Google Aims to Boost Cloud Security with Titan Chipset
The sky continues to be the limit for the cloud market, with IDC reporting earlier this month that the public cloud market will grow to $203.4 billion worldwide by 2020, up from a forecasted $122.5 billion in 2017. Cloud service providers are scrambling to corral as much of that market at possible.
According to the Synergy Research Group, as of the second quarter of 2017, Amazon Web Services led the market with 34 percent market share, followed by Microsoft (11 percent), IBM (8 percent) and Google (5 percent); the next 10 providers totaled 19 percent, and the rest of the market made up the remaining 23 percent.
Google hopes to move up those rankings by making its cloud services more secure, and it plans to do that via a tiny chipset it calls Titan.
Google Addresses Cloud Security Concerns
Security remains one of the biggest roadblocks to wider cloud adoption, and that’s where Google is looking to differentiate itself from its competitors. The Titan announcement is part of an ongoing effort by the tech giant to ramp up the security of its Google Cloud Platform (GCP).
Urs Hölzle, the company’s senior vice president of technical infrastructure, dramatically unveiled Titan when he removed the tiny chip from his earring during the Google Cloud Next ’17 conference in March.
The computing chip will go into Google cloud servers with the purpose of establishing a “hardware root of trust” for both machines and peripherals connected to the cloud infrastructure.
This will give Google the ability to more securely identify and authenticate legitimate access at the hardware level within GCP. It’s one piece of a larger strategy on Google’s part to harden its cloud infrastructure, which also includes hardware the search giant designed, a firmware stack it controls, Google-curated OS images and a hypervisor the company hardened.
Verify Firmware and Identify Servers
In a company blog post, Google officials explain that, given the increased cybercriminal focus on privileged software attacks and firmware exploits, it’s important to be able to guarantee the security of the hardware supporting Google’s cloud platform. To do this, Titan focuses on securing two key processes.
The first is verifying the system firmware and software components — guaranteeing that what runs the machine is secure. Titan uses public key cryptography to establish the security of its own firmware and that of the host system.
The second process is establishing a strong, hardware-rooted system identity — verifying the identity of the machine itself. This process is tied back to the chip manufacturing process, wherein each chip has unique embedded keying material added to a registry database. The contents of this database are cryptographically protected using keys maintained by the Titan Certification Authority (CA).
When a Titan chip is built into a server, it can then generate certificate signing requests (CSRs) directed to the Titan CA. The CA will verify the authenticity of the CSRs based on the keying material in the registry database before issuing the server an identity certificate, which establishes the root of trust.
Titan’s identity verification measures support a nonrepudiable audit trail of any changes made to the system. And tamper-evident logging capabilities bring to light any changes made to firmware or software by a privileged insider.
A More Secure Server Means a More Secure Cloud
With a hardware-based root of trust verified on the server and the integrity of its firmware and software components also verified, a Titan-enabled machine will be validated and ready to engage with the GCP ecosystem.
Are customers themselves ready to engage more with the GCP ecosystem? The addition of the Titan chips to Google’s cloud servers targets a specific pain point for customers (especially those industries that have very specific security compliance needs, such as finance and healthcare).
Google is betting that its larger strategy of presenting a more secure cloud will increase its share of the cloud market.