloud Storage, with additional sources and destinations coming in the future. Datastream integrates with Dataflow and Cloud Data Fusion to deliver real time replication to a wide range of destinations, including BigQuery, Cloud Spanner and Cloud SQL. Learn more.
Cloud Spanner is our distributed, globally scalable SQL database service that decouples compute from storage, which makes it possible to scale processing resources separately from storage. This means that horizontal upscaling is possible with no downtime for achieving higher performance on dimensions such as operations per second for both reads and writes. The distributed scaling nature of Spanner’s architecture makes it an ideal solution for unpredictable workloads such as online games. Learn how you can get started developing global multiplayer games using Spanner.
New Dataflow templates for Elasticsearch releasedto help customers process and export Google Cloud data into their Elastic Cloud. You can now push data from Pub/Sub, Cloud Storage or BigQuery into your Elasticsearch deployments in a cloud-native fashion. Read more for a deep dive on how to set up a Dataflow streaming pipeline to collect and export your Cloud Audit logs into Elasticsearch, and analyze them in Kibana UI.
We’re excited to announce the public preview of Google Cloud Managed Service for Prometheus, a new monitoring offering designed for scale and ease of use that maintains compatibility with the open-source Prometheus ecosystem. While Prometheus works well for many basic deployments, managing Prometheus can become challenging at enterprise scale. Learn more about the service in our blog and on the website.
New study on the economics of cloud migration - The Total Economic Impact™ Of Migrating Expensive Operating Systems and Traditional Software to Google Cloud. We worked with Forrester on this study which details the cost savings and benefits you can achieve from migrating and modernizing with Google Cloud, especially with respect to expensive operating systems and traditional software. Download now!
New whitepaper on building a successful cloud migration strategy - The priority to move into the cloud and achieve a zero data center footprint is becoming top of mind for many CIOs. One of the most fundamental changes required to accelerate a move to the cloud is the adoption of a product mindset—the shift from an emphasis on project to product. Download “Accelerating the journey to the cloud with a product mindset” now.
This week we hosting our Retail & Consumer Goods Summit, a digital event dedicated to helping leading retailers and brands digitally transform their business. Read more about our consumer packaged goods strategy and a guide to key summit content for brands in this blog from Giusy Buonfantino, Google Cloud’s Vice President of CPG.
We’re hosting our Retail & Consumer Goods Summit, a digital event dedicated to helping leading retailers and brands digitally transform their business. Read more.
See how IKEA uses Recommendations AI to provide customers with more relevant product information. Read more.
Google Cloud launches a career program for people with autism designed to hire and support more talented people with autism in the rapidly growing cloud industry. Learn more
Google Cloud follows new API stability tenets that work to minimize unexpected deprecations to our Enterprise APIs. Read more.
Transfer Appliance supports Google Managed Encryption Keys — We’re announcing the support for Google Managed Encryption Keys with Transfer Appliance, this is in addition to the currently available Customer Managed Encryption Keys feature. Customers have asked for the Transfer Appliance service to create and manage encryption keys for transfer sessions to improve usability and maintain security. The Transfer Appliance Service can now manage the encryption keys for the customers who do not wish to handle a key themselves. Learn more about Using Google Managed Encryption Keys.
UCLA builds a campus-wide API program– With Google Cloud's API management platform, Apigee, UCLA created a unified and strong API foundation that removes data friction that students, faculty, and administrators alike face. This foundation not only simplifies how various personas connect to data, but also encourages more innovations in the future. Learn their story.
We’re rolling out general support of Brand Indicators for Message Identification (BIMI) in Gmail within Google Workspace. Learn more.
Learn how DeNA Sports Business created an operational status visualization system that helps determine whether live event attendees have correctly installed Japan’s coronavirus contact tracing app COCOA.
Google Cloud CAS provides a highly scalable and available private CA to address the unprecedented growth in certificates in the digital world. Read more about CAS.
Announcing the Google for Games Developer Summit 2021 on July 12th-13th–With a surge of new gamers and an increase in time spent playing games in the last year, it’s more important than ever for game developers to delight and engage players. To help developers with this opportunity, the games teams at Google are back to announce the return of the Google for Games Developer Summit 2021 on July 12th-13th. Hear from experts across Google about new game solutions they’re building to make it easier for you to continue creating great games, connecting with players and scaling your business. Registration is free and open to all game developers. Register for the free online event at g.co/gamedevsummit to get more details in the coming weeks. We can’t wait to share our latest innovations with the developer community. Learn more.
Best practices to protect your organization against ransomware threats–For more than 20 years Google has been operating securely in the cloud, using our modern technology stack to provide a more defensible environment that we can protect at scale. While the threat of ransomware isn’t new, our responsibility to help protect you from existing or emerging threats never changes. In our recent blog post, we shared guidance on how organizations can increase their resilience to ransomware and how some of our Cloud products and services can help. Read more.
Extreme PD is now GA–On April 20th, Google Cloud’s Persistent Disk launched general availability of Extreme PD, a high performance block storage volume with provisioned IOPS and up to 2.2 GB/s of throughput. Learn more.
Research: How data analytics and intelligence tools to play a key role post-COVID-19–A recent Google-commissioned study by IDG highlighted the role of data analytics and intelligent solutions when it comes to helping businesses separate from their competition. The survey of 2,000 IT leaders across the globe reinforced the notion that the ability to derive insights from data will go a long way towards determining which companies win in this new era. Learn more or download the study.
Introducing PHP on Cloud Functions–We’re bringing support for PHP, a popular general-purpose programming language, to Cloud Functions. With the Functions Framework for PHP, you can write idiomatic PHP functions to build business-critical applications and integration layers. And with Cloud Functions for PHP, now available in Preview, you can deploy functions in a fully managed PHP 7.4 environment, complete with access to resources in a private VPC network. Learn more.
Delivering our 2020 CCAG pooled audit–As our customers increased their use of cloud services to meet the demands of teleworking and aid in COVID-19 recovery, we’ve worked hard to meet our commitment to being the industry’s most trusted cloud, despite the global pandemic. We’re proud to announce that Google Cloud completed an annual pooled audit with the CCAG in a completely remote setting, and were the only cloud service provider to do so in 2020. Learn more.
Anthos 1.7 now available–We recently released Anthos 1.7, our run-anywhere Kubernetes platform that’s connected to Google Cloud, delivering an array of capabilities that make multicloud more accessible and sustainable. Learn more.
New Redis Enterprise for Anthos and GKE–We’re making Redis Enterprise for Anthos and Google Kubernetes Engine (GKE) available in the Google Cloud Marketplace in private preview. Learn more.
Updates to Google Meet–We introduced a refreshed user interface (UI), enhanced reliability features powered by the latest Google AI, and tools that make meetings more engaging—even fun—for everyone involved. Learn more.
DocAI solutions now generally available–Document (Doc) AI platform, Lending DocAI and Procurement DocAI, built on decades of AI innovation at Google, bring powerful and useful solutions across lending, insurance, government and other industries. Learn more.
Four consecutive years of 100% renewable energy–In 2020, Google again matched 100 percent of its global electricity use with purchases of renewable energy. All told, we’ve signed agreements to buy power from more than 50 renewable energy projects, with a combined capacity of 5.5 gigawatts–about the same as a million solar rooftops. Learn more.
Announcing the Google Cloud region picker–The Google Cloud region picker lets you assess key inputs like price, latency to your end users, and carbon footprint to help you choose which Google Cloud region to run on. Learn more.
Build a consistent approach for API consumers–Learn the differences between REST and GraphQL, as well as how to apply REST-based practices to GraphQL. No matter the approach, discover how to manage and treat both options as API products here.
Apigee X makes it simple to apply Cloud CDN to APIs–With Apigee X and Cloud CDN, organizations can expand their API programs' global reach. Learn how to deploy APIs across 24 regions and 73 zones here.
Enabling data migration with Transfer Appliances in APAC—We’re announcing the general availability of Transfer Appliances TA40/TA300 in Singapore. Customers are looking for fast, secure and easy to use options to migrate their workloads to Google Cloud and we are addressing their needs with Transfer Appliances globally in the US, EU and APAC. Learn more about Transfer Appliances TA40 and TA300.
Windows Authentication is now supported on Cloud SQL for SQL Server in public preview—We’ve launched seamless integration with Google Cloud’s Managed Service for Microsoft Active Directory (AD). This capability is a critical requirement to simplify identity management and streamline the migration of existing SQL Server workloads that rely on AD for access control. Learn more or get started.
Using Cloud AI to whip up new treats with Mars Maltesers—Maltesers, a popular British candy made by Mars, teamed up with our own AI baker and ML engineer extraordinaire, Sara Robinson, to create a brand new dessert recipe with Google Cloud AI. Find out what happened (recipe included).
Simplifying data lake management with Dataproc Metastore, now GA—Dataproc Metastore, a fully managed, serverless technical metadata repository based on the Apache Hive metastore, is now generally available. Enterprises building and migrating open source data lakes to Google Cloud now have a central and persistent metastore for their open source data analytics frameworks. Learn more.
Introducing the Echo subsea cable—We announced our investment in Echo, the first-ever cable to directly connect the U.S. to Singapore with direct fiber pairs over an express route. Echo will run from Eureka, California to Singapore, with a stop-over in Guam, and plans to also land in Indonesia. Additional landings are possible in the future. Learn more.
ANY value in the API. Learn more.New research on how COVID-19 changed the nature of IT—To learn more about the impact of COVID-19 and the resulting implications to IT, Google commissioned a study by IDG to better understand how organizations are shifting their priorities in the wake of the pandemic. Learn more and download the report.
New in API security—Google Cloud Apigee API management platform's latest release, Apigee X, works with Cloud Armor to protect your APIs with advanced security technology including DDoS protection, geo-fencing, OAuth, and API keys. Learn more about our integrated security enhancements here.
Troubleshoot errors more quickly with Cloud Logging—The Logs Explorer now automatically breaks down your log results by severity, making it easy to spot spikes in errors at specific times. Learn more about our new histogram functionality here.
Building the future of work—We’re introducing new innovations in Google Workspace to help people collaborate and find more time and focus, wherever and however they work. Learn more.
Assured Controls and expanded Data Regions—We’ve added new information governance features in Google Workspace to help customers control their data based on their business goals. Learn more.
21 Google Cloud tools explained in 2 minutes—Need a quick overview of Google Cloud core technologies? Quickly learn these 21 Google Cloud products—each explained in under two minutes. Learn more.
BigQuery materialized views now GA—Materialized views (MV’s) are precomputed views that periodically cache results of a query to provide customers increased performance and efficiency. Learn more.
New in BigQuery BI Engine—We’re extending BigQuery BI Engine to work with any BI or custom dashboarding applications that require sub-second query response times. In this preview, BI Engine will work seamlessly with Looker and other popular BI tools such as Tableau and Power BI without requiring any change to the BI tools. Learn more.
Dataproc now supports Shielded VMs—All Dataproc clusters created using Debian 10 or Ubuntu 18.04 operating systems now use Shielded VMs by default and customers can provide their own configurations for secure boot, vTPM, and Integrity Monitoring. This feature is just one of the many ways customers that have migrated their Hadoop and Spark clusters to GCP experience continued improvements to their security postures without any additional cost.
New Cloud Security Podcast by Google—Our new podcast brings you stories and insights on security in the cloud, delivering security from the cloud, and, of course, on what we’re doing at Google Cloud to help keep customer data safe and workloads secure. Learn more.
New in Conversational AI and Apigee technology—Australian retailer Woolworths provides seamless customer experiences with their virtual agent, Olive. Apigee API Management and Dialogflow technology allows customers to talk to Olive through voice and chat. Learn more.
Introducing GKE Autopilot—GKE already offers an industry-leading level of automation that makes setting up and operating a Kubernetes cluster easier and more cost effective than do-it-yourself and other managed offerings. Autopilot represents a significant leap forward. In addition to the fully managed control plane that GKE has always provided, using the Autopilot mode of operation automatically applies industry best practices and can eliminate all node management operations, maximizing your cluster efficiency and helping to provide a stronger security posture. Learn more.
Partnering with Intel to accelerate cloud-native 5G—As we continue to grow cloud-native services for the telecommunications industry, we’re excited to announce a collaboration with Intel to develop reference architectures and integrated solutions for communications service providers to accelerate their deployment of 5G and edge network solutions. Learn more.
Veeam Backup for Google Cloud now available—Veeam Backup for Google Cloud automates Google-native snapshots to securely protect VMs across projects and regions with ultra-low RPOs and RTOs, and store backups in Google Object Storage to enhance data protection while ensuring lower costs for long-term retention.
Migrate for Anthos 1.6 GA—With Migrate for Anthos, customers and partners can automatically migrate and modernize traditional application workloads running in VMs into containers running on Anthos or GKE. Included in this new release:
In-place modernization for Anthos on AWS (Public Preview) to help customers accelerate on-boarding to Anthos AWS while leveraging their existing investment in AWS data sources, projects, VPCs, and IAM controls.
Additional Docker registries and artifacts repositories support (GA) including AWS ECR, basic-auth docker registries, and AWS S3 storage to provide further flexibility for customers using Anthos Anywhere (on-prem, AWS, etc).
HTTPS Proxy support (GA) to enable M4A functionality (access to external image repos and other services) where a proxy is used to control external access.
Introducing Cloud Domains in preview—Cloud Domains simplify domain registration and management within Google Cloud, improve the custom domain experience for developers, increase security, and support stronger integrations around DNS and SSL. Learn more.
Announcing Databricks on Google Cloud—Our partnership with Databricks enables customers to accelerate Databricks implementations by simplifying their data access, by jointly giving them powerful ways to analyze their data, and by leveraging our combined AI and ML capabilities to impact business outcomes. Learn more.
Service Directory is GA—As the number and diversity of services grows, it becomes increasingly challenging to maintain an inventory of all of the services across an organization. Last year, we launched Service Directory to help simplify the problem of service management. Today, it’s generally available. Learn more.
Introducing Bare Metal Solution for SAP workloads—We’ve expanded our Bare Metal Solution—dedicated, single-tenant systems designed specifically to run workloads that are too large or otherwise unsuitable for standard, virtualized environments—to include SAP-certified hardware options, giving SAP customers great options for modernizing their biggest and most challenging workloads. Learn more.
9TB SSDs bring ultimate IOPS/$ to Compute Engine VMs—You can now attach 6TB and 9TB Local SSD to second-generation general-purpose N2 Compute Engine VMs, for great IOPS per dollar. Learn more.
Supporting the Python ecosystem—As part of our longstanding support for the Python ecosystem, we are happy to increase our support for the Python Software Foundation, the non-profit behind the Python programming language, ecosystem and community. Learn more.
Migrate to regional backend services for Network Load Balancing—We now support backend services with Network Load Balancing—a significant enhancement over the prior approach, target pools, providing a common unified data model for all our load-balancing family members and accelerating the delivery of exciting features on Network Load Balancing. Learn more.
Cloud Operations Sandbox now available—Cloud Operations Sandbox is an open-source tool that helps you learn SRE practices from Google and apply them on cloud services using Google Cloud’s operations suite (formerly Stackdriver), with everything you need to get started in one click. You can read our blog post, or get started by visiting cloud-ops-sandbox.dev, exploring the project repo, and following along in the user guide.
New data security strategy whitepaper—Our new whitepaper shares our best practices for how to deploy a modern and effective data security program in the cloud. Read the blog post or download the paper.
WebSockets, HTTP/2 and gRPC bidirectional streams come to Cloud Run—With these capabilities, you can deploy new kinds of applications to Cloud Run that were not previously supported, while taking advantage of serverless infrastructure. These features are now available in public preview for all Cloud Run locations. Read the blog post or check out the WebSockets demo app or the sample h2c server app.
New tutorial: Build a no-code workout app in 5 steps—Looking to crush your new year’s resolutions? Using AppSheet, Google Cloud’s no-code app development platform, you can build a custom fitness app that can do things like record your sets, reps and weights, log your workouts, and show you how you’re progressing. Learn how.
New, lower pricing for Cloud CDN—We’ve reduced the price of cache fill (content fetched from your origin) charges across the board, by up to 80%, along with our recent introduction of a new set of flexible caching capabilities, to make it even easier to use Cloud CDN to optimize the performance of your applications. Read the blog.
Expanding the BeyondCorp Alliance—Last year, we announced our BeyondCorp Alliance with partners that share our Zero Trust vision. Today, we’re announcing new partners to this alliance. Read the blog.
New data analytics training opportunities—Throughout October and November, we’re offering a number of no-cost ways to learn data analytics, with trainings for beginners to advanced users. Learn more.
New BigQuery blog series—BigQuery Explained provides overviews on storage, data ingestion, queries, joins, and more. Read the series.
Introducing the Google Cloud Healthcare Consent Management API—This API gives healthcare application developers and clinical researchers a simple way to manage individuals’ consent of their health data, particularly important given the new and emerging virtual care and research scenarios related to COVID-19. Read the blog.
Announcing Google Cloud buildpacks—Based on the CNCF buildpacks v3 specification, these buildpacks produce container images that follow best practices and are suitable for running on all of our container platforms: Cloud Run (fully managed), Anthos, and Google Kubernetes Engine (GKE). Read the blog.
Providing open access to the Genome Aggregation Database (gnomAD)—Our collaboration with Broad Institute of MIT and Harvard provides free access to one of the world's most comprehensive public genomic datasets. Read the blog.
Introducing HTTP/gRPC server streaming for Cloud Run—Server-side HTTP streaming for your serverless applications running on Cloud Run (fully managed) is now available. This means your Cloud Run services can serve larger responses or stream partial responses to clients during the span of a single request, enabling quicker server response times for your applications. Read the blog.
New security and privacy features in Google Workspace—Alongside the announcement of Google Workspace we also shared more information on new security features that help facilitate safe communication and give admins increased visibility and control for their organizations. Read the blog.
Introducing Google Workspace—Google Workspace includes all of the productivity apps you know and use at home, at work, or in the classroom—Gmail, Calendar, Drive, Docs, Sheets, Slides, Meet, Chat and more—now more thoughtfully connected. Read the blog.
New in Cloud Functions: languages, availability, portability, and more—We extended Cloud Functions—our scalable pay-as-you-go Functions-as-a-Service (FaaS) platform that runs your code with zero server management—so you can now use it to build end-to-end solutions for several key use cases. Read the blog.
Announcing the Google Cloud Public Sector Summit, Dec 8-9—Our upcoming two-day virtual event will offer thought-provoking panels, keynotes, customer stories and more on the future of digital service in the public sector. Register at no cost.
Innovation is often associated with big wins: increasing a competitive advantage, developing a new product, or disrupting a category. But these outcomes are almost always enabled by advancements that occur on a smaller scale—in the ways organizations regularly carve out time for creative thinking, experiment with processes, and deploy technology to collaborate.
This approach to innovation frames it as an ongoing exploration of modes of working that make our employees more curious, our jobs more efficient, and our businesses more resilient. When teams are regularly empowered to experiment, the emerging discoveries and productivity gains can help organizations weather unforeseen challenges and uncover new opportunities.
Viewing innovation as a daily practice also reminds us that it’s not a lightning strike. Rather, it’s an organizational habit that we must intentionally develop and cultivate over time.
The right mindset, culture, and tools can help teams—especially distributed teams—reliably produce breakthroughs that advance the business. Equipped with resources that support knowledge-sharing, collaboration, and experimentation, you can build a culture of innovation that empowers your employees to build a more creative, productive workplace for everyone.
At the end of the day, it’s up to each organization to determine how to best adopt innovation as a daily practice. But, as a starting point, there are certain values you can introduce to help you build a culture that champions new approaches to thinking and working.
It starts with creating an atmosphere of psychological safety. In order for employees and teams to take the risks that innovation requires, they must feel comfortable speaking up, asking questions, and making mistakes. Invite people to indulge their curiosity and inquire about what they don’t understand. Acknowledge there will be setbacks as they test out hypotheses, as trial-and-error is often the catalyst for developing new perspectives and processes. And impress upon your teams that failure is not only permitted, but valued, when it leads to learning and new understanding.
Additionally, innovation and inclusivity work together, so invest in leaders and managers who embrace diverse perspectives and listen to their teams. When employees feel heard, they are “3.5 times more likely to contribute to innovation potential.” But listening is just one-half of the equation. Many times, in order for innovative ideas to break through, they also need a little extra push from leadership. As Patricia Satterstrom, Michaela J. Kerrissey, and Julia DiBenigno emphasize in the Harvard Business Review, organizations bolster good ideas by supporting “voice cultivation,” which they define as “the collective, social process through which employees help lower-power team members’ voiced ideas reach implementation.” To help your organization become more innovative, encourage your senior-level employees to amplify their junior colleagues’ contributions.
This idea is related to another driver for fostering innovation across your organization: a willingness to experiment with team structure. While many business operations require hierarchy to function smoothly, some aspects of the creative process, such as ideation, may benefit from a flatter approach. A good idea can come from anyone, so consider creating a cross-functional innovation committee consisting of employees of all levels to lead company-wide brainstorming activities. Or set up “office hours” for junior employees to share their new ideas with senior team members.
Finally, innovation thrives in a connected, collaborative environment. Equip your hybrid workforce with seamless, secure technology and tools that enable them to contribute and collaborate most effectively. Create opportunities, such as team-building exercises, for your employees to deepen relationships with their teammates as well as colleagues outside of their department. After all, the closer you are with someone, the easier it is to exchange and pursue creative or unconventional ideas together.
Cultivating organizational values like safety, inclusivity, and collaboration is the first step toward building innovation into a daily habit. To strengthen your organization’s innovation muscle, consider the following exercises and tools that can help your teams be more creative every day.
Inhabit a beginner’s mindset. Curiosity is a skill that can be learned, so encourage your employees (and yourself!) to tap into that inner child, embracing the urge to ask “why” or “how”?
Host and facilitate regular brainstorming exercises devoted to innovation. You might devote different sessions to specific topics and open-floor discussions. Virtual tools, like Google Meetfor working in real-time or Spaces for ongoing, staggered conversation, ensure your hybrid workforce can participate from anywhere.
Screen for curiosity in prospective hires, and incorporate a “curiosity filter” in performance reviews. Use Google Forms to create surveys to help hiring teams and department managers assess people’s appetite for curiosity, creativity, and experimentation.
Experiment a little bit each day. In particular, encouraging your employees to use technology in new or expanded ways can empower them to get creative.
Schedule knowledge-sharing sessions or create a chat thread in which employees can exchange tips and best practices for maximizing workplace technology and tools.
Invite employees closest to the business problem to come up with the solution. With AppSheet, your teams can build no-code mobile and desktop apps to automate workflows, promote collaboration, and simplify other workplace tasks.
Encourage your employees to focus on innovation when it’s right for them. This kind of work often requires a mix of quiet, heads-down time for individuals and group collaboration. Since people’s preferences for each type of work may depend on their daily workload and schedule, give your employees flexibility to decide when and how to contribute to innovative efforts.
Encourage your employees to use Google Calendar to block out Focus Time devoted to activities that support innovation, such as trends research or conceptual development.
Help your teams find their preferred tools for individual and collective work as well as same-time and staggered collaboration. Interactive tools like Jamboard and Miro in Google Meet can enhance real-time working sessions. And setting up a dedicated innovation Space lets each person participate on their own time, when it’s best for them.
Adopt an iterative approach. Building a creative culture takes time, and it’s an ongoing, multi-step process — much like creating a new product. First, you implement practices that unleash creativity. Once you’ve surfaced a set of good ideas, you identify the best ones to move into development. Finally, you put those ideas to the test, launching and fine-tuning them based on the available data and user feedback. If they’re working, you refine and scale; if they’re not, it might be time to cut your losses and learn from the failure. The same methodology is applicable to daily innovation. Sometimes a discovery can benefit the whole organization, so periodically examine people’s individual creative pursuits to determine if any of their breakthroughs should become standard practice.
Fostering a culture of experimentation and innovation takes hard work, patience, and a vision for the future. It can feel like a momentous undertaking, but our current moment is primed for it. Thanks to the hybrid work revolution, business leaders have an opportunity to reimagine how we work, collaborate, and innovate to build stronger, more adaptive businesses. Over time, the small steps you take to help your organization develop a daily practice of innovation — like championing creativity and welcoming experimentation with everyday processes and tools — can add up to transformative outcomes.
If you’re new to Security Talks, you should know that this program is part of an ongoing series where we bring together experts from the Google Cloud security team, including the Google Cybersecurity Action Team and Office of the CISO, and the greater industry to share information on our latest security products, innovations, and best practices.
The Q3 installment of the Google Cloud Security Talks on Aug. 31 is a special show-and-tell edition. We’re not just going to share what you need to know about our portfolio of products, we’re also going to be showing you how to use them as well. The format for this round of Security Talks will be focused on practitioners and emphasize how to apply Google Cloud products in popular use cases. This time, Security Talks sessions will spotlight key use cases and include how-to demonstrations. You’ll be able to glean best practices and see how you can apply these exact same scenarios to your own environment.
Our agenda is packed with insightful sessions across Zero Trust, security operations, secure cloud, and more, including:
How to leverage SOAR to grow your automated response playbook library’s value - but not the complexity
The ins and outs of protecting critical apps from fraud and bots
How to create and manage compliant environments in Google Cloud
How to get started with network-based threat detection in Google Cloud
Guidance on where to begin your Zero Trust journey
Tips for succeeding with your cloud data security strategy
Google Cloud’s latest security innovations and product updates
And don’t miss the live Cloud Security Podcast roundtable featuring Mandiant Senior Director Robert Wallace, Cybereason Security Strategy Director Ken Westin, and our own Office of the CISO Director of Financial Services Alicja Cade in conversation with host Anton Chuvakin. Our esteemed panel will dig into the latest security trends and how to apply what we’ve learned from them to your own environment.
We’re looking forward to seeing you there. Sign up today to reserve your virtual seat. The Google Cloud Security Talks is 100% digital and free to attend. All sessions will be available on demand after the event. Until then, stay secure.
Interested in becoming Google Cloud certified? Wondering which Google Cloud certification is right for you? We’ve got you covered.
Check out the latest#GCPSketchnote illustration, a framework to help you determine which Google Cloud certification is best suited to validate your current skill set and propel you toward future cloud career goals.
Follow the arrows to see where you land, and for tips on how to prepare for your certification on Google Cloud Skills Boost:
Cloud Digital Leader-This certification is for anyone who wishes to demonstrate their knowledge of cloud computing basics and how Google Cloud products and services can be used to achieve an organization’s goals.
Associate Cloud Engineer - This certification is for candidates who have a solid understanding of Google Cloud fundamentals and experience deploying cloud applications, monitoring operations, and managing cloud enterprise solutions.
Professional Google Cloud certifications - These certifications are ideal for candidates with in-depth experience working hands-on setting up cloud environments for organizations based on their business needs, and have experience deploying services and solutions.
Continue along the arrows for tips on how to prepare for your certification, while earning completion badges and skill badges through our on-demand learning platform, Google Cloud Skills Boost along the way.
Get started preparing for your certification today. New users are eligible for a 30-day no-cost trial on Google Cloud Skills Boost.
The data received at serving time is rarely in the format your model expects. Numerical columns need to be normalized, features created, image bytes decoded, input values validated. Transforming the data can be as important as the prediction itself. That’s why we’re excited to announce custom prediction routines on Vertex AI, which simplify the process of writing pre and post processing code.
With custom prediction routines, you can provide your data transformations as Python code, and behind the scenes Vertex AI SDK will build a custom container that you can test locally and deploy to the cloud.
The Vertex AI pre-built containers handle prediction requests by performing the prediction operation of the machine learning framework. Prior to custom prediction routines, if you wanted to preprocess the input before the prediction is performed, or postprocess the model’s prediction before returning the result, you would need to build a custom container from scratch.
Building a custom serving container requires writing an HTTP server that wraps the trained model, translates HTTP requests into model inputs, and translates model outputs into responses. You can see an example here showing how to build a model server with FastAPI.
With custom prediction routines, Vertex AI provides the serving-related components for you, so that you can focus on your model and data transformations.
The predictor class is responsible for the ML-related logic in a prediction request: loading the model, getting predictions, and applying custom preprocessing and postprocessing. To write custom prediction logic, you’ll subclass the Vertex AI Predictor interface. In most cases, customizing the predictor is all you’ll require, but check out this notebook if you’d like to see an example of customizing the request handler.
This release of custom prediction routines comes with reusable XGBoost and Sklearn predictors, but if you need to use a different framework you can create your own by subclassing the base predictor.
You can see an example predictor implementation below, specifically the reusable Sklearn predictor. This is all the code you would need to write in order to build this custom model server.
A predictor implements four methods:
Load: Loads in the model artifacts, and any optional preprocessing artifacts such as an encoder you saved to a pickle file.
Preprocess:Performs the logic to preprocess the input data before the prediction request. By default, the preprocess method receives a dictionary which contains all the data in the request body after it has been deserialized from JSON.
Predict: Performs the prediction, which will look something like model.predict(instances) depending on what framework you’re using.
Postprocess:Postprocesses the prediction results before returning them to the end user. By default, the output of the postprocess method will be serialized into a JSON object and returned as the response body.
You can customize as many of the above methods as your use case requires. To customize, all you need to do is subclass the predictor and save your new custom predictor to a Python file.
Let’s take a deeper look at how you might customize each one of these methods.
Load
The load method is where you load in any artifacts from Cloud Storage. This includes the model, but can also include custom preprocessors.
For example, let’s say you wrote the following preprocessor to scale numerical features, and stored it as a pickle file called preprocessor.pkl in Cloud Storage.
When customizing the predictor, you would write a load method to read the pickle file, similar to the following, where artifacts_uri is the Cloud Storage path to your model and preprocessing artifacts.
Preprocess
The preprocess method is where you write the logic to perform any preprocessing needed for your serving data. It can be as simple as just applying the preprocessor you loaded in the load method as shown below:
Instead of loading in a preprocessor, you might write the preprocessing directly in the preprocess method. For example, you might need to check your inputs are in the format you expect. Let’s say your model expects the feature at index 3 to be a string in its abbreviated form. You want to check that at serving time the value for that feature is abbreviated.
There are numerous other ways you could customize the preprocessing logic. You might need to tokenize text for a language model, generate new features, or load data from an external source.
Predict
This method usually just calls model.predict, and generally doesn't need to be customized unless you're building your predictor from scratch instead of with a reusable predictor.
Postprocess
Sometimes the model prediction is only the first step. After you get a prediction from the model you might need to transform it to make it valuable to the end user. This might be something as simple as converting the numerical class label returned by the model to the string label as shown below.
Or you could implement additional business logic. For example, you might want to only return a prediction if the model’s confidence is above a certain threshold. If it’s below, you want the input to be sent to a human instead to double check.
Just like with preprocessing, there are numerous ways you can postprocess your data with custom prediction routines. You might need to detokenize text for a language model, convert the model output into a more readable format for the end user, or even call a Vertex AI Matching Engine index endpoint to search for data with a similar embedding.
When you’ve written your predictor, you’ll want to save the class out to a Python file. Then you can build your image with the command below, where LOCAL_SOURCE_DIR is a local directory that contains the Python file where you saved your custom predictor.
Once the image is built, you can test it out by deploying it to a local endpoint and then calling the predict method and passing in the request data. You’ll set artifact_uri to the path in Cloud Storage where you’ve saved your model and any artifacts needed for preprocessing or postprocessing. You can also use a local path for testing.
After testing the model locally to confirm that the predictions work as expected, the next steps are to push the image to Artifact Registry, import the model to the Vertex AI Model Registry, and optionally deploy it to an endpoint if you want online predictions.
When the model has been uploaded to Vertex AI and deployed, you’ll be able to see it in the model registry. And then you can make prediction requests like you would with any other model you have deployed on Vertex AI.
You now know the basics of how to use custom prediction routines to help add powerful customization to your serving workflows without having to worry about model servers or building Docker containers. To get hands on experience with an end to end example, check out this codelab. It’s time to start writing some custom prediction code of your own!
“Ninety percent of all data today was created in the last two years—that’s 2.5 quintillion bytes of data per day,” according to business data analytics company Domo. That would be a mind-bending statistic, except that it’s already five years old.
As data usage has undergone drastic expansion and changes in the past five years, so have your business needs for data. Technology such as cloud computing and AI have changed how we use data, derive value from data, and glean insights from data. Your organization is no longer just crunching and re-crunching the same data sets. Data moves, shifts, and replicates, as you mingle data sets and gain new value in the process, as we say in our Data Cloud story. All the while, your data resides in—and is being created in—new places.
Data lives in a myriad of locations now and requires access from different locations and mediums, yet many of today’s security models are not geared towards this. In short, your data has fallen out of love with your security model, but attackers have not. So, how do we realign data and security so they are once again in a healthy relationship?
Google Cloud, as a leader in cloud data management and cloud security, is positioned uniquely to define and lead this effort. We've identified some challenges around the classic approach to data security and the changes triggered by the near-ubiquity of the cloud. The case is compelling for adopting a modern approach to data security. We contend that the optimal way forward is with autonomic data security.
A relatively new concept, autonomic data security is security that’s been integrated with data throughout its lifecycle. It can make things easier on users by freeing them from defining and redefining myriad rules about who can do what, when, where. It’s an approach that keeps pace with constantly evolving cyberthreats and business changes.
Autonomic data security can help you keep your IT assets more secure and can make your business and IT processes speedier. For example, data sharing with partners and data access decisions simultaneously becomes faster and more secure. This may sound like magic, but in fact relies on a constant willingness to change and adapt to both business changes and threat evolution.
Taking the precepts, concepts, and forward-looking solutions presented in this paper into consideration, we strongly believe that now is the right time to assess where you and your business are when it comes to data security. Cloud also brings an incredible scale of computing. Where gigabytes once roamed, petabytes are now common. This means that many data security approaches, especially the manual ones, are no longer practical.
To prepare for the future of data security, we recommend you challenge your current model and assumptions and ask critical questions, evaluate where you are, and then start to put a plan in place of how you could start incorporating the autonomic data security pillars into your data security model.
There are two sets of questions organizations need to discover the answers to as they start this journey. The first set of questions will help you identify the nature and status of your data, and inform the answers to the second set.
What data do I have?
Who owns it?
Is it sensitive?
How is it used?
What is the value in storing the data?
The second set focuses on higher-level problems:
What is my current approach to data security?
Where does it fail to support the business and counter the threats?
Does it support my business?
Should I consider making a change? And if yes, in what direction?
The path to improved data security starts by asking the right questions. You can read the full Autonomic Data Security paper for a more in-depth exploration here and learn more about the idea in this podcast episode.
Are you looking to migrate a large amount of Hive ACID tables to BigQuery?
ACID enabled Hive tables support transactions that accept updates and delete DML operations. In this blog, we will explore migrating Hive ACID tables to BigQuery. The approach explored in this blog works for both compacted (major / minor) and non-compacted Hive tables. Let’s first understand the term ACID and how it works in Hive.
ACID stands for four traits of database transactions:
Atomicity (an operation either succeeds completely or fails, it does not leave partial data)
Consistency (once an application performs an operation the results of that operation are visible to it in every subsequent operation)
Isolation (an incomplete operation by one user does not cause unexpected side effects for other users)
Durability (once an operation is complete it will be preserved even in the face of machine or system failure)
Starting in Version 0.14, Hive supports all ACID properties which enables it to use transactions, create transactional tables, and run queries like Insert, Update, and Delete on tables.
Underlying the Hive ACID table, files are in the ORC ACID version. To support ACID features, Hive stores table data in a set of base files and all the insert, update, and delete operation data in delta files. At the read time, the reader merges both the base file and delta files to present the latest data. As operations modify the table, a lot of delta files are created and need to be compacted to maintain adequate performance. There are two types of compactions, minor and major.
Minor compaction takes a set of existing delta files and rewrites them to a single delta file per bucket.
Major compaction takes one or more delta files and the base file for the bucket and rewrites them into a new base file per bucket. Major compaction is more expensive but is more effective.
Organizations configure automatic compactions, but they also need to perform manual compactions when automated fails. If compaction is not performed for a long time after a failure, it results in a lot of small delta files. Running compaction on these large numbers of small delta files can become a very resource intensive operation and can run into failures as well.
Some of the issues with Hive ACID tables are:
NameNode capacity problems due to small delta files.
Table Locks during compaction.
Running major compactions on Hive ACID tables is a resource intensive operation.
Longer time taken for data replication to DR due to small files.
Some of the benefits of migrating Hive ACID tables to BigQuery are:
Once data is loaded into managed BigQuery tables, BigQuery manages and optimizes the data stored in the internal storage and handles compaction. So there will not be any small file issue like we have in Hive ACID tables.
The locking issue is resolved here as BigQuery storage read API is gRPC based and is highly parallelized.
As ORC files are completely self-describing, there is no dependency on Hive Metastore DDL. BigQuery has an in-built schema inference feature that can infer the schema from an ORC file and supports schema evolution without any need for tools like Apache Spark to perform schema inference.
Here is the sample Hive ACID table “employee_trans” Schema
This sample ACID table “employee_trans” has 3 records.
For every insert, update and delete operation, small delta files are created. This is the underlying directory structure of the Hive ACID enabled table.
These ORC files in an ACID table are extended with several columns:
Copy the files present under employee_trans hdfs directory and stage in GCS. You can use either HDFS2GCS solution or Distcp. HDFS2GCS solution uses open source technologies to transfer data and provide several benefits like status reporting, error handling, fault tolerance, incremental/delta loading, rate throttling, start/stop, checksum validation, byte2byte comparison etc. Here is the high level architecture of the HDFS2GCS solution. Please refer to the public github URL HDFS2GCS to learn more about this tool.
The source location may contain extra files that we don’t necessarily want to copy. Here, we can use filters based on regular expressions to do things such as copying files with the .ORC extension only.
Once the underlying Hive acid table files are copied to GCS, use the BQ load tool to load data in BigQuery base table. This base table will have all the change events.
Run “select *” on the base table to verify if all the changes are captured.
Note: Use of “select * …” is used for demonstration purposes and is not a stated best practice.
The following query will select only the latest version of all records from the base table, by discarding the intermediate delete and update operations.
You can either load the results of this query into a target table using scheduled query on-demand with the overwrite option or alternatively, you can also create this query as a view on the base table to get the latest records from the base table directly.
Once the data is loaded in target BigQuey table, you can perform validation using below steps:
a. Use the Data Validation Tool to validate the Hive ACID table and the target BigQuery table. DVT provides an automated and repeatable solution to perform schema and validation tasks. This tool supports the following validations:
Column validation (count, sum, avg, min, max, group by)
Row validation (BQ, Hive, and Teradata only)
Schema validation
Custom Query validation
Ad hoc SQL exploration
b. If you have analytical HiveQLs running on this ACID table, translate them using the BigQuery SQL translation service and point to the target BigQuery table.
Since ORC is self-contained, leverage BigQuery’s schema inference feature when loading.
There is no dependency to extract Hive DDLs from Metastore.
But if you have an organization-wide policy to pre-create datasets and tables before migration, this step will be useful and will be a good starting point.
a. Extract Hive ACID DDL dumps and translate them using BigQuery translation service to create equivalent BigQuery DDLs.
There is a Batch SQL translation service to bulk translate exported HQL (Hive Query Language) scripts from a source metadata bucket in Google Cloud Storage to BigQuery equivalent SQLs into a target GCS bucket.
You can also use BigQuery interactive SQL translator which is a live, real time SQL translation tool across multiple SQL dialects to translate a query like HQL dialect into a BigQuery Standard SQL query. This tool can reduce time and effort to migrate SQL workloads to BigQuery.
b. Create managed BigQuery tables using the translated DDLs.
Here is the screenshot of the translation service in the BigQuery console. Submit “Translate” to translate the HiveQLs and “Run” to execute the query. For creating tables from batch translated bulk sql queries, you can use Airflow BigQuery operator (BigQueryInsertJobOperator) to run multiple queries
After the DDLs are converted, copy the ORC files to GCS and perform ELT in BigQuery.
The pain points of Hive ACID tables are resolved when migrating to BigQuery. When you migrate the ACID tables to BigQuery, you can leverage BigQuery ML and GeoViz capabilities for real-time analytics. If you are interested in exploring more, please check out the additional resources section.
Are you worried about controlling your BigQuery costs across multiple projects? In this blog, you will learn about the different guardrails BigQuery provides to limit costs, and monitor BigQuery consumption. Also, learn how to design the warehouse that scales seamlessly while keeping costs under your control.
If you have multiple BigQuery projects and users, you can manage costs by requesting a custom quota that specifies a limit on the amount of query data processed per day. Creating a custom quota on query data lets you control costs at the project-level or at the user-level.
Project-level custom quotas limit the aggregate usage of all users in that project.
User-level custom quotas are separately applied to all users and service accounts within a project.
It is not possible to assign a custom quota to a specific user or service account.
Best practice:Create custom cost control based on the maximum amount of data processed in a day. Start small with a few GBs. It is easy to increase the limit as needed.
Steps to set up: Create custom cost controls | BigQuery | Google Cloud
Go to Quotas page on your Google cloud console Working with quotas | Documentation | Google Cloud
Select the BigQuery API
Change the Query usage per day per user and Query usage per day quota from Unlimited to limited GBs/TBs (see the screenshot below)
You can limit the number of bytes billed for a query using the maximum bytes billed setting. When you set maximum bytes billed, the number of bytes that the query will read is estimated before the query execution. If the number of estimated bytes is beyond the limit, then the query fails without incurring a charge.
If a query fails because of the maximum bytes billed setting, an error like the following is returned:
Error: Query exceeded limit for bytes billed: 1000000. 10485760 or higher required.
Best practice: Use the maximum bytes billed setting to limit query costs. Start small with a few GBs. It is easy to increase the limit as needed.
Steps to set up: Control costs in BigQuery Guide
Avoid surprises on your bill by creating Cloud Billing budgets to monitor all of your Google Cloud charges in one place. A budget enables you to track your actual Google Cloud spend against your planned spend. After you've set a budget amount, you set budget alert threshold rules that are used to trigger email notifications. Budget alert emails help you stay informed about how your spend is tracking against your budget. You can also use budgets to automate cost control responses.
More information - Create, edit, or delete budgets and budget alerts | Cloud Billing | Google Cloud
Best practice:Setting up a budget to track the spend is highly recommended. Set threshold rules to trigger email alert notifications. When your costs (actual costs or forecasted costs) exceed a percentage of your budget (based on the rules you set) you will get alert emails.
Steps to set up: To create a new budget:
Here are a few best practices -
Avoid Select *
NOTE :Applying a LIMIT clause to a query does not affect the amount of data that is read.
Don't run queries to explore or preview table data
Dry run and always estimate the costs before running the query
Only select the data needed
Best practice:Always make any new BigQuery user aware about these best practices. Following two documents are a MUST READ.
Control costs in BigQuery | Google Cloud
Optimize query computation | BigQuery | Google Cloud
A partitioned table is a special table that is divided into segments, called partitions, that make it easier to manage and query your data. By dividing a large table into smaller partitions, you can improve query performance, and you can control costs by reducing the number of bytes read by a query.
With partitioned tables, the customer is forced to specify WHERE clause and that will enforce the constraint of limiting full table scans.
If a query uses a qualifying filter on the value of the partitioning column, BigQuery can scan the partitions that match the filter and skip the remaining partitions. This process is called partition pruning.
Partition pruning is the mechanism BigQuery uses to eliminate unnecessary partitions from the input scan. The pruned partitions are not included when calculating the bytes scanned by the query. In general, partition pruning helps reduce query cost.
Best practice:Implement partitioning where possible. This only improves performance but also leads to efficient queries. Highly recommend reading the following 2 documents.
Query partitioned tables | BigQuery | Google Cloud
Control costs in BigQuery | Google Cloud
Steps to set up: Creating partitioned tables | BigQuery | Google Cloud
BigQuery offers two pricing models for analytics:
On-demand pricing: You pay for the data scanned by your queries. You have a fixed, per-project query processing capacity, and your cost is based on the number of bytes processed.
Flat-rate pricing: You purchase dedicated query processing capacity.
By default, you are billed according to the on-demand pricing model. Using BigQuery Reservations, you can switch to flat-rate pricing by purchasing commitments. Commitments are purchased in units of BigQuery slots. The cost of all bytes processed is included in the flat-rate price.
Flat-rate pricing offers predictable and consistent costs. You know up-front what you are spending.
More information - Introduction to Reservations | BigQuery | Google Cloud
Best practice:Use the BigQuery slot estimator to understand your on-demand slot consumption. Once your slot usage goes above 100, is relatively steady, start thinking about getting Flex slots/Monthly or Annual reservations.
Steps to set up:Get started with reservations | BigQuery | Google Cloud
BigQuery provides its native admin panel with overview metrics for monitoring. BigQuery is also well integrated with existing GCP services like Cloud Logging to provide detailed logs of individual events and Cloud Monitoring dashboards for analytics, reporting and alerting on BigQuery usage and events.
More information- BigQuery Admin Reference Guide
Best practice:
The key to successful monitoring is to enable proactive alerts. For example, setting up alerts when the reservation slot utilization rate crosses a predetermined threshold.
Also, it’s important to enable the individual users and teams in the organization to monitor their workloads using a self-service analytics framework or dashboard. This allows the users to monitor trends for forecasting resource needs and troubleshoot overall performance.
Understand and leverage INFORMATION_SCHEMA for real-time reports and alerts. Review more examples on job stats and technical deep-dive INFORMATION_SCHEMA explained with this blog.
Steps to set up:
To get started quickly with monitoring on BigQuery, you can leverage publicly available data studio dashboard and related github resources.
Looker also provides BigQuery Performance Monitoring Block for monitoring BigQuery usage.
Blog on how to implement a fully serverless solution for near–real-time cost monitoring using readily available log data - Taking a practical approach to BigQuery cost monitoring | Google Cloud Blog
Here is a list of training sessions that will be useful for new BigQuery users.
Courses:
BigQuery 101 - Exploring and Preparing your Data with BigQuery | Coursera
Getting from data to insights - From Data to Insights with Google Cloud Specialization
Hands on labs:
BigQuery 101 - Insights from Data with BigQuery | Google Cloud Skills Boost
Build and Optimize Data Warehouses with BigQuery - Build and Optimize Data Warehouses with BigQuery | Google Cloud Skills Boost
BigQuery for Machine Learning - BigQuery for Machine Learning | Google Cloud Skills Boost
Data engineering and smart analytics learning path:
Hi there! I'm David Challoner from Access Site Reliability Engineering (SRE), here with Anthony Bushong from Developer Relations to talk about how Corp Eng is adopting Anthos Service Mesh internally at Google.
Corp Eng is Google's take on "Enterprise IT". A big part of the Corp Eng mission is running the first and third party software that powers internal business processes - from legal and finance to floor planning and even the app hosting our cafe menus - all with the same security or production standards as any of Google's first party applications.
Googlers need to access these applications, which sometimes then need to access other applications or other Google Cloud services. This traffic can cross different trust boundaries which can trigger different policies.
Access SRE runs the systems that mediate this access, and we implemented Anthos Service Mesh as part of our solution to secure the way Googlers access these applications.
You can probably tell, but the applications Corp Eng is responsible for have disparate requirements. This often means that certain applications are tied to disparate infrastructure due to legal, business or technical reasons - which can be challenging when those infrastructures work and operate differently.
Enter Anthos. Google Cloud built Anthos to provide a consistent platform interface unifying the experience of working with apps on these varying underlying infrastructures, with the Kubernetes API at its foundation.
So when searching for the right tool to build a common authorization framework to mediate access to CorpEng services, we turned to Anthos - specifically Anthos Service Mesh, powered by the open-source project, Istio. Whether these services were deployed in Google Cloud, in Corp Eng data centers, or at the edge onsite at actual Google campuses, Anthos Service Mesh delivered a consistent means for us to program secure connectivity.
To frame the impact ASM had on our organization, it's helpful to introduce the roles of the folks who manage and use it:
Figure 1 - Anthos Service Mesh empowers multiple people across different roles to connect services securely
For security stakeholders, ASM provides an extensible policy enforcement point running next to each application capable of provisioning a certificate based on the identity of the workload and enforcing mandatory fine-grained application-aware access controls.
For platform operators, ASM is delivered as a managed product, which reduces operational overhead by providing out-of-the-box release channels, maintenance windows, and a published Service Level Objective(SLO).
For service owners, ASM enables the decoupling of their applications from networking concerns, while also providing features like rate limiting, load shedding, request tracing, monitoring, and more. Features like these were typically only available for applications that ran on Borg, Google's first-party cluster manager that ultimately inspired the creation of Kubernetes.
In sum, we were able to secure access to a plethora of different services with minimal operational overhead, all while providing service owners granular traffic control.
Let's see what this looks like in practice!
Figure 2 - High-level architecture for Corp Eng services and Anthos
In this flow, user access first reaches the Google Cloud Global Load Balancer [1], configured with Identity Aware Proxy (IAP) and Cloud Armor. IAP is the publicly available implementation of Google's internal philosophy of BeyondCorp, providing an authentication layer that works from untrusted networks without the need for a VPN.
Once a user is authenticated, their request then flows to the Ingress Gateway provided by Anthos Service Mesh [2]. This provides additional checks that traffic flows to services only when the request has come through IAP, while also enforcing mutual TLS (mTLS) between the Anthos Service Mesh Gateway to the Corp services owned by various teams.
Finally, additional policies are enforced by the sidecar running in every single service Pod [3]. Policies are pulled from source control using Anthos Config Management[4], and are propagated to all sidecars by the managed control plane provided by Anthos Service Mesh[5].
If you're not familiar with how Istio works, it follows the pattern of a control plane and a data plane. We talked a little bit about the data plane - it is made up of the sidecar containers running alongside all of our service Pods. The control plane, however, is what's responsible for updating these sidecars with the policies we want to enforce:
Figure 3 - High-level architecture for Istio
Thus, it is critical for us to ensure that the control plane is healthy. This is where Anthos Service Mesh gives our platform owners a huge advantage with its support for a fully-managed control plane. To provision cloud resources, like many other companies, our organization uses Terraform, the popular open-source infrastructure as code project. This gave us a declarative and familiar means for provisioning the Anthos Service Mesh control plane.
First, you enable the managed control plane feature for GKE by creating the google_gke_hub_feature resource below using Terraform.
Keep in mind that at publication time, this is only available via the google-beta provider in Terraform.
Once created, we then provision a ControlPlaneRevision custom resource in a GKE cluster to spin up a managed control plane for ASM in that cluster:
Using this custom resource, we are able to set the release channel for the ASM managed control plane. This allows for our platform team to define the pace of upgrades in accordance with our team's needs.
In addition to managing the control plane, ASM also provides management functionality around the data plane to ensure each sidecar Envoy is kept up to date with the latest security updates and is compatible with the control plane - one less thing for service operators to worry about. It does this using Kubernetes Mutating Admission Webhooks and Namespace labels to modify our Pod workload definitions to inject the appropriate sidecar proxy version.
With the core Anthos Service Mesh components in place, our security practitioners can define consistent, mandatory security policies for every single GKE cluster, using Istio APIs.
For example, one policy is enforcing strict mTLS between Pods using automatically provisioned workload identity certificates. Earlier, we talked about how this is enforced between the Istio Gateway; that same policy enforces mTLS between all Pods in our cluster.
Another policy we implement is denying all egress traffic by default, requiring service teams to explicitly declare their outbound dependencies. The following is an example of using an Istio Service Entry to allow granular access to a specific external service - in this case, Google. This helps prevent unintended access to external services.
These policies are automatically synced to all service mesh namespaces in each cluster using Anthos Config Management. By using our internal source control system as a source of truth, Anthos Config Management can sync and reconcile policies across all of our GKE clusters, ensuring that these policies are in place for every single one of our services. You can find more details about our implementation of Anthos Config Management here.
With this in place, our team plans on eventually migrating away from security automation that operates solely based on explicit IP, port and protocol policies.
The publicly available version of the BeyondCorp proxy used by CorpEng is called Identity-aware Proxy (IAP), which offers an integration with Anthos Service Mesh. IAP allows you to authenticate users trying to access your services and apply Context-Aware-Access policies. This integration comes with two main benefits:
Ensuring that user traffic to services in the service mesh only come through Identity-aware Proxy
Enforcing Context-aware access (CAA) trust levels for devices, defined by multiple device signals we collect
Identity-aware Proxy allows us to capture this information in a Request Context Token (RCToken), which is a JSON Web Token (JWT) created by Identity-aware Proxy that can be verified by ASM. IAP inserts this JWT into the Ingress-Authorization header. Using Istio Authorization Policies similar to the following policy, any requests without this JWT are denied:
Here is an example policy that requires a fullyTrustedDevice access level - this might be a device in your organization that is known to be corporate-owned, fully-updated, and running an IT-approved configuration :
This allows our security team to not only secure service to service communications, or outbound calls from services, but also specifically require incoming requests come from trusted devices and authenticated users using a trusted device.
As an SRE, one of our priorities is ensuring Service-level indicators (SLIs), SLOs, and Service-level agreements (SLAs) exist for services. Anthos Service Mesh helps us empower service owners to do this for their services, as it exposes horizontal request metrics like latency and availability to all services in the mesh.
Before Anthos Service Mesh, each application had to export these separately (if at all). With ASM service owners can easily define their Service's SLOs in the cloud console or via terraform using these horizontally exported metrics. This then allows us to integrate SLOs into our higher-level service definitions so we can enable SLO monitoring and alerting by default. You can see theSRE book for more details on SLOs and Error budgets.
ASM is a powerful tool that enterprises can use to modernize their IT infrastructure. It provides:
A shared environment-agnostic enforcement point to manage security policy
A unified way to provision identities, describe application dependencies
This also enables previously unheard of operational capabilities such as distributed tracing or incremental canary rollouts - which were difficult to find in the typical enterprise application landscape.
Because it can be incrementally adopted and composed with existing authorization systems to close gaps - barriers to adoption are low and we recommend you start evaluating it today!
Organizations across the globe are using the cloud to drive innovation. Developers are using cloud technology as the engine to test new ideas, fail fast, and automate scalability. Innovation on the cloud requires freedom and flexibility to run experiments and make mistakes. For many organizations with security top of mind, their concern is “How do I balance security and innovation?”
As a member of the Security Practice in Google Cloud’s Professional Services Organization, we regularly help customers to solve this question and many more cloud security challenges. Our global team works across industries to bring our Google Cloud security expertise directly to customers. We specialize in cloud security domains such as cloud native compliance, zero trust architecture, application security, data protection, and security operations.
In this post, we will provide a couple examples of how we advise our customers to configure preventive security controls using Google Cloud’s native capabilities and industry best practices. Preventive security controls, also known as security “guardrails”, are controls that allow developers the flexibility to innovate within the boundaries of defined security policies. Preventing a misconfiguration or vulnerability before it becomes exploitable.
It can be difficult to solve organizational security challenges solely with technology. Mature cloud security programs are a blend of repeatable, operational processes and automated controls. To help ensure developers are innovating on a secure baseline, we recommend customers design a centralized process for developers to request new GCP projects and register workloads. This allows the security team the ability to properly configure GCP projects with defined security parameters. To help enable repeatability and consistency of the process, we automate using Google Cloud Project Factory to centrally deploy opinionated projects to developers.
The goal of guardrails is to prevent security violations before they can impact the production platform. Stopping a security issue before it occurs can be an effective risk mitigation tactic. Traditionally organizations used cumbersome change management processes to manually control deployment and evaluate security posture. On Google Cloud, we work with customers to design Infrastructure as Code (IaC) pipelines to define security policy checks and automatically validate posture before the deployment. A typical design pattern uses “policy-as-code” tools, such as Terraform Validator, to enforce security guardrails for developers as part of the CI/CD pipeline. This design allows customers to configure security constraints, based on their specific requirements or risk tolerance.
Google Cloud works to deliver the industry’smost trusted cloud offering native platform and product capabilities that enable organization-wide preventive security control. We collaborate with security teams to design foundational architecture and recommend security services to meet their requirements. To highlight, the following Google Cloud services are commonly used to implement security guardrails for developers:
Organization Policy - Provides centralized and programmatic control over how the organization's resources are deployed. Security teams can select from a list of available constraintsto restrict how a resource is configured, preventing a potential misconfiguration from occurring. For example the organization policy constraint, constraints/storage.publicAccessPrevention, will prevent a developer from publicly exposing a cloud storage bucket.
VPC Service Controls - Prevents unauthorized data movement by isolating GCP resources and restricting data flows with fine grained rules. VPC Service Controls enable context-based perimeter security to secure API-based services. Developers working on a protected service within a VPC Service Control perimeter will be restricted to the rules defined by the administrator, helping to mitigate the risk of data exfiltration. For example, customers will configure VPC Service Controls to limit BigQuery access to a developer's specified location or device.
Cloud IAM- Enables granular access to ensure Developers only have access to specific Google Cloud resources. Security teams are able to apply the principle of least privilege, preventing overly permissive roles to reduce the overall attack surface of the platform.
These native GCP services are supported by Infrastructure as Code pipelines. To help ensure consistent protection for developers, preventive security services should be configured and deployed with the previously discussed managed IaC pipeline. Building a repeatable automated pattern for IaC deployment will simplify the process for developers and protect the environment with the defined security guardrails.
For more information on building a secure Google Cloud deployment, check out the Security Foundations Blueprint.
When you build a Machine Learning (ML) product, consider at least two MLOps scenarios. First, the model is replaceable, as breakthrough algorithms are introduced in academia or industry. Second, the model itself has to evolve with the data in the changing world.
We can handle both scenarios with the services provided by Vertex AI. For example:
AutoML capability automatically identifies the best model based on your budget, data, and settings.
You can easily manage the dataset with Vertex Managed Datasets by creating a new dataset or adding data to an existing dataset.
You can build an ML pipeline to automate a series of steps that start with importing a dataset and end with deploying a model using Vertex Pipelines.
This blog post shows you how to build this system. You can find the full notebook for reproduction here. Many folks focus on the ML pipeline when it comes to MLOps, but there are more parts to building MLOps as a “system”. In this post, you will see how Google Cloud Storage (GCS) and Google Cloud Functions manage data and handle events in the MLOps system.
Figure 1 shows the overall architecture presented in this blog. We cover the components and their connection in the context of two common workflows of the MLOps system.
Vertex AI is at the heart of this system, and it leverages Vertex Managed Datasets, AutoML, Predictions, and Pipelines. We can create and manage a dataset as it grows using Vertex Managed Datasets. Vertex AutoML selects the best model without your knowing much about modeling. Vertex Predictions creates an endpoint (RestAPI) to which the client communicates.
It is a simple, fully managed yet somewhat complete end-to-end MLOps workflow moves from a dataset to training a model that gets deployed. This workflow can be programmatically written in Vertex Pipelines. Vertex Pipelines outputs the specification for an ML pipeline allowing you to re-run the pipeline whenever or wherever you want. Specify when and how to trigger the pipeline using Cloud Functions and Cloud Storage.
Cloud Functions is a serverless way to deploy your code in Google Cloud. In this particular project, it triggers the pipeline by listening to changes on the specified Cloud Storage location. Specifically, if a new dataset is added, for example, a new span number is created; the pipeline is triggered to train the dataset, and a new model is deployed.
This MLOps system prepares the dataset with either Vertex Dataset’s built-in user interface (UI) or any external tools based on your preference. You can upload the prepared dataset into the designated GCS bucket with a new folder named SPAN-NUMBER. Cloud Functions then detects the changes in the GCS bucket and triggers the Vertex Pipeline to run the jobs from AutoML training to endpoint deployment.
Inside the Vertex Pipeline, it checks if there is an existing dataset created previously. If the dataset is new, Vertex Pipeline creates a new Vertex Dataset by importing the dataset from the GCS location and emits the corresponding Artifact. Otherwise, it adds the additional dataset to the existing Vertex Dataset and emits an artifact.
When the Vertex Pipeline recognizes the dataset as a new one, it trains a new AutoML model and deploys it by creating a new endpoint. If the dataset isn't new, it tries to retrieve the model ID from Vertex Model and determines whether a new AutoML model or an updated AutoML model is needed. The second branch determines whether the AutoML model has been created. If it hasn't been created, the second branch creates a new model. Also, when the model is trained, the corresponding component emits the artifact as well.
In this project, I have created two subsets of the CIFAR-10 dataset, SPAN-1 and SPAN-2. A more general version of this project can be found here, which shows how to build training and batch evaluation pipelines pipelines. The pipelines can be set up to cooperate so they can evaluate the currently deployed model and trigger the retraining process.
We chose to use Kubeflow Pipelines to orchestrate the pipeline. There are a few things that I would like to highlight. First, it’s good to know how to make branches with conditional statements in KFP. Second, you need to explore AutoML API specifications to fully leverage AutoML capabilities, such as training a model based on the previously trained one. Last, you also need to find a way to emit artifacts for Vertex Dataset and Vertex Model to consume that Vertex AI can recognize them. Let’s go through these one by one.
In this project, there are two main conditions and two sub-branches inside the second main branch. The main branches split the pipeline based on a condition if there is an existing Vertex Dataset. The sub-branches are applied in the second main branch, which is selected when there is an exciting Vertex Dataset. It looks up the list of models and decides to train an AutoML model from scratch or a previously trained one.
ML pipelines written in KFP can have conditions with a special syntax of kfp.dsl.Condition. For instance, we can define the branches as follows:
get_dataset_id and get_model_id are custom KFP components used to determine if there is an existing Vertex Dataset and Vertex Model respectively. Both return "None" if a model is found and some other value if a model isn't found. They also emit Vertex AI-aware artifacts. You will see what this means in the next section.
Artifacts track the path of each experiment in the ML pipeline and display metadata in the Vertex Pipeline UI. When Vertex AI aware artifacts are released into in the pipeline, Vertex Pipeline UI displays links for its internal services such as Vertex Dataset, so that users can visit a web page for more information.
So how could you write a custom component to generate Vertex AI-aware artifacts? To do this, custom components should have Output[Artifact] in their parameters. Then you need to replace the resourceName of the metadata attribute with a special string format.The following code example is the actual definition of get_dataset_id used in the previous code snippet:
As you see, the dataset is defined in the parameters as Output[Artifact]. Even though it appears in the parameter, it is actually emitted automatically. You just need to provide the necessary data as if it is a function variable.
The dataset component retrieves the list of Vertex Dataset by calling the aiplotform.ImageDataset.list API. If the length of it is zero, it simply returns 'None'. Otherwise, it returns the found resource name of the Vertex Dataset and provides the dataset.metadata['resourceName'] with the resource name at the same time. The Vertex AI-aware resource name follows a special string format, which is 'projects/<project-id>/locations/<location>/<vertex-resource-type>/<resource-name>'.
The <vertex-resource-type>can be anything that points to an internal Vertex AI service. For instance, if you want to specify that the artifact is the Vertex Model, then you should replace <vertex-resource-type> with models. The <resource-name> is the unique ID of the resource, and it can be accessed in the name attribute of the resource found by the aiplatform API. The other custom component, get_model_id, is written in a very similar way as well.
You sometimes want to train a new model on top of the previously best model. If that is possible, the new model will probably be much better than the one trained from scratch, because it leverages previously learned knowledge.
Luckily, Vertex AutoML comes with the ability to train a model using a previous model. AutoMLImageTrainingJobRunOp component lets you train a model by simply providing the base_model argument as follows:When training a new AutoML model from scratch, you pass 'None' in the base_model argument, and it is the default value. However, you can set it with a VertexModel artifact, and the component will trigger an AutoML training job based on the other model.
One thing to be careful of is that VertexModel artifacts can't be constructed in a typical way of Python programming That means you can't create an instance of VertexModel artifact by setting the id found in the Vertex Model dashboard. The only way you can create one is to set the metadata['resourceName'] parameters properly. The same rule applies to other Vertex AI-related artifacts such as VertexDataset. You can see how the VertexDataset artifact is constructed properly to get an existing Vertex Datasetto import additional data into it. See the full notebook of this project here.You can reproduce the same result from this project with the free $300 credit when you create a new GCP account.
At the time of this blog post, Vertex Pipelines costs about $0.03/run, and the type of underlying VM for each pipeline component is e2-standard-4, which costs about $0.134/hour. Vertex AutoML training costs about $3.465/hour for image classification. GCS holds the actual data, which costs about $2.40/month for 100GiB capacity, and Vertex Dataset is free.
To simulate two different branches, the entire experiment took about one to two hours, and the total cost for this project is approximately $16.59. Please find more detailed pricing information about Vertex AI here.
Many people underestimate the capability of AutoML, but it is a great alternative for app and service developers who have little ML background. Vertex AI is a great platform that provides AutoML as well as Pipeline features to automate the ML workflow. In this article, I have demonstrated how to set up and run a basic MLOps workflow, from data injection to training a model based on the previously-achieved best one, to deploying the model to a Vertex AI platform. With this, we can let our ML model automatically adapt to the changes in a new dataset. What’s left for you to implement is to integrate a model monitoring system to detect data/model drift. One example is found here.
Does your development team want to snooze alerts during non-business hours? Or proactively prevent the creation of expected alerts for an upcoming expected maintenance window? Cloud Alerting in Google's Cloud operations suite now supports the ability to snooze alert policies for a given period of time. You can create a Snooze by providing specific alert policies and a time period. During this window, if the alert policy is violated, no incidents or notifications are created. When the window ends, the alerting behavior resumes as normal.
Your team can use this feature in a variety of ways. One example is to avoid being paged for non-production environments over the weekend. Another way is to plan for a known maintenance window or cutover period. You can also quiet the noise during a growing outage, among other approaches.
To create a Snooze, go to Monitoring > Alerting. See the new table with Snoozes and click on Create Snooze. You provide the name of the Snooze, time period, and select the desired Alert Policies. After you select the criteria, a table lists recent Incidents that match this criteria. Events like those won't cause an alert when the snooze is active.
You will see a timeline visualization of all past, active, and upcoming Snoozes. If you’d like to adjust the duration, you can go back and edit the details. For more information, please see the documentation.
In the future, we’ll expand this functionality to allow snoozing by labels. You’ll be able to temporarily silence by the resource, system, metric, and custom labels which will allow you to snooze all alert policies in a specific environment, zone, or team. This functionality will be extended to be supported in the API, allowing you to create Snoozes programmatically for regularly repeating events.
Our goal in Cloud Logging is to help increase developer productivity by streamlining the troubleshooting process. The time spent on writing and executing a query, and then analyzing the errors can impact developer productivity. Whether you’re troubleshooting an issue or analyzing your logs, finding the right logs quickly, is critical.
That’s why we recently launched a Query Library and other new features to make querying your logs even easier. The Query Library in Cloud Logging makes it easier to find logs faster by using common queries.
The new text search and drop-down features are designed to make querying something that you can achieve with a few mouse clicks. These features automatically generate the Logging query language necessary for you. The Query Library extends this simplicity with templates for common GCP queries.
The Query Library is located in the query builder bar next to the Suggested queries. To help find the most relevant queries you’ll notice the following details:
Query categories – Each query is broken down into categories that can be used to easily narrow down to relevant queries.
Query occurrences – To help you pick queries that have the most useful results, sparklines are displayed for queries that have logs in your project.
Query details – Each query has a description along with the Logging query
Run/Stream – Run the query or start streaming logs right from the library
Save – Save the query in your list of saved queries
We’re committed to making Logs Explorer the best place to troubleshoot your applications running on Google Cloud. Over the coming months, we have many more changes planned to make Logs Explorer both easier and more powerful for all users. If you haven’t already, get started with the Logs Explorer and join the discussion in our Cloud Operations page on the Google Cloud Community site.
Clinical Decision Support System (CDSS) is an important technology for the healthcare industry that analyzes data to help healthcare professionals make decisions related to patient care. The market size for the global clinical decision support system appears poised for expansion, with one study predicting a compound annual growth rate (CAGR) of 10.4%, from 2022 to 2030, to $10.7 billion.
For any health organization that wants to build a CDSS system, one key block is to locate and extract the medical entities that are present in the clinical notes, medical journals, discharge summaries, etc. Along with entity extraction, the other key components of the CDSS system are capturing the temporal relationships, subjects, and certainty assessments.
At Google Cloud, we know how critical it is for the healthcare industry to build CDSS systems, so we worked with Apollo 24|7, the largest multi-channel digital healthcare platform in India, to build the key blocks of their CDSS solution.
We helped them to parse the discharge summaries and prescriptions to extract the medical entities. These entities can then be used to build a recommendation engine that would help doctors with the “Next Best Action” recommendation for medicines, lab tests, etc.
Let’s take a sneak peek at Apollo 24|7’s entity extraction solutions, and the various Google AI technologies that were tested to form the technology stack.
To perform our experiments on entity extraction, we used two types of datasets.
i2b2 Dataset - i2b2 is an open-source clinical data warehousing and analytics research platform that provides annotated deidentified patient discharge summaries made available to the community for research purposes. This dataset was primarily used for training and validation of the models.
Apollo 24|7’s Dataset - De-identified doctor’s notes from Apollo24|7 were used for testing. Doctors annotated them to label the entities and offset values.
For entity extraction, both Google Cloud products and open-source approaches were explored. Below are the details:
1. Healthcare Natural Language API: This is a no-code approach that provides machine learning solutions for deriving insights from medical text. Using this, we parsed unstructured medical text and then generated a structured data representation of the medical knowledge entities stored in the data for downstream analysis and automation. The process includes:
Extract information about medical concepts like diseases, medications, medical devices, procedures, and their clinically relevant attributes;
Map medical concepts to standard medical vocabularies such as RxNorm, ICD-10, MeSH, and SNOMED CT (US users only);
Derive medical insights from text and integrate them with data analytics products in Google Cloud.
The advantage of using this approach is that it not only extracts a wide range of entity types like MED_DOSE, MED_DURATION, LAB_UNIT, LAB_VALUE, etc, but also captures functional features such as temporal relationships, subjects, and certainty assessments, along with the confidence scores. Since it is available on Google Cloud, this offers long-term product support. It is also the only fully-managed NLP service among all the approaches tested and hence, it requires the least effort to implement and manage.
But one thing to keep in mind is that since the Healthcare NL API offers natural language models that are pre-trained, it currently cannot be used for custom entity extraction models trained using custom annotated medical text or to extract custom entities. This has to be done via AutoML Entity Extraction for Healthcare, another Google Cloud service for custom model development. Custom model development is important for adapting the pre-trained models to new languages or region-specific natural language processing, such as medical terms whose use may be more prevalent in India than in other regions
2. Vertex AutoML Entity Extraction for Healthcare: This is a low-code approach that’s already available on Google Cloud. We used AutoML Entity Extraction to build and deploy custom machine learning models that analyzed documents, categorized them, and identified entities within them. This custom machine learning model was trained on the annotated dataset provided by the Apollo 24|7 team.
The advantage of AutoML Entity Extraction is that it gives the option to train on a new dataset. However, one of the prerequisites to keep in mind is that it needs a little pre-processing to capture the input data in the required JSONL format. Since this is an AutoML model just for Entity Extraction, it does not extract relationships, certainty assessments, etc.
3. BERT-based Models on Vertex AI: Vertex AI is Google Cloud’s fully managed unified AI platform to build, deploy, and scale ML models faster, with pre-trained and custom tooling. We experimented with multiple custom approaches based on pre-trained BERT-based models, which have shown state-of-the-art performance in many natural language tasks. To gain better contextual understanding of medical terms and procedures, these BERT-based approaches are explicitly trained on medical domain data. Our experiments were based on BioClinical BERT, BioLink BERT, Blue BERT trained on Pubmed dataset, and Blue BERT trained on Pubmed + MIMIC datasets.
The major advantage of these BERT-based models is that they can be finetuned on any Entity Recognition task with minimal efforts.
However, since this is a custom approach, it requires some technical expertise. Additionally, it does not extract relationships, certainty assessments, etc. This is one of the main limitations of using BERT-based models.
4. ScispaCy on Vertex AI: We used Vertex AI to perform experiments based on ScispaCy, which is a Python package containing spaCy models for processing biomedical, scientific or clinical text.
Along with Entity Extraction, Scispacy on Vertex AI provides additional components like Abbreviation Detector, Entity Linking, etc. However, when compared to other models, it was less precise, with too many junk phrases, like “Admission Date,” captured as entities.
“Exploring multiple approaches and understanding the pros/cons of each approach helped us to decide the one that would fit our business requirements." according to Abdussamad M, Engineering Lead at Apollo 24|7.
In order to match the parsed entity with the test data labels, we used extensive matching logic that comprised of the below four methods:
Exact Match - Exact match captures entities where the model output and the entities in the test dataset match. Here, the offset values of the entities have also been considered. For example, the entity “gastrointestinal infection” that is present as-is in both the model output and the test label will be considered an “Exact Match.”
Match-Score Logic - We used a scoring logic for matching the entities. For each word in the test data labels, every word in the model output is matched along with the offset. A score is calculated between the entities and based on the threshold, it is considered as a match.
Partial Match - In this matching logic, entities like “hypertension” and “hypertensive” are matched based on the Fuzzy logic.
UMLS Abbreviation Lookup - We also observed that the medical text had some abbreviations, like AP meaning abdominal pain. These were first expanded by doing a lookup on the respective UMLS (Unified Medical Language System) tables and then passed to the individual entity extraction models.
We used precision and recall metrics to compare the outcomes of different models/experiments.
Precision (also called positive predictive value) is the fraction of relevant instances among the retrieved instances, while recall (also known as sensitivity) is the fraction of relevant instances that were retrieved.
The below example shows how to calculate these metrics for a given sample.
Example sample: “Krish has fever, headache and feels uncomfortable”
Expected Entities: [“fever”, “headache”]
Model Output: [“fever”, “feels”, “uncomfortable”]
Thus,
The following table captures the results of the above experiments on Apollo24|7’s internal datasets.
Finally, the Blue BERT model trained on the Pubmed dataset had the best performance metrics with a 81% improvement on Apollo 24|7’s baseline mode with the Healthcare Natural Language API providing the context, relationships, and codes. This performance could be further improved by implementing an ensemble of these two models.
“With the Blue BERT model giving the best performance for entity extraction on Vertex AI and the Healthcare NL API being able to extract the relationships, certainty assessments etc, we finally decided to go with an ensemble of these 2 approaches,“ Abdussamad added.
Google AIS (Professional Services Organization) helped Apollo24|7 to build the key blocks of the CDSS system.
The partnership between Google Cloud and Apollo 24|7 is just one of the latest examples of how we’re providing AI-powered solutions to solve complex problems to help organizations drive the desired outcomes. To learn more about Google Cloud’s AI services, visit our AI & ML Products page, and to learn more about Google Cloud solutions for health care, explore our Google Cloud Healthcare Data Engine page.
Acknowledgements
We’d like to give special thanks to Nitin Aggarwal, Gopala Dhar and Kartik Chaudhary for their support and guidance throughout the project. We are also thankful to Manisha Yadav, Santosh Gadgei and Vasantha Kumar for implementing the GCP infrastructure. We are grateful to the Apollo team (Chaitanya Bharadwaj, Abdussamad GM, Lavish M, Dinesh Singamsetty, Anmol Singh and Prithwiraj) and our partner team from HCL/Wipro (Durga Tulluru and Praful Turanur) who partnered with us in delivering this successful project. Special thanks to the Cloud Healthcare NLP API team (Donny Cheung, Amirhossein Simjour, and Kalyan Pamarthy).
Google’s Official Digital Marketing Publication. See how Google is improving ad measurement with consented data and innovations in conversion modeling.
Google’s Official Digital Marketing Publication. Explore the latest search trends in affordable travel, real estate, & recreational events.
Google’s Official Digital Marketing Publication. Explore finance and well-being-related search trends across Europe, the Middle East, and Africa.
Google’s Official Digital Marketing Publication. Discover how brands are still meeting customer needs despite changing shopping habits over the years.
Google’s Official Digital Marketing Publication. Discover core principles that help businesses build successful analytics strategies and teams.
Google’s Digital Marketing Publication. Uncover how next-generation leaders utilize cross-functional collaboration mindsets to drive digital success.
Google’s Official Digital Marketing Publication. Discover more about Selma Blair’s fight to improve disability representation and inclusion in media.
Google’s Official Digital Marketing Publication. Discover the latest socializing & travel search trends in Europe, the Middle East, and Africa.
Google’s Official Digital Marketing Publication. Explore how Fitbit’s marketing strategy is shaping the future of wearable tech in health care.
Google’s Official Digital Marketing Publication. Discover how industry leaders are improving the customer journey to drive omnichannel sales.
Google’s Official Digital Marketing Publication. Explore these higher education studies to see how businesses can benefit from employee education.
Google’s Official Digital Marketing Publication. Explore the latest insights and search trends on conscious consumers & cautious spending.
Google’s Official Digital Marketing Publication. Discover how to build for an accessible user experience and disability inclusiveness in marketing.
Google’s Official Digital Marketing Publication. Harassment is growing online. Discover Harassment Manager, a tool that documents and manages abuse.
Google’s Official Digital Marketing Publication. Discover how our marketers adapt to a shifting privacy environment with a strong data foundation.
Google’s Official Digital Marketing Publication. Explore the role of a relationship between CMO and CFO and what it means for digital transformation.
Google’s Official Digital Marketing Publication. Explore principles from All In, an inclusive marketing toolkit with a playbook on accessible creative.
Google’s Official Digital Marketing Publication. Ben Jones shares recommendations for today’s content landscape and why online video marketing matters.
Google’s Official Digital Marketing Publication. Explore these case studies to see how three brands used Ads Creative Studio for custom creative.
Google’s Official Digital Marketing Publication. Explore top video strategy tips from agency executives to stay ahead of digital media trends.
Google’s Official Digital Marketing Publication. Explore the latest insights on searches related to preparing for financial uncertainty.
Google’s Official Digital Marketing Publication. Explore this case study to see how Booking.com’s Travel Proud program works for LGBTQ+ travelers.
Google’s Official Digital Marketing Publication. Watch as our data researchers answer questions on Google Search trends from YouTube viewers.
Google’s Official Digital Marketing Publication. Explore these full-funnel marketing examples to see why a holistic approach to video ads is a must.
Google’s Official Digital Marketing Publication. Discover the four top levers our team has identified for video advertising ROI on YouTube.
Google’s Official Digital Marketing Publication. Discover what’s next for branded virtual experiences and how in-game advertising is developing.
Google’s Official Digital Marketing Publication. Explore how agency leaders have helped clients on the journey to great automation of their campaigns.
Google’s Official Digital Marketing Publication. Discover how to drive your company’s digital transformation by rethinking organizational structure.
Google’s Official Digital Marketing Publication. Explore this case study on Kimberly-Clark’s collaboration with creators through YouTube BrandConnect.
Google’s Official Digital Marketing Publication. Explore digital leadership traits & how future-ready, digitally mature businesses build for tomorrow.
In a sign of the times and following other tech companies, CEO Sundar Pichai told employees today that Google is “slowing the pace of hiring for the rest of the year.”
The post Google slows hiring as Pichai calls for consolidating investments, more productivity [U: Pause extended] appeared first on 9to5Google.
For the past year, Google has been increasingly calling out Apple for not adopting RCS (Rich Communication Services) on the iPhone. Meant to replace SMS/MMS, it has a number of technical advancements that would improve the messaging experience between Android and iOS users. Google is now launching a “Get The Message” pressure campaign in hopes that Apple will change its mind on RCS.
The post Google starts ‘Get The Message’ campaign to pressure Apple into RCS on the iPhone appeared first on 9to5Google.
The saga continues this week, as Google has just filed a new lawsuit against Sonos just months after an unfortunate ruling that saw Sonos win and force Google to disable or break features for many of its products.
The post Google strikes back at Sonos in new lawsuit related to hotword detection appeared first on 9to5Google.
Alphabet today announced Q2 2022 earnings with $69.7 billion in revenue. These numbers range from April to June with the fiscal year is well underway.
The post Alphabet reports Q2 2022 revenue of $69.7 billion appeared first on 9to5Google.
Last Friday, several Google products saw outages, but the company’s ad products were among the most hard hit with reporting delays for several hours. Now, Google has confirmed another reporting outage for AdSense, Google Ads, and some other products.
The post Google confirms reporting outages with AdSense, Analytics, and more for the second time in a week appeared first on 9to5Google.
Small businesses, especially ones that only operate in a local area, can live or die based on their reputation. Lately, that very reputation has been the target of scammers, as one-star reviews left on Google products demand payment in gift cards to take down the reviews. If you own an affected business, Google is on the case.
The post Google working to delete one-star reviews from scams that are plaguing local businesses appeared first on 9to5Google.
The Google-Samsung relationship has improved a great deal in recent years with the latter often appearing at the former’s keynotes, while there have been joint ad campaigns. The latest highlights a slew of Google services running on Samsung hardware.
The post Google-Samsung ad spotlights Hum to Search and Galaxy Watch 4 Assistant [Update: More] appeared first on 9to5Google.
Earlier this year Google signed a temporary deal with Match Group, the company that owns the popular dating app Tinder, which would allow the group’s apps to use third-party billing during a lawsuit. Now, Google has issued a counterclaim against Match, saying that the group wants to use the Play Store and its services “all for free.”
The post Google says Tinder-owner Match wants to use Play Store ‘for free’ in counterclaim appeared first on 9to5Google.
The Wall Street Journal is reporting today that Google has “proposed splitting parts of its business that auctions and places ads on websites and apps into a separate company under the Alphabet umbrella.”
The post Google offers to split parts of ad business into Alphabet to avoid antitrust lawsuit [U] appeared first on 9to5Google.
Buying things and paying for subscriptions online has been completely normalized and is one of the easiest ways to do so. Google lets you add and keep debit and credit card information stored in your Google Account, so you have that info wherever you go. One important aspect of this is being able to manage payment methods in your Google Account, whether that’s adding or removing them. Here’s how to do that.
The post How to manage payment methods in your Google Account appeared first on 9to5Google.
Google is preparing to launch a brand new way to move from Apple’s iPhones to an Android device. Here’s your first look at Google’s “Switch to Android” app running on an iPhone.
Update: Google’s Switch to Android app now supports all Android 12 devices, not just Pixels.
The post Here’s Google’s new ‘Switch to Android’ app for iPhones [Update: All Android 12 phones] appeared first on 9to5Google.
Following this morning’s decision by the Supreme Court to overturn Roe v. Wade, Google has informed its US employees that they can relocate themselves “without justification.”
The post Google tells employees they can relocate ‘without justification,’ in wake of Supreme Court decision appeared first on 9to5Google.
Netflix confirmed earlier this year that it is preparing an ad-supported streaming tier, and it seems the company is considering Google as a partner for those ads.
The post Netflix reportedly in talks with Google to bolster ad-supported tier appeared first on 9to5Google.
Google and Match Group have signed a temporary agreement so that any in-app payments made in Tinder and Hinge will be made using a third-party system.
The post Tinder owner Match signs temporary agreement with Google to use non-Play Store payment system appeared first on 9to5Google.
After nearly five years of construction, Google this month officially opened its Bay View campus in California. Besides an iconic design, it’s focused on sustainability and offering an “adaptable and healthy workplace.”
The post This is Google’s tent-like Bay View campus in Silicon Valley – now open [Gallery] appeared first on 9to5Google.
This year at Google I/O 2022, Google showcased a lot of breakthroughs in new AI tech and security. One of these cool advancements from a couple of years ago made its way to the stage in the pre-show. It’s called Tone Transfer from Google’s Magenta team, and it lets you turn normal instruments or sounds into something completely different.
The post Transform music into something a little bit crazy with Google’s Tone Transfer tool appeared first on 9to5Google.
This year at Google I/O 2022, Google is focusing on bringing us brand-new hardware. One product of this year’s event is Google’s new addition to Google’s headphone lineup, the Pixel Buds Pro.
The post Google unveils the Pixel Buds Pro with a custom audio chip, future Spatial Audio, and ANC appeared first on 9to5Google.
Every year, the emphasis on cybersecurity and privacy grows larger and larger. This Google I/O is no different, with Google making some big changes to how much control you have over your internet presence. One new feature is the ability to completely wipe important details in results about you from intimate Google Searches. Along with that, Google is expanding its Safety Status security features to more apps and putting a bigger emphasis on 2SV.
The post Google unveils new Results About You page, ecosystem-wide Google Account Safety Status appeared first on 9to5Google.
The long-awaited Google I/O 2022 is finally coming! Tons of innovations and exciting ventures are to be unveiled this year. So how and where on YouTube can you watch this year’s event and Google I/O Keynote? This guide will take you through it.
The post How to watch the Google I/O 2022 keynote live appeared first on 9to5Google.
Alphabet today announced Q1 2022 earnings with $68.01 billion in revenue. These numbers range from January to March, and kick off the company’s fiscal year.
The post Alphabet reports Q1 2022 revenue of $68 billion, ‘Other Bets’ revenue doubled appeared first on 9to5Google.
The Google Store is now offering a new bundle that pairs the Pixel 6 and Fitbit Charge 5 at selected global online storefronts.
The post Google Store offers Fitbit and Pixel bundles for the first time in selected regions appeared first on 9to5Google.
Elon Musk started by tweeting out – if not demanding – Twitter feature requests/changes in a truly remarkable moment for technology and corporate governance. This led to a rejected board seat and this morning’s acquisition attempt, complete with “Plan B” if/when the board rejects. Decrees-by-tweet and hostile takeovers cannot be a sustainable way to run a product, and these events play into my long-held belief that Google should have bought Twitter years ago. It would have certainly been a more orthodox turn of events compared to what’s going to play out very publicly over the coming weeks.
The post Imagine if Google had bought Twitter: stability, Hangouts becoming DMs, and more appeared first on 9to5Google.
Google has shared details on how it wants to make it’s upcoming London Kings Cross headquarters into a destination for shopping, tourists, and growing brands.
The post Google wants to turn its King Cross HQ into a destination for tourists, community projects, and more appeared first on 9to5Google.
In what has been an annual occurrence for the past several years, Google today detailed its US investment plan for 2022 that covers office and data center expansions, as well as ongoing work towards previously announced new locations.
The post Google details 2022 US office and data center plans, investments total $9.5 billion appeared first on 9to5Google.
Beta programs allow you to experience cool new features in certain apps that you wouldn’t otherwise be able to see until full release. So how do you get early access to Google’s features? This guide will show you how to join beta programs on the Google Play Store and what apps allow you to do that.
The post How to join Android app beta programs on the Google Play Store appeared first on 9to5Google.
If you've got a Google Pixel phone, it's time to rejoice — for some shiny new software is on its way to you this week.
Android 13, Google's latest and greatest Android version, officially made its landing on Monday and is in the midst of rolling out to current Pixel devices as we speak.
That means if you've got a Pixel 4 or higher, it should be showing up in your sweaty person-palms any moment now. And that, in turn, means you've got some spectacular new Googley goodies to explore.
With some phones, the hardware itself is the primary point of appeal.
Google's self-made Pixel devices take a decidedly different approach. Sure, the shells around the phones are as shiny and purty as any of 'em — but it's what's inside that really sets the Pixel apart.
Plain and simple, Google's Android software is in a league of its own. And aside from the thoughtfully designed, platform-consistent interface and the lack of obnoxious and often over-the-top experience-harming additions so many other manufacturers love to lard into their Android environments, Pixels are packed with genuinely useful features that tap into Google's high-tech smarts and make your life easier in some small but significant ways.
Offices are getting smaller — or at least companies that own or lease office space are now using less of it, according to the 2022 Office Space Report compiled by workplace management software maker Robin Powered.
The company surveyed 247 business owners, facilities managers and those in charge of office space. The survey was aimed at getting a better idea of what companies plan to do with their all their cubicles, meeting rooms and offices in the aftermath of workplace changes brought about by the COVID-19 pandemic, the move to remote and hybrid work, and the Great Resignation.
At Google, a four-year degree is not required for almost any role at the company — and a computer science degree isn't required for most software engineering or product manager positions. “Our focus is on demonstrated skills and experience, and this can come through degrees or it can come through relevant experience,” said Tom Dewaele, Google’s vice president of People Experience.
Similarly, Bank of America has refocused its hiring efforts on a skills-based approach. “We recognize that prospective talent think they need a degree to work for us, but that is not the case,” said Christie Gragnani-Woods, a Bank of America Global Talent Acquisition executive. “We are dedicated to recruiting from a diverse talent pool to provide an equal opportunity for all to find careers in financial services, including those that don’t require a degree.”
If there's one place where saved seconds can seriously add up, it's in your smartphone's on-screen keyboard.
This doesn't get nearly enough attention among average tech-totin' animals, but Android has an awesome advantage over that (cough, cough) other mobile platform when it comes to text input. All it takes is two minutes of trying to type text on an iDevice to see just how much of a good thing we've got goin' (and to make yourself want to gouge your eyes out with the nearest overpriced Apple accessory).
And you know what? While we've got no shortage of commendable Android keyboard apps to choose from, Google's own Gboard keyboard really is the perfect example of how simple, effective, and expandable the Android typing experience can be. Gboard works well right out of the virtual box, and once you start poking around in the mustiest corners of its settings, you'll uncover some tucked-away treasures that can inject all sorts of seconds-saving sorcery into your Android input process.
As the global economic downturn continues to deepen, many technology companies are reacting to fears of an incoming recession by putting the brakes on hiring.
While lowering payroll costs might seem like an easy way to reduce spending right now, the job landscape remains in a state of flux, with research showing that workers are just as pessimistic about the economic climate as their employers.
As a result, 60% of US job seekers say they feel more urgency to find a job now, before market conditions change for the worse. This could leave companies that have decided to stop hiring with a talent drain they are unable to plug.
Android 13 may be one of Google's strangest Android versions yet. And considering the company we're talking about here, my goodness, that's really saying something.
Android 13 — currently in the final phase of its beta development and expected to be launched any moment now — is without a doubt one of the most shape-shifting software updates in Android's history. It'll completely change the way Android looks, feels, and acts and open the door to a whole new side of growth for the platform.
Part of the Pixel's primary appeal is the phone's phenomenal software. All Android experiences are not created equal, as anyone who's spent seven seconds with an out-of-the-box Samsung setup can tell you, and Google's clean and simple approach to Android is a huge piece of what makes a Pixel so pleasant to use.
Still, while a Pixel may be perfectly peachy from the moment you power it on, Google's smartphone software is full of hidden features and advanced options that can make your experience even more exceptional.
And whether you're setting up a shiny new Pixel 6a right now or cradling an older Pixel model in your suspiciously sticky paw, taking the time to think through some of your phone's most easily overlooked settings can take your Pixel adventure to a whole new level.
If you look around Google's Mountain View, CA offices, you'll see Windows machines, Chromebooks, Macs — and gLinux desktops. G what, you ask? Well, in addition to relying on Linux for its servers, Google has its very own Linux desktop distribution.
You can't get it — darn it! — but for more than a decade, Google has been baking and eating its own homemade Linux desktop distribution. The first version was Goobuntu. (As you'd guess from the name, it was based on Ubuntu.)
I don't know if you've noticed, but our favorite virtual helper is losing some of its location-sensing smarts.
Yes, oh yes: For reasons unknown, Google's in the midst of quietly pulling back Assistant's ability to handle reminders based on your physical location — y'know, the "remind me to do something when I get to this place" sorts of commands that have long been possible on Android. It's part of a broader confusion campaign realignment of Google features that seems to be placing more emphasis on the company's Tasks service and its integration with other Google apps.
When it comes to Android and privacy, we're accustomed to seeing things move in a certain direction.
It's simple, really: With each new Android version, it usually gets easier to manage your privacy and understand how your information is being used. And we typically get more front-facing tools and under-the-hood improvements that allow us to handle that stuff intelligently. Obviously, right?
I'm the kind of person who runs computing hardware until it's dead, dead, dead.
I mean, I still have a 1984 KayPro luggable that boots. I keep that one because of nostalgia, but I also have more than a dozen Macs and PCs that first saw the light of day in the late 2000s and early 2010s, still doing valuable work.
How? I run Linux on them.
While Linux isn't for everyone, with Google's release of ChromeOS Flex, it's now easy to turn an otherwise obsolete computer into a useful Chromebook.
This can be really useful.
For example, I know many businesses have rooms filled with old, dusty PCs. ChromeOS Flex can give them new life. That, in turn, enables you to cut down on computer costs drastically. For example, a new Dell OptiPlex 3000 Small Form Factor business PC will cost you about $1,000. But a Dell Optiplex 3020 from 2013 that ran Windows 7 can be revitalized with ChromeOS Flex for nothing.
Third-party cookies may be going away in 18 months, but will that achieve Google’s stated intentions of creating a “more privacy-first web?”
Chris Matty doesn’t think so.
In fact, he believes the death of the invasive little trackers could paradoxically make our online identities less secure.
And he believes the motivations of Apple and Google, which have advocated for an end to this form of passive surveillance, are motivated by goals that are less altruistic than they may seem.
Matty is the founder and chief revenue officer of Versium, a business-to-business omnichannel marketing firm that profiles online visitors without using cookies. Instead, it harvests data from various third-party sources in a process that complies with the California Consumer Privacy Act and then uses deterministic algorithms to make what is essentially an educated guess about the identity of visitors.
Google's Pixel phones are practically overflowing with useful stuff. And some of the best options of all are things you've probably never even noticed.
That's true for the Pixel's core Android software as well as its Google-made apps — everything from the excellent calling-related features in the Pixel Phone app to the expanded array of advanced options in Google Assistant on Pixels.
It's even true in apps that seem so basic and utilitarian, you'd never think they had anything interesting lurking in their dusty virtual corners.
FCC Commissioner Brendan Carr has written to Apple and Google to request that both companies remove the incredibly popular TikTok app from their stores, citing a threat to national security.
Carr warns the app collects huge quantities of data and cited a recent report that claimed the company has accessed sensitive data collected from Americans. He argues that TikTok’s, "pattern of conduct and misrepresentations regarding the unfettered access that persons in Beijing have to sensitive U.S. data...puts it out of compliance,” with App Store security and privacy policies.
Google's Threat Analysis Group (TAG) has identified Italian vendor RCS Lab as a spyware offender, developing tools that are being used to exploit zero-day vulnerabilities to effect attacks on iOS and Android mobile users in Italy and Kazakhstan.
According to a Google blog post on Thursday, RCS Lab uses a combination of tactics, including atypical drive-by downloads, as initial infection vectors. The company has developed tools to spy on the private data of the targeted devices, the post said.
Psst: Come close. Your Android phone has a little-known superpower — a futuristic system for bridging the physical world around you and the digital universe on your device. It's one of Google's best-kept secrets. And it can save you tons of time and effort.
It's a little somethin' called Google Lens, and it's been lurking around on Android and quietly getting more and more capable for years. Google doesn't make a big deal about it, weirdly enough, and you really have to go out of your way to even realize it exists. But once you uncover it, well, you'll feel like you have a magic wand in your pocket.
At its core, Google Lens is best described as a search engine for the real world. It uses artificial intelligence to identify text and objects both within images and in a live view from your phone's camera, and it then lets you learn about and interact with those elements in all sorts of interesting ways. But while Lens's ability to, say, identify a flower, look up a book, or give you info about a landmark is certainly impressive, it's the system's more mundane-seeming productivity powers that are far more likely to find a place in your day-to-day life.
Let me just go on the record as saying: The Google Calendar website is fine.
And fine really is the most appropriate word here. Google's default desktop Calendar interface is perfectly functional, and it gets the job done.
It's good enough, in fact — until you experience a truly exceptional Chrome OS calendar alternative and realize how much more efficient, effective, and generally enjoyable your Chromebook-based agenda juggling could be.
I've been raving endlessly about my favorite Google-connecting desktop calendar app of the moment, the recently-acquired Cron, and lemme tell ya: Phenomenal doesn't even begin to describe it.
Quick: When's the last time you really, truly thought about your Android phone's Quick Settings setup?
If you're like most mammals I know, the answer probably ranges somewhere between "eons ago" and "never." And it's no surprise: Android's Quick Settings area is one of those things that's just sort of there. It's convenient, sure, but it's all too easy to forget that it's completely customizable — and expandable, too. It can turn into an invaluable home for your own custom Android shortcuts, if you take the time to build it up accordingly.
The challenge, aside from simply remembering that you can expand that area of your phone's interface, is knowing where to begin. Google doesn't exactly have any great way of tracking down and identifying apps that offer Quick Settings additions, and even when you have an app with a cool Quick Settings option on your phone, you might not even realize it's there.
Goodness gracious, I sure do love saving seconds. And if there's one area where wasted moments are just begging to be reclaimed, it's within the shiny Chrome browser on your favorite Android phone.
Google's Android Chrome app is an absolute gold mine when it comes to hidden shortcuts and underappreciated time-savers. And despite the fact that we went over a ton of top-notch time-savers for the Chrome Android environment a handful of months back, I kept thinking to myself: "Gee wilikers, Mr. Wigglesby, there's gotta be more."
