back to article Google's plan to win the cloud war hinges on its security aspirations

Google's quest to steal cloud customers from rivals Amazon and Microsoft will be won – or lost – based on its strength as a cybersecurity provider. The web giant is pumping billions of dollars into its security offerings so that this big bet will pay off. This includes mergers and acquisitions as well as building out …

  1. hitmouse

    If you're in a regulated environment outside the US then Google is simply not an option. Google's servers are in the US, so data residency laws mitigate against using it. Also Google's Ts & Cs are a big raspberry to IP and confidentiality so if you're doing research then you don't want to be sending your data to Google to train its AI.

    Contrast Microsoft and Amazon who offer regional or in-country data centres.

    1. b0llchit Silver badge
      Facepalm

      Contrast Microsoft and Amazon who offer regional or in-country data centres.

      And they do not spy on your data? Besides the fact that these companies have less than stellar reputation, have you ever heard of the cloud act in the USA?

      Anyhoo, your eyes must be very brightly blue to accept that cloud systems, regardless provider, provide private containerization for your private data only to be seen by your private blue eyes. Dream on, I'd say.

      1. Anonymous Coward
        Anonymous Coward

        Microsoft don't. Show me any evidence you have to the contrary. See https://www.microsoft.com/en-gb/trust-center/compliance/regional-country-compliance for example.

        1. b0llchit Silver badge
          Black Helicopters

          They sent a "your name has been mentioned in..." email when someone mentioned me in a office365 app. This can only be done if they read the messages and correlate with other users.

          It does not matter if it is manual or a machine doing the reading. They have access and they are using it.

          The "compliance" statement is very patient and, IMHO, not worth the words written. Do you really think that the NSA or other TLAs advertise access to any and all communication? Who can be so naive?

          1. philstubbington

            That’s within your organisations own tenant, or in another tenant that your organisation has consented to a controlled level of access. Either way, it’s with consent.

            1. b0llchit Silver badge

              Never was consent given. The organization actually had a written version of "not consenting to any automated analysis in any way" and "not consenting to anybody having access except the employer organization". I notified the employer that they were in breach of the GDPR and filed an official complaint.

              1. philstubbington

                They wouldn’t have been able to sign up to Microsoft services without agreeing to it. I suspect someone didn’t read the agreement.

          2. hitmouse

            " They sent a "your name has been mentioned in..." email when someone mentioned me in a office365 app"

            That means that your name has been @mentioned just like on Twitter or other message platforms. So it is simply a message via lookup in your organisation's active directory. You may as well complain about receiving emails because someone looked up your email address.

    2. Anonymous Coward
      Anonymous Coward

      Huh?

      Of course Google has data centers in Europe.

      1. Anonymous Coward
        Anonymous Coward

        Re: Huh?

        Well, they have 6 it would appear.

        https://www.google.com/about/datacenters/locations/

        not many in comparison to Microsoft or Amazon.

    3. Anonymous Coward
      Anonymous Coward

      Please fact check your own post as it's full of incorrect statements. You really believe a global hyperscaler only has servers in the USA lol?? Try

      What about GCPs Data Residency controls to keep data in Region (of which they have 29 around the world)??

  2. RyokuMas
    Facepalm

    People in glass houses...

    Security...

    ... from those who, without consent, have obtained and used NHS records, location data, home wifi data, email content, etc., etc..

  3. Binraider Silver badge

    Hint. It's already lost.

    Not that I particularly like the alternatives; but there are a lot of outfits that already have their dependencies well and truly embedded in AWS and/or Azure; and especially, on Sharepoint/OneDrive/Active Directory.

    Counting the weeks and days till there is a disastrous outage (which there will be) on these single points of failure that every big org has been keen to leap on rather than keep it's own IT estate.

    1. Cederic Silver badge

      There are two ways the Azure Office365 and related services could go down.

      One is a nation state physical attack on multiple data centres, in multiple countries, as anything more limited in scope merely results in failover to another data centre (potentially in another country). If that happens I suspect office email is not going to be a priority for many people.

      The other is a currently undiscovered/undisclosed vulnerability that takes days/weeks to resolve. That's a genuine concern - but also one that companies would exposed to if they hosted the software themselves. For many companies they're less vulnerable on Azure, as Microsoft's basic minimum protections are better than many organisations could muster in-house.

      The impact would be widespread, but at an individual organisation level the risk doesn't feel materially different.

      1. philstubbington

        Not to mention Microsoft's 3,500 security staff and counting.

      2. Claptrap314 Silver badge

        The first time (that I recall), it happened because some some thunderstorms in the San Antonio area that apparently induced just enough current in the power supplies to cause a data center in Bexar county to take a powder. That data center was where ALL ids were cleared for Office & most other services. AIR, the published post mortem did not mention changing their architecture in the obvious fashion.

        The one I personally got to experience was when some joker managed to push an empty file to their DNS resolvers. That post mortem (which I studied carefully) did not mention taking any step to ensure that they could even, for instance, keep up with their DNS servers...

        We don't call it Office 359 for nothing. There is no way to professionally sign off on more than 99.7% (2.5 nines) uptime if Azure is your base--and if you are even a little paranoid, I would stop at 99%.

  4. Gwaptiva

    Google, Microsoft, Amazon et al should be hard at work lobbying the US government to scrap stuff like the CLOUD Act and introduce privacy safeguards as strong as the EU's, or they can all forget about winning in the EU.

    Yes, AFAIK, the existence of the CLOUD Act and its impact on GDPR has yet to be decided by the European courts, but if previous verdicts about Safe Harbour etc are anything to go by, the fact that an individual European citizen lacks practical legal recourse when their data are improperly handled by US companies, suggests it won't be long before cloud solutions operated by US-owned companies, even if those are EU subsidiaries/joint ventures etc, are declared non-GDPR, and as such will be off-limits to almost every operation in the EU

    1. Claptrap314 Silver badge

      You think that something like a statute is enough to stop the ATF from murdering US citizens? Why on earth would it stop the NSA from grabbing whatever data they want?

      In the US, the laws are for us citizens, not the government. Please name one place where this is not the case.

      If you are not a US entity, and data sovereignty is a top concern, then you cannot have that data go anywhere near the US.

      If you are not a Chinese entity, and data sovereignty is a top concern, then you cannot have that data go anywhere near China.

      If you are not a European entity, and data sovereignty is a top concern, then you cannot have that data go anywhere near Europe.

      If you are not an Indian entity, and data sovereignty is a top concern, then you cannot have that data go anywhere near India.

      If you are not a Russian entity, and data sovereignty is a top concern, then you cannot have that data go anywhere near Russia.

      ...

  5. ifadams

    No matter how shiny and important somebody on the inside thinks security is, its an uphill battle to make it the deciding factor for customers. Orgs and businesses generally don't make a cloud shopping decision based on who has the better security features....

    Should they? That's a debate worth having. Will they? I am cynical about that....

  6. Claptrap314 Silver badge
    Pint

    Hope springs eternal

    As very, VERY much as I would like to think that trading on security wins, you must first explain the following data point: Azure is now winning more business than AWS.

    How does Azure security compare to AWS? Care to count the news articles?

    How does Azure reliability compare to AWS? Again, care to count the news articles?

    This reminds me very much of the JEDI fiasco. AWS thought that they could buy control of the specs, and win the contract that way. WHOOPS! Microsoft bought the people who actually make the decisions.

    Microsoft is going after the decision makers. Not the technical experts. And they are rolling over AWS. Google is playing a loser hand.

    For crying in. --------------->

  7. Kevin McMurtrie Silver badge

    Security?

    Google's whole product line revolves around backing everyone into a corner where no privacy exists and being deaf to all complaints. They host hackers and bots on GCP, Trojan horses in Google Drive and Play Store, spammers in Gmail, and content pirates on YouTube. It's all thanks to completely automated algorithmic management.

    Rest assured that you'll be notified of your compromised hosting after it's in at least 3 public block lists, 15000 abuse reports, and a web crawler finds your data on a piracy site.

  8. Robert Grant

    This report of what was said in a conversation could've been a YouTube video.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like