Out of office information will now display when replying to or mentioning a user in a Google Docs comment

Quick launch summary

In Google Docs, you’ll now see out of office information when replying to or mentioning other users in a comment.

When mentioning a single user in a new comment or thread, you’ll see the OOO banner and information on when they plan to return.

For multi-person threads, you’ll see condensed out of office information. You can select the info icon to view more information on each specific person. 

Getting started

Rollout pace


  • Available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, and Enterprise Plus, as well as G Suite Basic, Business, Education, Enterprise for Education, and Nonprofits customers 


Read More

New white paper: Strengthening operational resilience in financial services by migrating to Google Cloud

Operational resilience continues to be a key focus for financial services firms. Regulators from around the world are refocusing supervisory approaches on operational resilience to support the soundness of financial firms and the stability of the financial ecosystem. Our new white paper discusses the continuing importance of operational resilience to the financial services sector, and the role that a well-executed migration to Google Cloud can play in strengthening it. Here are the key highlights: 

Operational resilience in financial services

Financial services firms and regulators are increasingly focused on operational resilience, reflecting the growing dependency that the financial services industry has on complex systems, automation and technology, and third parties. 

Operational resilience can be defined as the “ability to deliver operations, including critical operations and core business lines, through a disruption from any hazard”1. Given this definition, operational resilience needs to be thought of as a desired outcome, instead of a singular activity, and as such, the approach to achieving that outcome needs to address a multitude of operational risks including: 

  • Cybersecurity: Continuously adjusting key controls, people, processes and technology to prevent, detect and react to external threats and malicious insiders.

  • Pandemics: Sustaining business operations in scenarios where people cannot, or will not, work in close proximity to colleagues and customers.

  • Environmental and Infrastructure: Designing and locating facilities to mitigate the effects of localised weather and infrastructure events, and to be resilient to physical attacks.

  • Geopolitical: Understanding and managing risks associated with geographic and political boundaries between intragroup and third-party dependencies.

  • Third-party Risk: Managing supply chain risk, and in particular of critical outsourced functions by addressing vendor lock in, survivability and portability.

  • Technology Risk: Designing and operating technology services to provide the required levels of availability, capacity, performance, quality and functionality. 

Operational resilience benefits from migrating to Google Cloud

There is a growing recognition among policymakers and industry leaders that, far from creating unnecessary new risk, a well-executed migration to public cloud technology over the coming years will provide capabilities to financial services firms that will enable them to strengthen operational resilience in ways that are not otherwise achievable.  

Foundationally, Google Cloud’s infrastructure and operating model is of a scale and robustness that can provide financial services customers a way to increase their resilience in a highly commercial way.

Equally important are the Google Cloud products, and our support for hybrid and multi-cloud, that help financial services customers manage various operational risks in a differentiated manner:

  • Cybersecurity that is designed in, and from the ground up. From encryption by default, to our Titan security chip, to high-scale DOS defences, to the power of Google Cloud data analytics and Security Command Center our solutions help you secure your environment.

  • Solutions that decouple employees and customers from physical offices and premises. This includes zero-trust based remote access that removes the need for complex VPNs, rapidly deployed customer contact center AI virtual agents, and Google Workspace for best-in-class workforce collaboration.

  • Globally and regionally resilient infrastructure, data centers and support. We offer a global footprint of 24 regions and 73 zones allowing us to serve customers in over 200 countries, with a globally distributed support function so we can support customers even in adverse circumstances.

  • Strategic autonomy through appropriate controls. Our recognition that customers and policymakers, particularly in Europe, strive for even greater security and autonomy is embodied in our work on data sovereignty, operational sovereignty, and software sovereignty.

  • Portability, substitutability and survivability, using our open cloud. We understand that from a financial services firm’s perspective, achieving operational resilience may include solving for situations where their third parties are unable, for any reason, to provide the services contracted.

  • Reducing technical debt, whilst focusing on great financial products and services. We provide a portfolio of solutions so that financial services firms’ technology organisations can focus on delivering high-quality services and experiences to customers, and not on operating foundational technologies such as servers, networks and mainframes.

We are committed to ensuring that Google Cloud solutions for financial services are designed in a manner that best positions the sector in all aspects of operational resilience. Furthermore, we recognize that this is not simply about making Google Cloud resilient: the sector needs autonomy, sovereignty and survivability. You can learn more about Google Cloud’s point of view on operational resilience in financial services by downloading the white paper.

1. “Sound Practices to Strengthen Operational Resilience”, FRB, OCC, FDIC

Read More

Farmers Edge enlists Google Cloud to bring AI/ML and more to the AgTech space

Farmers Edge shared the launch of a global strategic co-selling initiative, with the goal to bring AI, ML, and analytics to more customers across the AgTech space. Enhancements to their digital platform – FarmCommand® – will include near real-time carbon and sustainability tracking, simplified insurance reporting and claims management. These will not only help accelerate the rate at which organisations are able to move to the cloud, but it will allow them to do so while minimizing costs and maximizing sustainability.  

Learn more about our latest efforts in the Farmers Edge press release here!

Stabilizing Live Speech Translation in Google Translate

Posted by Naveen Arivazhagan, Senior Software Engineer and Colin Cherry, Staff Research Scientist, Google Research

The transcription feature in the Google Translate app may be used to create a live, translated transcription for events like meetings and speeches, or simply for a story at the dinner table in a language you don’t understand. In such settings, it is useful for the translated text to be displayed promptly to help keep the reader engaged and in the moment.

However, with early versions of this feature the translated text suffered from multiple real-time revisions, which can be distracting. This was because of the non-monotonic relationship between the source and the translated text, in which words at the end of the source sentence can influence words at the beginning of the translation.

Transcribe (old) — Left: Source transcript as it arrives from speech recognition. Right: Translation that is displayed to the user. The frequent corrections made to the translation interfere with the reading experience.

Today, we are excited to describe some of the technology behind a recently released update to the transcribe feature in the Google Translate app that significantly reduces translation revisions and improves the user experience. The research enabling this is presented in two papers. The first formulates an evaluation framework tailored to live translation and develops methods to reduce instability. The second demonstrates that these methods do very well compared to alternatives, while still retaining the simplicity of the original approach. The resulting model is much more stable and provides a noticeably improved reading experience within Google Translate.

Transcribe (new) — Left: Source transcript as it arrives from speech recognition. Right: Translation that is displayed to the user. At the cost of a small delay, the translation now rarely needs to be corrected.

Evaluating Live Translation
Before attempting to make any improvements, it was important to first understand and quantifiably measure the different aspects of the user experience, with the goal of maximizing quality while minimizing latency and instability. In “Re-translation Strategies For Long Form, Simultaneous, Spoken Language Translation”, we developed an evaluation framework for live-translation that has since guided our research and engineering efforts. This work presents a performance measure using the following metrics:

  • Erasure: Measures the additional reading burden on the user due to instability. It is the number of words that are erased and replaced for every word in the final translation.
  • Lag: Measures the average time that has passed between when a user utters a word and when the word’s translation displayed on the screen becomes stable. Requiring stability avoids rewarding systems that can only manage to be fast due to frequent corrections.
  • BLEU score: Measures the quality of the final translation. Quality differences in intermediate translations are captured by a combination of all metrics.

It is important to recognize the inherent trade-offs between these different aspects of quality. Transcribe enables live-translation by stacking machine translation on top of real-time automatic speech recognition. For each update to the recognized transcript, a fresh translation is generated in real time; several updates can occur each second. This approach placed Transcribe at one extreme of the 3 dimensional quality framework: it exhibited minimal lag and the best quality, but also had high erasure. Understanding this allowed us to work towards finding a better balance.

Stabilizing Re-translation
One straightforward solution to reduce erasure is to decrease the frequency with which translations are updated. Along this line, “streaming translation” models (for example, STACL and MILk) intelligently learn to recognize when sufficient source information has been received to extend the translation safely, so the translation never needs to be changed. In doing so, streaming translation models are able to achieve zero erasure.

The downside with such streaming translation models is that they once again take an extreme position: zero erasure necessitates sacrificing BLEU and lag. Rather than eliminating erasure altogether, a small budget for occasional instability may allow better BLEU and lag. More importantly, streaming translation would require retraining and maintenance of specialized models specifically for live-translation. This precludes the use of streaming translation in some cases, because keeping a lean pipeline is an important consideration for a product like Google Translate that supports 100+ languages.

In our second paper, “Re-translation versus Streaming for Simultaneous Translation”, we show that our original “re-translation” approach to live-translation can be fine-tuned to reduce erasure and achieve a more favorable erasure/lag/BLEU trade-off. Without training any specialized models, we applied a pair of inference-time heuristics to the original machine translation models — masking and biasing.

The end of an on-going translation tends to flicker because it is more likely to have dependencies on source words that have yet to arrive. We reduce this by truncating some number of words from the translation until the end of the source sentence has been observed. This masking process thus trades latency for stability, without affecting quality. This is very similar to delay-based strategies used in streaming methods such as Wait-k, but applied only during inference and not during training.

Neural machine translation often “see-saws” between equally good translations, causing unnecessary erasure. We improve stability by biasing the output towards what we have already shown the user. On top of reducing erasure, biasing also tends to reduce lag by stabilizing translations earlier. Biasing interacts nicely with masking, as masking words that are likely to be unstable also prevents the model from biasing toward them. However, this process does need to be tuned carefully, as a high bias, along with insufficient masking, may have a negative impact on quality.

The combination of masking and biasing, produces a re-translation system with high quality and low latency, while virtually eliminating erasure. The table below shows how the metrics react to the heuristics we introduced and how they compare to the other systems discussed above. The graph demonstrates that even with a very small erasure budget, re-translation surpasses zero-flicker streaming translation systems (MILk and Wait-k) trained specifically for live-translation.

System     BLEU     Lag
(Transcribe old)
    20.4     4.1     2.1
+ Stabilization
(Transcribe new)
    20.2     4.1     0.1
Evaluation of re-translation on IWSLT test 2018 Engish-German (TED talks) with and without the inference-time stabilization heuristics of masking and biasing. Stabilization drastically reduces erasure. Translation quality, measured in BLEU, is very slightly impacted due to biasing. Despite masking, the effective lag remains the same because the translation stabilizes sooner.
Comparison of re-translation with stabilization and specialized streaming models (Wait-k and MILk) on WMT 14 English-German. The BLEU-lag trade-off curve for re-translation is obtained via different combinations of bias and masking while maintaining an erasure budget of less than 2 words erased for every 10 generated. Re-translation offers better BLEU / lag trade-offs than streaming models which cannot make corrections and require specialized training for each trade-off point.

The solution outlined above returns a decent translation very quickly, while allowing it to be revised as more of the source sentence is spoken. The simple structure of re-translation enables the application of our best speech and translation models with minimal effort. However, reducing erasure is just one part of the story — we are also looking forward to improving the overall speech translation experience through new technology that can reduce lag when the translation is spoken, or that can enable better transcriptions when multiple people are speaking.

Read More

Sign in to sites faster and personalize your lock screen

We’re always finding ways to make using Chromebooks as seamless as possible. Today, with our latest Chrome OS release, we’re introducing a faster sign-in experience as well as personalized lock screens. 

And in case you missed it, we’ll share the exciting new Chromebooks that were recently announced at CES 2021.

Faster and easier web sign-in

Forget the hassle of typing in a long password or trying to remember which one you use for a specific online account. Now you can securely sign in to websites with the PIN or fingerprint you’ve set up to unlock your Chromebook with our new Web Authentication (WebAuthn) feature. Websites that support WebAuthn will let you use your Chromebook PIN or fingerprint ID—if your Chromebook has a fingerprint reader—instead of the password you’ve set for the website. And if you use 2-Step Verification to sign-in, your Chromebook PIN or fingerprint ID can be used as the second factor, so you no longer need to pull out your security key or phone to authenticate.

To get started, sign in to a supported website like Dropbox, GitHub or Okta, and you’ll be prompted to switch to using WebAuthn for future sign-ins.

Image showing a web page with the WebAuthn tool pulled up. A pop-up on the screen says "verify your identity" and has spaces for numbers to be entered.

Beautify your space with a personalized lock screen

The Chrome OS screen saver lets you transform your Chromebook’s lock screen into a personalized smart display. Show off your favorite photo album from Google Photos or pick from hundreds of art gallery images. You can use your lock screen to check information like the current weather and what music is playing; you’ll also be able to pause a track or skip songs without unlocking your device. 

Go to your Chrome OS Settings  and select Personalization > Screen saver to turn it on now.

Image shows an Android tablet next to an Android tablet pen. On the screen is a photo of a mountain and behind it is a pink-hued sunset.

ICYMI: New Chromebooks announced at CES 2021 

Image showing three laptops.

From left to right: Samsung Galaxy Chromebook 2, ASUS Chromebook Flip C536 and Acer Chromebook Spin 514

Our partners, Acer, ASUS and Samsung, introduced five new Chromebooks earlier this month: The Acer Chromebook Spin 514 and the ASUS Chromebook Flip CM5 are among the first AMD Ryzen Chromebooks in the market and deliver great performance for work and play at an affordable price. There’s also the ASUS Chromebook Flip C536 and the ASUS Chromebook CX9, which are some of the first Chromebooks to come with the latest 11th generation Intel processors, so they’re a powerful option for working or streaming video. And the Samsung Galaxy Chromebook 2 is the first Chromebook to feature a QLED display; it has a thin, light design and comes in Fiesta Red and Mercury Gray. 

That’s all for now—but check back here in March when we’ll have more news about what’s coming to Chromebooks.

Read More

From Girl Scout to Waymonaut

Thumbnail: Girl Scouts in front of Waymo truck

Earlier this month, we teamed up with Girl Scouts of Northeast Texas (GSNETX) to transport cookies for the annual Girl Scout Cookie Program with our Waymo Via truck fleet. Girl Scouts has long encouraged girls at every age and from all different backgrounds to explore science, technology, engineering, and math (STEM) fields through their girl-centric programming. And at Waymo, we need a diverse group of people to develop the Waymo Driver and deliver on our mission, so we look for opportunities to open these dialogues with younger generations who will forge the future of autonomous driving technology.

Our new partnership with Girl Scouts of Northeast Texas inspired us to ask if any of our Waymonauts are Girl Scout alums and how their experience influenced their journey to Waymo. With the organization’s focus on STEM, entrepreneurism, and leadership skills, it’s no surprise we found many alums among us, with really inspiring stories about what being a Girl Scout meant to them personally, how they found themselves in STEM roles, and how those two things are very closely intertwined. 
Emily Warman, Software Engineer, Planning/Behavior

5 years as a Girl Scout in Dupage County, IL

“To me, [being a] girl meant inside voices, dolls, clothes I couldn’t get dirty, legs without bruises, being small. I felt limited. I wanted to be seen for things I was good at: how fast I could run, how high I could climb, how brave I was… Girl Scouts was the first time I felt like I was a part of a group of girls. I didn’t have to be anything I wasn’t in Girl Scouts. It was the first time I felt like being a girl was OK, maybe even great.”

Emily and her mom during her bridging ceremony
Maggie Graupera, Recruiter, Hardware Engineering

3 years as a Girl Scout in San Jose, CA

“I was a Girl Scout for several years. Cookie sales was a formative experience for me. The act of selling is a skill I started to harness at an early age through Girl Scouts. That experience prepared me in my career and ultimately led me to my role of selling the experience of working at Waymo (as a recruiter).”

Maggie and her pup

Megan Quick, System Engineer

16 years as a Girl Scout and Girl Scout camp counselor in Colorado

“I think that some parts of the Girl Scout curriculum really helped with understanding STEM careers, and introducing STEM and engineering concepts. I became a mechanical engineer and that was influenced by many things, but the hands-on experiences that I got at the Girl Scout camps definitely gave me early experience with this. I also think that my leadership experience that I got in the Girl Scouts likely helped me to get a scholarship to college.”

Megan working in one of our hardware labs

Michelle Peacock, Global Head of Policy and Government Relations
4 years as a Girl Scout in Pasco, Washington

“What does being a Girl Scout mean to me? The answer can be found in the Girl Scout Promise. ‘On my honor, I will try to serve God and my country, to help people at all times, and to live by the Girl Scout Law.’ I literally use this pledge to think about how I should move about my life every single day. I also try to help those who reach out to me for career advice or networking. I do whatever it takes to make the time because that’s how you learn! I stay in touch with many women I’ve worked with throughout my career and am super proud to see them grow and be successful.”
Michelle’s daughter, Mary Charlotte, during her days as a Brownie

Sandy Karp, Senior Communications Associate

7 years as a Girl Scout in Peninsula Bay Area

“I’d say there are a lot of similarities between our mission at Waymo and the Girl Scout Law. At Waymo, we’re teaching the Waymo Driver to be friendly and helpful, considerate and caring, to respect authorities, and use resources wisely, and to make the world (and our roads) a better place.”
Sandy showing off her Waymo spirit!

Image caption and source: Girl Scouts of Northeast Texas cheer the new branding on a Waymo Via truck used to fulfill Girl Scout Cookie Program logistics (GSNETX staff photographer)

Read More

Lifecycle of a container on Cloud Run

Editor’s note: Today’s post comes from  Wietse Venema, a software engineer and trainer at Binx.io and the author of the O’Reilly book about Google Cloud Run. In today’s post, Wietse shares how understand the full container lifecycle, and the possible state transitions within it, so you can make the most of Cloud Run.

Serverless platform Cloud Run runs and autoscales your container-based application.  You can make the most of this platform when you understand the full container lifecycle and the possible state transitions within it. Let’s review the states, from starting to stopped. 

figure 1

First, some context for those who have never heard of Cloud Run before (if you have, skip down to “Starting a Container”). The developer workflow on Cloud Run is a straightforward, three-step process:

  1. Write your application using your favorite programming language. Your application should start an HTTP server. 
  2. Build and package your application into a container image. 
  3. Deploy the container image to Cloud Run. 

Once you deploy your container image, you’ll get a unique HTTPS endpoint back. Cloud Run then starts your container on demand to handle requests and ensures that all incoming requests are handled by dynamically adding and removing containers. Explore the hands-on quickstart to try it out for yourself. 

It’s important to understand the distinction between a container image and a container. A container image is a package with your application and everything it needs to run; it’s the archive you store and distribute. A container represents the running processes of your application.

Figure 2

You can build and package your application into a container image in multiple ways. Docker gives you low-level control and flexibility. Jib and Buildpacks offer a higher-level, hands-off experience. You don’t need to be a container expert to be productive with Cloud Run, but if you are, Cloud Run won’t be in your way. Choose the containerization method that works best for you and your project.

Starting a Container

Figure 3

When a container starts, the following happens:

  1. Cloud Run creates the container’s root filesystem by materializing the container image. 
  2. Once the container filesystem is ready, Cloud Run runs the entrypoint program of the container (your application).  
  3. While your application is starting, Cloud Run continuously probes port 8080 to check whether your application is ready. (You can change the port number if you need to.)
  4. Once your application starts accepting TCP connections, Cloud Run forwards incoming HTTP requests to your container.

Remember, Cloud Run can only deploy container images that are stored in a Docker repository on Artifact Registry. However, it doesn’t pull the entire image from there every time it starts a new container. That would be needlessly slow. 

Figure 4

Instead, Cloud Run pulls your container image from Artifact Registry only once, when you deploy a new version (called a revision on Cloud Run). It then makes a copy of your container image and stores it internally.

The internal storage is fast, ensuring that your image size is not a bottleneck for container startup time. Large images load as quickly as small ones. That’s useful to know if you’re trying to improve cold start latency. A cold start happens when a request comes in and no containers are available to handle it. In this case, Cloud Run will hold the request while it starts a new container. 

If you want to be sure a container is always available to handle requests, configure minimum instances, which will help reduce the number of cold starts.  

Because Cloud Run copies the image, you won’t get into trouble if you accidentally delete a deployed container image from Artifact Registry. The copy ensures that your Cloud Run service will continue to work. 

Serving Requests

Figure 5

When a container is not handling any requests, it is considered idle. On a traditional server, you might not think twice about this. But on Cloud Run, this is an important state:

  • An idle container is free. You’re only billed for the resources your container uses when it is starting, handling requests (with a 100ms granularity), or shutting down.  
  • An idle container’s CPU is throttled to nearly zero. This means your application will run at a really slow pace. That makes sense, considering this is CPU time you’re not paying for. 

When your container’s CPU is throttled, however, you can’t reliably perform background tasks on your container. Take a look at Cloud Tasks if you want to reliably schedule work to be performed later. 

Figure 6

When a container handles a request after being idle, Cloud Run will unthrottle the container’s CPU instantly. Your application — and your user — won’t notice any lag. 

Cloud Run can keep idle containers around longer than you might expect, too, in order to handle traffic spikes and reduce cold starts. Don’t count on it, though. Idle containers can be shut down at any time.

Shutting Down

Figure 7

If your container is idle, Cloud Run can decide to stop it. By default, a container just disappears when it is shut down. 

However, you can build your application to handle a SIGTERM signal (a Linux kernel feature). The SIGTERM signal warns your application that shutdown is imminent. That gives the application 10 seconds to clean things up before the container is removed, such as closing database connections or flushing buffers with data you still need to send somewhere else. You can learn how to handle SIGTERMs on Cloud Run so that your shutdowns will be graceful rather than abrupt.

Figure 8

So far, I’ve looked at Cloud Run’s happy state transitions. What happens if your application crashes and stops while it is handling requests? 

When Things Go Wrong

figure 9

Under normal circumstances, Cloud Run never stops a container that is handling requests. However, a container can stop suddenly in two cases: if your application exits (for instance due to an error in your application code) or if the container exceeds the memory limit. 

If a container stops while it is handling requests, it takes down all its in-flight requests at that time: Those requests will fail with an error. While Cloud Run is starting a replacement container, new requests might have to wait. That’s something you’ll want to avoid.

figure 10

You can avoid running out of memory by configuring memory limits. By default, a container gets 256MB of memory on Cloud Run, but you can increase the allocation to 4GB. Keep in mind, though, if your application allocates too much memory, Cloud Run will also stop the container without a SIGTERM warning.


In this post, you learned about the entire lifecycle of a container on Cloud Run, from starting to serving and shutting down. Here are the highlights: 

  • Cloud Run stores a local copy of your container image to load it really fast when it starts a container.
  • A container is considered idle when it is not serving requests. You’re not paying for idle containers, but their CPU is throttled to nearly zero. Idle containers can be shut down. 
  • With SIGTERM you can shut down gracefully, but it’s not guaranteed to happen. Watch your memory limits and make sure errors don’t crash your application. 

I’m a software engineer and trainer at Binx.io and the author of the O’Reilly book about Google Cloud Run (read the full chapter outline). Connect with me on Twitter: @wietsevenema (open DMs).

Read More

Show me the money! How you can see returns up to $259M with a DevOps Transformation

2020 challenged some of the best laid plans by enterprises. With nearly everything moving online, Covid-19 pushed forward years of digital transformation. DevOps was at the heart of this transformation journey. After all, delivering software quickly, reliably, and safely to meet the changing needs of customers was crucial to adapt to this new normal.

It is unlikely that the pace of modernization will slow down in 2021. As IT and business leaders further drive digital adoption within their organizations via DevOps, the need to quantify the business benefit from a digital transformation remains top of mind. A reliable model is imperative to drive the right level of investments and measure the returns. This is precisely why we wrote How to Measure ROI of DevOps Transformation. This white paper is backed with scientific studies conducted by DevOps Research and Assessment, DORA, with 31,000 professionals worldwide over 6 years to provide clear guidance based on impartial industry data. We found the financial savings of DevOps transformation varies from from $10M to $259M a year.

Looking beyond cost to value

The most innovative companies undertake their technology transformations with a focus on the value they can deliver to their customers. Hence, in addition to measuring cost savings, we show how DevOps done right can be a value driver and innovation engine. Let’s look deeper into how we quantify the cost and value-generating power of DevOps. 

Cost-driven category

Here, we focus on quantifying the cost savings and efficiencies realized by implementing DevOps—for example, how an investment in DevOps reduces costs by cutting the time it takes to resolve outages and avoiding downtime as much as possible. 

However, focusing solely on reducing costs can rarely yield systemic, long-term gains; thereby increasing the importance of going beyond cost-driven strategies. The cost savings achieved in year one “no longer count” beyond year two as the organization adjusts to a new baseline of costs and performance. Worse, only focusing on cost savings signals to technical staff their job is potentially at risk due to automation rather than being liberated from drudge work to better drive business growth. This leads to negative effects on morale and productivity. 

Value-driven category

There are two value drivers in a DevOps transformation, (1) improved efficiency through the reduction of unnecessary rework, and (2) the potential revenue gained by reinvesting the time saved in new offer capabilities.

Adding these cost and value driven categories together, IT and business decision makers can get an estimate of the potential value their organizations can expect to gain from a DevOps transformation. This helps justify the investment needed to implement the required changes. To quantify the impact, we leverage industry benchmark data across low, medium, high, and elite DevOps teams, as described by DORA in its annual Accelerate: State of DevOps report

Combining cost and value

As an example, let’s consider the impact of a DevOps transformation on a large organization with 8,500 technical staff and a medium IT performer. Using the data gained from the DevOps report, we can calculate both the cost and value driven categories along with total impact. 

roi table

While this example represents what a medium IT performer at a large organization might expect by investing in DevOps, companies of all sizes and performance profiles can leverage DevOps to drive performance. In the white paper, we calculate the impact of DevOps across organizations of different sizes—small, medium, and large—as well as across four distinct performance profiles—low, medium, high, elite. 

There will be variation in these measurements based on your team’s current performance, compensation, change fail rate, benefits multiplier, and deployments per year, so we share our methodology in the white paper and invite you to customize the approach based on your specific needs and constraints. 

ROI of DevOps Transformation

ROI of DevOps Transformation: How to quantify the impact of your modernization initiatives

Years of DORA research show that undertaking a technology transformation initiative can produce sizable returns for any organization. Our goal with the white paper is to provide IT and business decision makers an industry backed, data driven foundational basis for determining their investment in DevOps. Download the white paper here to calculate the impact of DevOps on your organization, while driving your digital transformation. 

Read More

Extending enterprise zero trust models to the web

For over a decade, Chrome has been committed to advancing security on the web, and we’re proud of the end-user and customer safety improvements we’ve delivered over the years. We take our responsibility seriously, and we continue to work on ways to better protect billions of users around the world, whether it’s driving the industry towards HTTPS, introducing and then advancing the concept of a browser sandbox, improving phishing and malware detection via Safe Browsing improvements or working alongside Google’s Project Zero team to build innovative exploit mitigations. 

To continue our work of making a safer web for everyone, we’ve partnered with Google’s Cloud Security team to expand what enterprises should expect from Chrome and web security. Today the Cloud Security team is announcing BeyondCorp Enterprise, our new zero trust product offering, built around the principle of zero trust: that access must be secured, authorized and granted based on knowledge of identities and devices, and with no assumed trust in the network. With Chrome, BeyondCorp Enterprise is able to deliver customers a zero trust solution that protects data, better safeguards users against threats in real time and provides critical device information to inform access decisions, all without the need for added agents or extra software. These benefits are built right into Chrome, where users are already spending much of their workday accessing the apps and resources they need to be productive, and IT teams can easily manage these controls right through our Chrome Browser Cloud Management offering.

By extending zero trust principles to Chrome, we’re introducing the following advanced security capabilities that will help keep users and their company data safer than ever before:

Enhanced malware and phishing prevention: BeyondCorp Enterprise allows for real-time URL checks and deep scanning of files for malware.

Notification that reads "sample.zip is dangerous, so Chrome has blocked it."

Sensitive data protection across the web:IT teams can enforce a company’s customized rules for what types of data can be uploaded, downloaded or copied and pasted across sites.

Notification that reads "This file has sensitive or dangerous content. Remove this content and try again.

Visibility and insights: Organizations can get more insights into potential risks or suspicious activity through cloud-based reporting, including tracking of malicious downloads on corporate devices or employees entering passwords on known phishing sites. 

Three bar charts labeled "Chrome high risk users," "Chrome high risk domains," and "Chrome data protection summary."

Including Chrome in your zero trust strategy is critical not only because your employees spend much of the working day in the browser, but also because Chrome is in a unique position to identify and prevent threats across multiple web-based apps. Enhanced capabilities surrounding data protection and loss prevention protects organizations from both external threats and internal leak risks, many of which may be unintentional. We’ve built these capabilities into Chrome in a way that gives IT and security teams flexibility around how to configure policies and set restrictions, while also giving administrators more visibility into potentially harmful or suspicious activities. Naturally, these threat and data protections are also extended to Chrome OS devices, which offer additional proactive and built-in security protections.  

As with many of the major security advances Chrome has introduced in the past, we know it takes time to adopt new approaches. We’re here to help with a solution that is both simple and more secure for IT teams and their users. As you look at 2021 and where your security plans will take you, check out BeyondCorp Enterprise

Chrome will host a webinar on Thursday, January 28, highlighting some of our recent enterprise enhancements, and offering a preview of what’s to come in 2021. We’ll also talk more about the Chrome-specific capabilities of BeyondCorp Enterprise. We hope you can join us!

Read More

BeyondCorp Enterprise: Introducing a safer era of computing

Security issues continue to disrupt the status quo for global enterprises. Recent incidents highlight the need to re-think our security plans and operations; attackers are getting smarter, attacks are more sophisticated, and assumptions about what is and isn’t locked down no longer hold. The challenge, however, is to enable disruptive innovation in security without disrupting security operations. 

Today, we’re excited to announce the general availability of Google’s comprehensive zero trust product offering, BeyondCorp Enterprise, which extends and replaces BeyondCorp Remote Access. Google is no stranger to zero trust—we’ve been on this journey for over a decade with our own implementation of BeyondCorp, a technology suite we use internally to protect Google’s applications, data, and users. BeyondCorp Enterprise brings this modern, proven technology to organizations so they can get started on their own zero trust journey. Living and breathing zero trust for this long, we know that organizations need a solution that will not only improve their security posture, but also deliver a simple experience for users and administrators.

BeyondCorp Enterprise.jpg

A modern, proven, and open approach to zero trust

Because our own zero trust journey at Google has been ongoing for a decade, we realize customers can’t merely flip a switch to make zero trust a reality in their own organizations, especially given varying resources and computing environments that might look different than ours. Nonetheless, these enterprises understand the zero trust journey is an imperative. 

As a result, we’ve invested many years in bringing our customers a solution that is cost-effective and requires minimal disruption to existing deployments and business processes, using trust, reliability and scale as our primary design criteria.

proven modern and open platform.jpg

The end result is, BeyondCorp Enterprise, delivering three key benefits to customers and partners:

1) A scalable, reliable zero trust platform in a secure, agentless architecture, including: 

2) Continuous and real-time end-to-end protection

  • Embedded data and threat protection, newly added to Chrome, to prevent malicious or unintentional data loss and exfiltration and malware infections from the network to the browser.

  • Strong phishing-resistant authentication to ensure that users are who they say they are. 

  • Continuous authorization for every interaction between a user and a BeyondCorp-protected resource.  

  • End-to-end security from user to app and app to app (including microsegmentation) inspired by the BeyondProd architecture.

  • Automated public trust SSL certificate lifecycle management for internet-facing BeyondCorp endpoints powered by Google Trust Services

3) A solution that’s open and extensible, to support a wide variety of complementary solutions 

  • Built on an expanding ecosystem of technology partners in our BeyondCorp Alliance which democratizes zero trust and allows customers to leverage existing investments.

  • Open at the endpoint to incorporate signals from partners such as Crowdstrike and Tanium, so customers can utilize this information when building access policies.

  • Extensible at the app to integrate into best-in-class services from partners such as Citrix and VMware.

In short, if cloud-native zero trust computing is the future—and we believe it is—then our solution is unmatched when it comes to providing scale, security and user experience. With BeyondCorp Enterprise, we are bringing our proven, scalable platform to customers, meeting their zero trust requirements wherever they are.

Customers are committed to zero trust

We’ve worked with customers around the world to battle-test our BeyondCorp Enterprise technology and to help them build a more secure foundation for a modern, zero-trust architecture within their organization. Vaughn Washington, VP of Engineering at Deliveroo, a global food delivery company headquartered in the UK, says, “We love that BeyondCorp Enterprise makes it so easy to bring the zero trust model to our distributed workforce. Having secure access to applications and associated data is critical for our business. With BeyondCorp Enterprise, we manage security at the app level, which removes the need for traditional VPNs and associated risks. With BeyondCorp Enterprise and Chrome Enterprise working together, we have additional visibility and controls to help us keep our data secure.”

“We want to improve the experience for our developers and continue to raise the bar on our security posture by adopting a zero trust architecture. Google’s experience with zero trust and the capabilities of BeyondCorp Enterprise made them an ideal partner for our journey,” said Tim Collyer, Director of Enterprise Information Security at Motorola Solutions, Inc.

Support from a robust ecosystem of partners

Our partners are key to our effort to further promote and democratize this technology. The BeyondCorp Alliance allows customers to leverage existing controls to make adoption easier while adding key functionality and intelligence that enables customers to make better access decisions. Check Point, Citrix, CrowdStrike, Jamf, Lookout, McAfee, Palo Alto Networks, Symantec (a division of Broadcom), Tanium and VMware are members of our Alliance who share our vision.

“As we enter a new era of security, enterprises want a seamless security model attuned to the realities of remote work, cloud applications, and mobile communications. Zero trust is that model, and critical to its efficacy is the ability to readily assess the health of endpoints. Who is accessing them? Do they contain vulnerabilities? Are they patched and compliant?” said Orion Hindawi, co-founder and CEO of Tanium. “With Google Cloud, we’re on a journey to offer today’s distributed businesses joint solutions that provide visibility and control into activities across any network to any application for both users and endpoints.”

Matthew Polly, VP WW Alliances, Channels, and Business Development at CrowdStrike said, “In today’s complex threat environment, zero trust security is fundamental for successful protection. BeyondCorp Enterprise customers will be able to seamlessly leverage the power of the CrowdStrike Falcon platform to deliver complete protection through verified access control to their business data and applications and secure their assets and users from the sophisticated tactics of cyber adversaries, including lateral movement.” 

“The rapid move to the cloud and remote work are creating dynamic work environments that promise to drive new levels of productivity and innovation. But they have also opened the door to a host of new security concerns and sparked a significant increase in cyberattacks,” said Fermin Serna, Chief Information Security Officer, Citrix. “To defend against them, enterprises must take an intelligent approach to workspace security that protects employees without getting in the way of their experience following the zero trust model. And with Citrix Workspace and BeyondCorp Enterprise, they can do just this.”

Dan Quintas, Sr. Director of Product Management at VMware also added, “Google’s commitment to security is clear and in today’s environment, device access policies are a key piece of the zero trust framework. Using Workspace ONE integrations in BeyondCorp Enterprise, customers can leverage device compliance status information to protect corporate information and ensure their users stay productive and secure.”

We also continue to collaborate with Deloitte’s industry-leading cyber practice to deliver end-to-end architecture, design, and deployment services to assist our customers’ zero-trust journeys.

“Implementing and operationalizing a zero trust architecture is critically important for organizations today,” said Deborah Golden, Deloitte Risk & Financial Advisory Cyber & Strategic Risk leader and principal, Deloitte & Touche LLP. “Both Google Cloud and Deloitte are well positioned to deliver this secure transformative change for our clients and together provide a modern security approach that’s seamless to integrate into existing infrastructures.”

Take the next step

The adoption of zero trust is an imperative for security modernization, and BeyondCorp Enterprise can help organizations overcome the challenges that come with the embrace of such a disruptive innovation. To learn more about BeyondCorp Enterprise, register for our upcoming webinar on Feb 23 and be sure to check out our BeyondCorp product home page.

To learn more about the security features of Chrome Enterprise, including the new threat and data protection features available in BeyondCorp Enterprise, attend our upcoming webinar on January 28 by registering here.

Read More