Google’s Updated App Engine – “Secure” Data Connector: Your Firewall Means Nothing (Again)
This will be a quickie.
This is such a juicy topic and really merits a ton more than just a mention, but unfortunately, I’m out of time.
Google’s latest updates to the Google App Engine Platform has all sorts of interesting functionality:
- Access to firewalled data: grant policy-controlled access to your data behind the firewall.
- Cron support: schedule tasks like report generation or DB clean-up at an interval of your choosing.
- Database import: move GBs of data easily into your App Engine app. Matching export capabilities are coming soon, hopefully within a month.
To me, the most interesting is the boldfaced item above…Google Apps access to information behind corporate firewalls*
From a Cloud interoperability and integration perspective, this is fantastic. From a security perspective, I am as intrigued and concerned as I am about anytime I hear “access internal data from an external service.”
The capability to gain access to internal data is provided by the Secure Data Connector. You can find reasonably detailed information about it here.
Here’s how it works:
SDC forms an encrypted connection between your data and Google Apps. SDC lets you control who in your domain can access which resources using Google Apps.
SDC works with Google Apps to provide data connectivity and enable IT administrators to control the data and services that are accessible in Google Apps. With SDC, you can build private gadgets, spreadsheets, and applications that interact with your existing corporate systems.
The following illustration shows SDC connection components.
The steps are:
- Google Apps forwards authorized data requests from users who are within the Google Apps domain to the Google tunnel protocol servers.
- The tunnel servers validate that a user is authorized to make the request to the specified resource. Google tunnel servers are connected by an encrypted tunnel to SDC, which runs within a company’s internal network.
- The tunnel protocol allows SDC to connect to a Google tunnel server, authenticate, and encrypt the data that flows across the Internet.
- SDC uses resource rules to validate if a user is authorized to make a request to a specified resource.
- An optional intranet firewall can be used to provide extra network security.
- SDC performs a network request to the specified resource or services.
- The service verifies the signed requests and if the user is authorized, returns the data.
From a security perspective, access control and confidentiality are provided by filters, resource rules, and SSL/TLS encrypted tunnels. We’ll take this apart in detail (as time permits) later.
In the mean time, here’s a link to the SDC Security guide for developers.
…and no, you’re firewall likely won’t help save you (again.)
At least I won’t be bored now.
* The database import/export is profound also. Craig Balding followed up with his OAuth-focused commentary here.