Beyond the Edge
Beyond the Edge
The eyes of the tech world are all on Google with the announcement that Google's Compute Engine cloud service is now open to the public. The new service is Google's answer to Amazon's AWS cloud system and is poised to capture some of the same customers. Many are predicting Compute Engine will be a game changer, as the sports addicts would say: a historic move that will change the whole landscape – and they might be right. If anyone has the power and personnel to take on Amazon, it is definitely Google, although it is worth remembering that, after striking it rich with search, Google's later attempts to swallow whole industries have not always been as successful as the experts predicted. (Anyone remember when Google Wave was supposed to take down Facebook?)
The eyes of the tech world are all on Google with the announcement that Google's Compute Engine cloud service is now open to the public. The new service is Google's answer to Amazon's AWS cloud system and is poised to capture some of the same customers. Many are predicting Compute Engine will be a game changer, as the sports addicts would say: a historic move that will change the whole landscape – and they might be right. If anyone has the power and personnel to take on Amazon, it is definitely Google, although it is worth remembering that, after striking it rich with search, Google's later attempts to swallow whole industries have not always been as successful as the experts predicted. (Anyone remember when Google Wave was supposed to take down Facebook?)
We will all be interested to see what comes of the great showdown between Google and Amazon, plus Oracle, HP, Amazon, and a host of other tech titans who have entered the IT cloud thunderdome. But I'm also interested in another project at Google that might change a different game.
Googlers Jan Monsch and Harald Wagener gave a presentation at the recent Usenix LISA 2013 conference on a Google project called Beyond Corp. According to the talk, the mission of the Beyond Corp project is to "re-architect corporate services to remove any privilege associated with having a corporate address." This simple 13-word description might seem arcane, but the implications are enormous.
What these Googlers are really talking about is eliminating the whole concept of a perimeter defense protecting an internal network. As the speakers put it, "Firewalls don't help." Intruders have too many ways around them. The concept of a "perimeter" implies a hostile "outside" and an "inside" with a heightened level of trust. Google, and many security experts, find this concept obsolete. Why automatically assume that anyone who accesses the network from within the geographical region enclosed by the border routers has a right to be there? Maybe an intruder hooked up a laptop from an empty cubicle. Once you work through the implications of how to deal with this kind of scenario, the conversation quickly converges around the concept that zero trust might be the safest way to run a network. And once you decide you're not going to trust anyone on the local network, the difference between the inside and the outside starts to look quite rusty.
Part of Google's solution is to "move trust from the network level (IP address) to the device level." Every device on the network must authenticate. The authorization process is separate from authentication. The network has knowledge of the device state and maintains an inventory of device properties that serves as a means for ensuring the device hasn't been altered. All traffic on the network is encrypted.
The idea of devices authenticating to gain access to the network is nothing new. Some networks require authentication by MAC address to receive an IP address through DHCP. Google's plan takes this idea of restricted local access much further, with a much more elaborate investigation than a simple check of the MAC address.
Perhaps more interesting than the actual technology is the way Google is framing the problem – and their bold prediction that the corporate network will soon be a relic of the distant past. The IT network security space is dominated by huge hardware vendors like Cisco and huge IT software vendors like Microsoft. A whole generation of admins has grown up around a view of the network with the good guys on one side and the bad guys on the other, and with simple mechanisms for granting access to resources through passwords and group memberships. Google has no chance to ever conquer the firewall business, so why not just make firewalls obsolete – through technology, but also by projecting an alternative vision for what the network is and how to protect it. Recent revelations of government snooping, and the constant patter of stories about intruders stealing passwords and credit card numbers, indicate they might even be right.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
New Slimbook EVO with Raw AMD Ryzen Power
If you're looking for serious power in a 14" ultrabook that is powered by Linux, Slimbook has just the thing for you.
-
The Gnome Foundation Struggling to Stay Afloat
The foundation behind the Gnome desktop environment is having to go through some serious belt-tightening due to continued financial problems.
-
Thousands of Linux Servers Infected with Stealth Malware Since 2021
Perfctl is capable of remaining undetected, which makes it dangerous and hard to mitigate.
-
Halcyon Creates Anti-Ransomware Protection for Linux
As more Linux systems are targeted by ransomware, Halcyon is stepping up its protection.
-
Valve and Arch Linux Announce Collaboration
Valve and Arch have come together for two projects that will have a serious impact on the Linux distribution.
-
Hacker Successfully Runs Linux on a CPU from the Early ‘70s
From the office of "Look what I can do," Dmitry Grinberg was able to get Linux running on a processor that was created in 1971.
-
OSI and LPI Form Strategic Alliance
With a goal of strengthening Linux and open source communities, this new alliance aims to nurture the growth of more highly skilled professionals.
-
Fedora 41 Beta Available with Some Interesting Additions
If you're a Fedora fan, you'll be excited to hear the beta version of the latest release is now available for testing and includes plenty of updates.
-
AlmaLinux Unveils New Hardware Certification Process
The AlmaLinux Hardware Certification Program run by the Certification Special Interest Group (SIG) aims to ensure seamless compatibility between AlmaLinux and a wide range of hardware configurations.
-
Wind River Introduces eLxr Pro Linux Solution
eLxr Pro offers an end-to-end Linux solution backed by expert commercial support.