Beyond the Edge
Beyond the Edge
The eyes of the tech world are all on Google with the announcement that Google's Compute Engine cloud service is now open to the public. The new service is Google's answer to Amazon's AWS cloud system and is poised to capture some of the same customers. Many are predicting Compute Engine will be a game changer, as the sports addicts would say: a historic move that will change the whole landscape – and they might be right. If anyone has the power and personnel to take on Amazon, it is definitely Google, although it is worth remembering that, after striking it rich with search, Google's later attempts to swallow whole industries have not always been as successful as the experts predicted. (Anyone remember when Google Wave was supposed to take down Facebook?)
The eyes of the tech world are all on Google with the announcement that Google's Compute Engine cloud service is now open to the public. The new service is Google's answer to Amazon's AWS cloud system and is poised to capture some of the same customers. Many are predicting Compute Engine will be a game changer, as the sports addicts would say: a historic move that will change the whole landscape – and they might be right. If anyone has the power and personnel to take on Amazon, it is definitely Google, although it is worth remembering that, after striking it rich with search, Google's later attempts to swallow whole industries have not always been as successful as the experts predicted. (Anyone remember when Google Wave was supposed to take down Facebook?)
We will all be interested to see what comes of the great showdown between Google and Amazon, plus Oracle, HP, Amazon, and a host of other tech titans who have entered the IT cloud thunderdome. But I'm also interested in another project at Google that might change a different game.
Googlers Jan Monsch and Harald Wagener gave a presentation at the recent Usenix LISA 2013 conference on a Google project called Beyond Corp. According to the talk, the mission of the Beyond Corp project is to "re-architect corporate services to remove any privilege associated with having a corporate address." This simple 13-word description might seem arcane, but the implications are enormous.
What these Googlers are really talking about is eliminating the whole concept of a perimeter defense protecting an internal network. As the speakers put it, "Firewalls don't help." Intruders have too many ways around them. The concept of a "perimeter" implies a hostile "outside" and an "inside" with a heightened level of trust. Google, and many security experts, find this concept obsolete. Why automatically assume that anyone who accesses the network from within the geographical region enclosed by the border routers has a right to be there? Maybe an intruder hooked up a laptop from an empty cubicle. Once you work through the implications of how to deal with this kind of scenario, the conversation quickly converges around the concept that zero trust might be the safest way to run a network. And once you decide you're not going to trust anyone on the local network, the difference between the inside and the outside starts to look quite rusty.
Part of Google's solution is to "move trust from the network level (IP address) to the device level." Every device on the network must authenticate. The authorization process is separate from authentication. The network has knowledge of the device state and maintains an inventory of device properties that serves as a means for ensuring the device hasn't been altered. All traffic on the network is encrypted.
The idea of devices authenticating to gain access to the network is nothing new. Some networks require authentication by MAC address to receive an IP address through DHCP. Google's plan takes this idea of restricted local access much further, with a much more elaborate investigation than a simple check of the MAC address.
Perhaps more interesting than the actual technology is the way Google is framing the problem – and their bold prediction that the corporate network will soon be a relic of the distant past. The IT network security space is dominated by huge hardware vendors like Cisco and huge IT software vendors like Microsoft. A whole generation of admins has grown up around a view of the network with the good guys on one side and the bad guys on the other, and with simple mechanisms for granting access to resources through passwords and group memberships. Google has no chance to ever conquer the firewall business, so why not just make firewalls obsolete – through technology, but also by projecting an alternative vision for what the network is and how to protect it. Recent revelations of government snooping, and the constant patter of stories about intruders stealing passwords and credit card numbers, indicate they might even be right.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Rhino Linux Announces Latest "Quick Update"
If you prefer your Linux distribution to be of the rolling type, Rhino Linux delivers a beautiful and reliable experience.
-
Plasma Desktop Will Soon Ask for Donations
The next iteration of Plasma has reached the soft feature freeze for the 6.2 version and includes a feature that could be divisive.
-
Linux Market Share Hits New High
For the first time, the Linux market share has reached a new high for desktops, and the trend looks like it will continue.
-
LibreOffice 24.8 Delivers New Features
LibreOffice is often considered the de facto standard office suite for the Linux operating system.
-
Deepin 23 Offers Wayland Support and New AI Tool
Deepin has been considered one of the most beautiful desktop operating systems for a long time and the arrival of version 23 has bolstered that reputation.
-
CachyOS Adds Support for System76's COSMIC Desktop
The August 2024 release of CachyOS includes support for the COSMIC desktop as well as some important bits for video.
-
Linux Foundation Adopts OMI to Foster Ethical LLMs
The Open Model Initiative hopes to create community LLMs that rival proprietary models but avoid restrictive licensing that limits usage.
-
Ubuntu 24.10 to Include the Latest Linux Kernel
Ubuntu users have grown accustomed to their favorite distribution shipping with a kernel that's not quite as up-to-date as other distros but that changes with 24.10.
-
Plasma Desktop 6.1.4 Release Includes Improvements and Bug Fixes
The latest release from the KDE team improves the KWin window and composite managers and plenty of fixes.
-
Manjaro Team Tests Immutable Version of its Arch-Based Distribution
If you're a fan of immutable operating systems, you'll be thrilled to know that the Manjaro team is working on an immutable spin that is now available for testing.