Google today released details about App Engine Firewall and Titan, a purpose-built chip that establishes a "hardware root of trust" for Google Cloud Platform (GCP) servers. The security-centric offerings aim to help Google differentiate from Microsoft Azure and Amazon Web Services, both of which are tackling security in a range of ways.
Titan is a low-power microcontroller designed for Google hardware security requirements and scenarios, the company said in a prepared statement. It ensures a Google data center machine boots from a known good state using verifiable code, the company noted, and creates a hardware root of trust for cryptographic operations.
The chip offers integrity verification of firmware and software components and integrates with Google data centers' secure boot process to deliver additional layers of protection, the company said. By doing so, Titan provides the search giant with an audit trail of any changes done to a data center machine and chains and signs audit logs to make them tamper-evident.
Google Titan and Cryptographic Technology
The company also has developed an end-to-end cryptographic identity system based on Titan that can act as the root of trust for various cryptographic operations in the company's data centers, the business noted. The identity system enables back-end systems to securely provision secrets and keys to individual Titan-enabled machines or jobs running on those machines.
Ultimately, Titan supports a goal to "protect the boot process by securing it with a dedicated entity that is explicitly engineered to behave in an expected manner," the company stated.
With the Titan ecosystem in place, Google reduces the risk of hardware backdoors and ensures that production infrastructure boots securely using authorized and verifiable code, according to the company.
App Engine Firewall: In addition to the Titan update, the company today unveiled Google App Engine Firewall, a GCP capability that enables App Engine users to control access to an app through a set of rules.
App Engine Firewall enables App Engine application developers and administrators to create a firewall to allow only traffic within a specific network or from a specific service, Google said in a prepared statement. It also allows App Engine users to block traffic to an app from malicious IP addresses.
Google vs. Amazon Web Services, Microsoft Azure
Anecdotal evidence suggests Google Cloud Platform is catching on in certain niches, including machine learning and artificial intelligence.
Still, competing head-on in commodity areas like Infrastructure as a Service (IaaS) could trigger a bloodbath for all three companies. And it's never fun to be a number three platform in maturing markets. Skeptical: Consider the plight of IBM OS/2 three decades ago vs. Windows and macOS. And more recently, consider the painful journey of Microsoft Windows Mobile vs. Apple iOS and Google Android.
With those history lessons in mind, Google wants to keep differentiating its cloud services. Home grown security technology could be a great place to start.
Additional insights from Joe Panettieri.