A peek inside Google
Search giant reveals how it handles security and drops hints about “custom silicon” safeguarding.
Google has given the world a peek into how it secures its internal and public cloud service with the publication of an infrastructure security design overview. The document (see https://cloud.google.com/ security/security-design) is among a number of resources made available by the search giant as it pushes to challenge AWS’ position as the dominant cloud platform.
Presumably designed to reassure potential (large) customers and provide a quick check list of security features they might want to consider using Google for hosting, there are a couple of nuggets of information previously not widely known about the internal workings of the famously secretive company. There is an admission that custom silicon has been designed, including a hardware security chip deployed on servers and peripherals. This provides a level of identification and assurance that a system is legitimate at the hardware level. This chip provides cryptographic signatures for the stack that the machine boots—from the BIOS upwards. There’s also information about how remote procedure calls are encrypted and everything that’s written to disk (indeed, there are details on both application layer and disk hardware layer encryption being used). The whole set of documentation is well worth a look for anyone interested in the security and operation of modern infrastructure (especially anyone designing something from the ground up).
A second ‘present’ from Google was the online release of its recently published book SiteReliabilityEngineering under a Creative Commons licence ( https://landing.google. com/sre/book.html). Covering a variety of modern system administration topics at a range of levels, the book is a collection of insights into how Google SREs approach various operational tasks and issues and is great resource for any budding sysadmin.
Finally, some good news from the Linux Foundation which announced that RethinkDB has been ’rescued’ following the purchase of the rights to its source code by the Cloud Native Computing Foundation (CNCF). The company behind the open source database shut down last year leaving the code in the hands of creditors under an AGPL licence. The Linux Foundation now has ownership using the more permissive Apache software licence ( http://rethinkdb.com).