Recently, Google has been the pioneer of information technology innovation amongst its contemporaries, running its infrastructures on containers using its container orchestration system called Borg. Borg manages clusters that run thousands of jobs from different applications, across numbers of clusters with different machines, achieving high utilisation, minimised fault-recovery time, and scheduling policies reducing the probability of correlated features. Running on this kind of architecture, Google’s major priority now is the need of its customers to have more security for their data.
In the past, infrastructures run on the traditional perimeter-based security model where a firewall protects a boundary or a perimeter to secure any users or services on the inside. As developments emerged, this kind of security is not enough. It does not work with end-users and what’s inside may not be considered safe anymore. With this and the inspiration of Google’s architecture, cloud-native security is born.
Google developed BeyondProd to address and prioritising security for many organisations as they seek to adopt this new environment. BeyondProd is developed believing that as the perimeter, as well as what lies inside is no longer a safe place to host. It optimised the following security principles:
- Protection of the network at the edge
- No inherent mutual trust between services
- Trusted machines running code with known provenance
- Chokepoints for consistent policy enforcement across services, ensuring authorised data access
- Simple, automated, and standardised change rollout, and
- Isolation between workloads
The transition from perimeter-based security to a cloud-native one also requires changes not just in the infrastructure, but, as well as the development and deployment of the whole lifecycle. Google has designed and developed internal tools and services to protect infrastructures, evolving into the principles followed in BeyondProd. BeyondProd represents a leap forward in security and by applying it to your own cloud-native infrastructure, you can now rest easy thinking that everything is secured, not just at the edge, but also what’s kept inside.