Google’s smart search for security
Google made waves this week with the launch of the much-hyped messaging app Allo. The app boasts some impressive features, including embedding Google Assistant into your conversations. “Smart Replies” learn from your behavior over time to offer up the type of replies that you’d typically give. The assistant can even analyze photos and help you make dinner reservations or buy movie tickets based on what’s happening in your conversation, without ever leaving the app.
More significantly, perhaps, is Google’s decision to offer an incognito mode that uses end-to-end encryption powered by the very strong Signal Protocol created by Open Whisper Systems. Users who opt in to incognito mode can also set messages to expire after a selected length of time and even prevent recipients from being able to screenshot the messages.
You might think of such features as table stakes by this point, or simply a decision to keep pace with other popular services like WhatsApp. But it’s actually the latest example of the company’s recent habit of building new and interesting security methods into just about everything it does.
Google is currently beta testing Trust API, which will enable users to leverage contextual authentication, and could eventually replace passwords with “trust scores” that draw on a number of factors, including a device’s location, to determine if a user is legitimate.
Innovative authentication methods extend to Google employees as well. The company is almost finished executing its BeyondCore initiative, which moves much of its infrastructure off of a private network and onto the internet. The move essentially acknowledges that it’s no longer worth trying to keep a corporate perimeter secure, and instead places focus on authenticating users and securing devices, applications and data.
Life is now easier for Google employees, who can use encrypted connections to work wherever they like without the need for VPNs. BeyondCorp focuses on user/device repudiation through authentication, user behavior and identity analytics, device reputation and intelligence statistics, all of which feeds into a completely new ‘Access Intelligence’ framework to protect company resources.
Google has invested a great deal of time and effort into this deployment, which began five years ago and is just now getting rolled out. The tech giant clearly believes that by moving to a zero-trust model, its infrastructure is safer and it possesses greater flexibility to deal with future attacks.
From Allo to Trust API to Beyondcore, Google is leading the pack when it comes to the innovative use of encryption and authentication. Like so many other Google innovations, the rest of the tech industry should be taking note and following suit.