UPDATED 07:30 EDT / MAY 18 2015

NEWS

Google’s cloud shift will pave the way for others

Google is rapidly embracing the cloud, and hopes to have all of its internal corporate applications running there in the not-too-distant future. Already, more than 90 percent of its corporate applications have migrated, and as such the company has had to change the way it thinks about security, reports The Wall Street Journal.

Google has devized a new security model called the “BeyondCorp Initiative”, which automatically assumes internal networks are as risky as the wide-open World Wide Web. That’s a direct contrast with the old security model, wherein it’s assumed that internal networks secured by firewalls are much safer than the Internet. As a result, Google’s ideas change both the way in which applications are accessed, and also the nature of cyberattacks, the WSJ notes.

“The perimeter security model works well enough when all employees work exclusively in buildings owned by an enterprise,” Google reliability engineering manager Rory Ward and technical writer Betsy Beyer wrote last December. “However, with the advent of a mobile workforce, the surge in the variety of devices used by this workforce, and the growing use of cloud-based services, additional attack vectors have emerged that are stretching the traditional paradigm to the point of redundancy.”

Therefore, Google’s new security model assumes that everything will be moved to the cloud, and that means networks can no longer be trusted. Instead, trust moves to the devices themselves, with employees being given fine-grained access that depends on their credentials and the type of device being used. Security protocols like authentication, authorization and encryption become essential, with traffic being encrypted no matter where an employee is or what device they are using.

Google now keeps a device inventory database that tracks all of the devices issued to its employees, as well as any changes that are made to them. Once a device has been authenticated, the user is also identified through a separate user database that’s tied to Google’s human resources processes in order to ensure such things as employee status and access are kept up to date.

One reason why some enterprises are so slow to adopt the Software-as-a-Service (SaaS) model is that most applications need to traverse the Internet, and that means they could be vulnerable to attack. Even so, most large enterprises use SaaS for some of their applications at least. In many cases it’s just the non-sensitive applications that have been moved to the cloud, as Gartner Inc. notes. However, the analsyt firm said this is slowly changing, and that a significant number of enterprises have begun moving critical apps to the cloud.

For those enterprises that have begun moving to the cloud, it’s high time that they too start thinking about changing the way they approach security. By following Google’s lead and establishing a new security model, it makes it far easier to bring about more wholesale moves to the cloud.

Some companies are already ahead of the curve. The WSJ notes that Coca-Cola Co., Mazda Motor Corp. and Verizon Wireless have all adopted a similar security model to that of Google, with security being performed via granular access and permissions instead of an internal network. It’s likely they are just the first of many – after all, once Google does something many people are happy to follow its lead, and doing so won’t just change the way we think about security, but will also have the knock-on effect of speeding up migration to the cloud.

Photo Credit: Dörk_Hö via Compfight cc

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU