Google's Urs Hoelzle: Cloud Will Soon Be More Secure - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
12:57 PM
Connect Directly

Google's Urs Hoelzle: Cloud Will Soon Be More Secure

Google's chief data center architect, Urs Hoelzle, says cloud security will improve faster than enterprise security in the next few years.

Cloud Certifications To Boost Your IT Skills
Cloud Certifications To Boost Your IT Skills
(Click image for larger view and slideshow.)

Google has pioneered key features of cloud computing, including chiller-less data centers, broader use of Linux containers, and the big data system that was the forerunner of NoSQL systems. Far from resting on its laurels, Google's Urs Hoelzle, senior vice president of technical infrastructure, said, "All the innovations that have happened so far [are] just a start."

Hoelzle made that pronouncement during the morning keynote address to Interop attendees at Mandalay Bay in Las Vegas on Wednesday, April 29.

And two areas that will show the greatest innovation over the next five years will be in cloud security and container use.

Cloud security will soon be recognized as better than enterprise data security because the cloud, by design, "is a more homogenous environment," he said. That means IT security experts are trying to protect one type of system, replicated hundreds or thousands of times, as opposed to a variety of systems in a variety of states of update and configuration.

Google's Urs Hoelzle

Google's Urs Hoelzle

In contrast, where one complex system has many different types of interactions with another complex system "little holes appear" that are hard for security experts to anticipate in every case.

Hoelzle said that the use of encryption on-the-fly and of scanning systems trained to look for threats and intruders is already in place, and will be extended over the next few years in Google's cloud operations.

In an interview afterward, he said the mapping of systems -- so that a cloud data center security system knows which application talks to which application, what policies are governing, who can access what data, etc. -- will give security experts an auditable tool with which to maintain security in depth. "You only have to get it right once and it's right every time," Hoelzle observed.

[Want to learn more about the Google Cloud Platform? See Google Turns Up The Heat On Amazon.]

In addition, for cloud users, the software changes in cloud systems occur behind APIs, so there's no fresh software at the surface in which an attacker may detect a vulnerability and exploit it. "There's no mistake on installation," that a hacker can see when the software sits behind an API, Hoelzle said.

"We run a large cloud that gets attacked every day," he said. After 15 years in which the company has

Continued on next page.

Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Charlie Babcock
Charlie Babcock,
User Rank: Author
5/5/2015 | 9:22:28 PM
A uniform environment easier to protect
GAProgrammer, You have a point that hackers have only one environment to decipher, but I think that the notion that a confusing environment is also a protected environment has been discredited. Better to know what you've got and take the best measures to shield it than to have intruders slipping in through the side door. 
Charlie Babcock
Charlie Babcock,
User Rank: Author
4/30/2015 | 5:51:54 PM
What if Target had been on Amazon?
Christian, Your points are well taken and things will play out as you describe in many enterprise data centers. But take Target, for example. Target doesn't believe in using the Amazon cloud, I just heard in the session that I"m attending at Cloud Connect/Interop. But what if Target by some stetch of the imagination had been operating on Amazon infrastructure. If it were, I suspect, someone there would have noticed the unusual pattern of milions of credit card numbers being streamed out the door to an address in Russia.
Charlie Babcock
Charlie Babcock,
User Rank: Author
4/30/2015 | 1:41:26 PM
A leadng Google thinker, writer
Hoelzle's The Data Center Is the Computer came out as a Google white paper in June 2009,and was one of few documents that defined what was essential about a cloud data center.  That timing also happened to be three months before I started work on Management Strategies for the Cloud Revolution and more than one of Hoelzle's perceptions and comments made their way into my effort. He is one of the leading pioneers and thinkers of cloud computing.
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll