WTF is a 'software-defined community cloud'?
Basically a slice of public cloud with better isolation and governance – just like our cloud, says Google
Google has given us all a new variety of cloud to consider: a "software-defined community cloud".
The advertising giant’s thinking on this variety of cloud starts with the US National Institute of Standards and Technology's definition of a vanilla community cloud as "infrastructure … provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations)".
Google thinks community clouds built to that definition have "often … failed to meet specific objectives or required significant trade-offs for adopters" because they rely on physical separation for security.
Senior product manager Christopher Johnson and customer engineer Jason Callaway argue that physical separation doesn't actually harm security, but "often doesn't yield significant advances in security, manageability, or compliance". Community clouds can therefore have poor security within their castle walls.
The two Googlers reckon a software-defined community cloud can improve on that situation by offering better governance, even on shared infrastructure. Lest the notion remain too nebulous, they posit the following criteria:
- Projects are effectively private clouds with isolated infrastructure primitives, and their own enclave;
- Only personnel with specified qualities such as specific citizenship are allowed access;
- Data locality is enforced by software.
Another element that Johnson and Callaway suggest as unique to a software-defined community cloud is the use of "Assured Workloads" – which just happens to be a product from Google's cloud service.
Google's post suggests that software-defined community cloud could be a new way to do government clouds.
- US Defense Department invites four cloud firms to seek contracts for JEDI replacement system
- JEDI mind tricks: Google said Pentagon contract didn't align with company values. Now it's chasing another defence gig
- Japan picks AWS and Google for first gov cloud push
- Nuclear cloud: UK's reactor cleanup crew awards Softcat reseller deal for Microsoft licences, Azure services
While Google has coined jargon in this post, it hasn't really invented a new concept. It is far from alone in suggesting that well-governed multi-tenant infrastructure can handle demanding and sensitive workloads. Most major clouds have achieved government security certifications, and can point to deployment of impressive isolation technologies and careful access control. The likes of VMware and OpenStack will also put their hands up to run software-defined clouds for any community.
Google's post neglects to mention that its cloud lacks regions dedicated to governments, and that rivals AWS, Oracle, IBM, and Microsoft Azure all do possess such facilities in the USA.
Perhaps Google's new piece of jargon will interest public sector customers beyond the USA. But The Register can't imagine Google's cloudy rivals will be squirming at the prospect of being beaten by a highfalutin' name for a thing that already exists. ®
- App stores
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Google AI
- Google Nest
- G Suite
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Privacy Sandbox
- Tavis Ormandy
- Trusted Platform Module
- Zero trust