Google Cloud Next was last week, and that is therefore this week’s topic. There are several features for Google Cloud that are useful, but they also focused a bit more on their enterprise service offerings.

Security

The first thing I saw that I found interesting, is the introduction of Google’s Key Management System (KMS). The ability to globally handle encryption using a key store is an important feature, and I’m quite surprised that this wasn’t already available in Google Cloud already. I guess I’ve gotten so used to having it in AWS that I considered it a basic feature for any cloud platform¹.

This wasn’t the only security related announcement though, and the others are possibly more interesting. The first one is Cloud Identity-aware Proxy which seems to be a system for determining whether a user can have access to your application. The idea here is to get rid of the need for VPN connections and instead have the infrastructure determine automatically whether someone gets access. The documentation I’ve found is a bit sparse and I haven’t tried it out either², but from what I can gather it sounds a bit like a single sign on solution where you access a single endpoint to determine your access which then grants you access to the applications you can access.

The Data loss Prevention API seems to play into one of Google’s strengths. This offers the ability to search for and automatically redact sensitive data. I assume this uses some machine learning under the hood instead of simple pattern matching to ensure there are better results. I’d be very interested to see how well this performs with non-Latin languages for redacting things like names.

The last security related item I want to highlight is Titan (no, not their cancelled drone project with the same name). It doesn’t seem to have its own page, and every link I’ve found goes to the same security announcements post. What it seems to be though is that Google has built their own network card with a hardware level root trust included. This allows them to more properly secure against unauthorized access at various levels.

Other Cloud features

There is a list of 100 new features available³, and obviously I’m not going to repeat all of those. The security ones are always good to focus on, but there are a couple of others that are of interest to me.

Cloud SQL, Google’s managed database solution⁴, will soon get beta support for Postgres. Another feature that is all about catching up to the competition, but that will make the platform more attractive.

Cloud Functions, their “serverless” offering⁵, is now in public beta. Once again, this shows how much attention I pay to Google Cloud as I assumed it already was. At some point I really want to try this one out.

The Container Builder is possibly the most interesting of the lot. It’s not that it’s the first way to build your Docker containers in the cloud, but it is possibly the easiest to integrate with other systems. With a generous free tier on top of that⁶, I can see this being used with CI/CD integrations.

There are also a bunch of new data centers, including in the Netherlands, but as Australia is still ignored I’ll just shake my head in disappointment at that.

ReCAPTCHA turns invisible

Technically speaking this too is a security thing, but it deserves its own section. We’re all familiar with ReCAPTCHA’s whether you know the name or not, they’re the annoying little things that make you copy barely legible letters and numbers or select which of the shown pictures contains a car. Nobody likes them, but they often have to be used to fight spam bots.

Google’s newest take on this is to make this invisible for regular visitors. Apparently they’ll be able to detect automatically if a visitor is human or not. Again, not much in the way of details, so I can mostly speculate on how they’ll do that. Considering this is Google, it seems clear that they’ll be comparing some data against a machine learning algorithm. They’ve been able to collect a lot of data over the years to find out who passed their checks and who didn’t.

That all sounds fair enough, but my question here is focused on what do they check for this? Will they be able to detect I’m human by the fact that I constantly select paragraphs on the page I’m reading, or will they use the fact that a lot of people will be logged into their Google account and therefore can see how you ended up here? Regardless of how they do it, I suspect this will be quite effective. But that doesn’t stop me from disliking that they’ll probably be collecting ever more (anonymized) data about my browsing habits.

Google Hangouts

When they introduced their Allo and Duo, it was unclear what Google’s plan was for Hangouts which it seemed to at least partially replace. Now this has been answered⁷. Hangouts is going to be an enterprise offering. It will be split up into two parts, the video and the chat component. The video part will become more of a video conference tool, while the chat component will seemingly turn into a Slack competitor.

Recently I’ve been using Hangouts quite a bit⁸ and I haven’t been very impressed by it. The chat portion is terrible, without a real native client (yes, I know I can install any XMPP compatible client), and an interface that looks like it belongs in the nineties. The video part is a lot better⁹ but still has plenty of room for improvement. All of this means that I’m hopeful that a renewed interest on Google’s part¹⁰ will help these products so that when I have to use them again it won’t feel like punishment.