nobeastsofierce - Fotolia
Assessing the Google Cloud security strategy
This week, bloggers assess the Google Cloud security strategy, Cisco's lessons from OpenStack and Arista's new containerized network operating system.
Dan Conde, an analyst at Enterprise Strategy Group Inc., in Milford, Mass., examined Google's new cloud security strategy, which incorporates a departure from traditional, two-factor authentication systems.
Instead, Conde said, the new Google Cloud security strategy incorporates FIDO Universal Authentication Framework security keys that can be stored anywhere -- even on a laptop USB port. This is a change from older systems, which required a software key to generate a one-time code and which might end up generating multiple keys when a user logged in to multiple systems.
According to Conde, Google's new cloud security strategy is much more secure because attackers -- both foreign and domestic -- cannot request the user's key and because keys can be easily revoked. Furthermore, because the keys are cryptosecure hardware, they tend to be more secure than SMS two-factor authentication codes.
SMS codes are often vulnerable to man-in-the-middle attacks, where a message may be intercepted or sent to multiple devices. "This is one of the ways in which it helps to turn your thinking upside down to appreciate new methods of securing enterprise assets on the cloud platforms of today, and it applies not only to Google but to other providers as well," Conde wrote in a blog post.
Read more of Conde's thoughts on the new Google Cloud security strategy.
Cisco, OpenStack and HyperFlex
Torsten Volk, an analyst at Enterprise Management Associates Inc., in Boulder, Colo., blames Opex as a key reason for the failure of OpenStack to catch on in large enterprises. Initial deployment and configuration has proved challenging, because a great deal of custom integration is often needed to add OpenStack to a traditional data center.
Organizations have also run afoul of separate management tools and a lack of hardware to support scaling up OpenStack environments. In spite of significant attention from network engineers, hardware upgrades can still complicate data center environments. Volk said Cisco has learned from the failure of OpenStack and incorporated these insights into its HyperFlex converged infrastructure.
According to Volk, Cisco's product aims to integrate workloads and microservices-based applications alongside each other, allowing enterprises to scale more effectively and manage infrastructure, automation and orchestration tools. Volk said Cisco's "secret sauce" stems from the HX file system, combined with a Cisco data fabric, allowing users to manage resources, network and storage performance from a cluster level. This enables users to add more CPU and storage as needed and handle intermittent virtual machine performance.
Explore more of Volk's thoughts on Cisco and OpenStack.
Implications of Arista's new containerized OS
Drew Conry-Murray, writing in Packet Pushers, reviewed Arista Networks' launch of cEOS, a containerized launch of its EOS network operating system. Because the system is disaggregated from its underlying Linux kernel, it can run in containers and is deployable on Arista and white box switch platforms. Currently, the new OS only supports single-chip top-of-rack switches, such as Broadcom's Trident, Tomahawk and Helix chipsets.
According to Conry-Murray, Arista's aim of supporting a software-driven infrastructure yielded disaggregation and white box switching as byproducts. Conry-Murray raised questions about whether Arista's product is being designed to support Barefoot Networks' Tofino chip, as it challenges Broadcom in the switch silicon market. However, for the time being, it appears that Arista is focusing exclusively on merchant silicon used in its own hardware and targeting cloud providers while anticipating eventual future demand in large enterprises.
Dig deeper into Conry-Murray's thoughts on Arista cEOS.