Google Cloud Next is now in its third day.
Mind set change is often required to adopt new solutions. For example, a horse and buggy driver will have a hard time figuring out how to harness the 200 “horse power” under the hood until he realizes that you don’t need to handle 200 reins, and you just have a steering wheel, one gas pedal, one brake, and maybe a clutch. What about security for cloud computing and apps?
Take the issue of ensuring two factor authentication to login to a system based on what you know (the password) and what you have (some special key). The classic method from the old days was to use something like a token (a hardware or software key) that generates a one time code. That worked fine, but it required looking after the key very carefully so it wouldn’t get lost. Furthermore, if you log into multiple systems, you may get issued multiple keys, each with a different expiration date, and it starts to get unwieldy.
Google announced support for Security Key Enforcement for GCP and G Suite apps via two-factor authentication (2FA). The use of security keys (provided by FIDO UFA compatible keys, such as those from Yubico) is not new, as it was supported for several years. What matters for the enterprise is the model for using 2FA in Google’s world. You don’t need to take care of each key like it’s precious. You can pick them up from a cookie jar by the handful and stash them away anywhere. You can even attach one to your laptop’s USB port and have it there all the time. This is similar to the pets (a special companion that you care for) vs. cattle (just an animal in a herd) analogy in scalable cloud architectures.