Beyond the Edge
Beyond the Edge
The eyes of the tech world are all on Google with the announcement that Google's Compute Engine cloud service is now open to the public. The new service is Google's answer to Amazon's AWS cloud system and is poised to capture some of the same customers. Many are predicting Compute Engine will be a game changer, as the sports addicts would say: a historic move that will change the whole landscape – and they might be right. If anyone has the power and personnel to take on Amazon, it is definitely Google, although it is worth remembering that, after striking it rich with search, Google's later attempts to swallow whole industries have not always been as successful as the experts predicted. (Anyone remember when Google Wave was supposed to take down Facebook?)
The eyes of the tech world are all on Google with the announcement that Google's Compute Engine cloud service is now open to the public. The new service is Google's answer to Amazon's AWS cloud system and is poised to capture some of the same customers. Many are predicting Compute Engine will be a game changer, as the sports addicts would say: a historic move that will change the whole landscape – and they might be right. If anyone has the power and personnel to take on Amazon, it is definitely Google, although it is worth remembering that, after striking it rich with search, Google's later attempts to swallow whole industries have not always been as successful as the experts predicted. (Anyone remember when Google Wave was supposed to take down Facebook?)
We will all be interested to see what comes of the great showdown between Google and Amazon, plus Oracle, HP, Amazon, and a host of other tech titans who have entered the IT cloud thunderdome. But I'm also interested in another project at Google that might change a different game.
Googlers Jan Monsch and Harald Wagener gave a presentation at the recent Usenix LISA 2013 conference on a Google project called Beyond Corp. According to the talk, the mission of the Beyond Corp project is to "re-architect corporate services to remove any privilege associated with having a corporate address." This simple 13-word description might seem arcane, but the implications are enormous.
What these Googlers are really talking about is eliminating the whole concept of a perimeter defense protecting an internal network. As the speakers put it, "Firewalls don't help." Intruders have too many ways around them. The concept of a "perimeter" implies a hostile "outside" and an "inside" with a heightened level of trust. Google, and many security experts, find this concept obsolete. Why automatically assume that anyone who accesses the network from within the geographical region enclosed by the border routers has a right to be there? Maybe an intruder hooked up a laptop from an empty cubicle. Once you work through the implications of how to deal with this kind of scenario, the conversation quickly converges around the concept that zero trust might be the safest way to run a network. And once you decide you're not going to trust anyone on the local network, the difference between the inside and the outside starts to look quite rusty.
Part of Google's solution is to "move trust from the network level (IP address) to the device level." Every device on the network must authenticate. The authorization process is separate from authentication. The network has knowledge of the device state and maintains an inventory of device properties that serves as a means for ensuring the device hasn't been altered. All traffic on the network is encrypted.
The idea of devices authenticating to gain access to the network is nothing new. Some networks require authentication by MAC address to receive an IP address through DHCP. Google's plan takes this idea of restricted local access much further, with a much more elaborate investigation than a simple check of the MAC address.
Perhaps more interesting than the actual technology is the way Google is framing the problem – and their bold prediction that the corporate network will soon be a relic of the distant past. The IT network security space is dominated by huge hardware vendors like Cisco and huge IT software vendors like Microsoft. A whole generation of admins has grown up around a view of the network with the good guys on one side and the bad guys on the other, and with simple mechanisms for granting access to resources through passwords and group memberships. Google has no chance to ever conquer the firewall business, so why not just make firewalls obsolete – through technology, but also by projecting an alternative vision for what the network is and how to protect it. Recent revelations of government snooping, and the constant patter of stories about intruders stealing passwords and credit card numbers, indicate they might even be right.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.
-
ZorinOS 17.1 Released, Includes Improved Windows App Support
If you need or desire to run Windows applications on Linux, there's one distribution intent on making that easier for you and its new release further improves that feature.
-
Linux Market Share Surpasses 4% for the First Time
Look out Windows and macOS, Linux is on the rise and has even topped ChromeOS to become the fourth most widely used OS around the globe.
-
KDE’s Plasma 6 Officially Available
KDE’s Plasma 6.0 "Megarelease" has happened, and it's brimming with new features, polish, and performance.
-
Latest Version of Tails Unleashed
Tails 6.0 is based on Debian 12 and includes GNOME 43.
-
KDE Announces New Slimbook V with Plenty of Power and KDE’s Plasma 6
If you're a fan of KDE Plasma, you'll be thrilled to hear they've announced a new Slimbook with an AMD CPU and the latest version of KDE Plasma desktop.
-
Monthly Sponsorship Includes Early Access to elementary OS 8
If you want to get a glimpse of what's in the pipeline for elementary OS 8, just set up a monthly sponsorship to help fund its continued existence.