markn.ca
Archive · · 7 min read

Stadia & Secure Access Design

Google recently announced a new, all-in-the-cloud gaming service called Stadia. For gaming fans, there's a lot of potential that—fingers crossed—hopefully pans out.

Stadia & Secure Access Design

Watch the episode on YouTube.

Reasonably Accurate 🤖🧠 Transcript

Hey, everybody mark here on this episode of the show, we're gonna talk about Google's new gaming service and how it relates to building secure remote access architectures. Now, that's a really weird intro. Um And I get it, but bear with me, this does make sense.

At least it made sense up here. So hopefully it makes sense out there. Google this week announced a new service called Stadia or at least they announced that Stadia was coming soon. And essentially it's gaming in the cloud at scale all of the computation, the GP US, everything runs in the Google cloud and you can access your gaming instance from your phone, from your tablet, from your chrome browser, from your chromecast on your TV, from anywhere you want.

And that's a really cool selling point. It's very much like the online service uh that we saw years ago that's on live. Um It tried and kind of failed to gain traction. Google seems to have a real shot with Stadia here because they are Google, they've got the clout to pull this off.

Um And it's also some real, very real gaming problems. In this case, the problem, they're solving is that GP US are expensive. Um And having all the computation and the games running in your house or on, on your mobile device like a switch or something like that.

That's a pain in the butt downloads of new games um releasing updates and patches. Uh making sure that latency between the client and the server, um you know, doesn't affect gameplay. All these are very real technical challenges that gamers deal with all the time.

Shoving all of that in the cloud simplifies the equation. All the hard stuff happens in the cloud and every gamers on equal footing is they have to just worry about with and latency to connect. It doesn't matter if they're on their phone.

It doesn't matter if they're on a tablet or if they're sitting in front of a massive widescreen TV. So that's really cool. You'll see more coming from stadia, um, over the next few months, I'm sure. And if you're a gamer, you're probably kind of excited about it.

If you've got a great internet connection, this could be a really, really cool thing. But how does this relate at all to security or privacy? Which is, of course, the theme of this show and this channel. Well, there was a slide, you can see it here.

Now, in the presentation where Google claimed you don't have to worry about. There's ha hackers or cheating, there's no hacking, no cheating. And why is that? Well, it's the same reason this is the design we use for secure networks, for desktop access or for user access.

So you see this a lot in government work for like secret top secret networks um for really um privacy and security concerned um organ organizations around corporate IP. You um see this model um the same kind of thing where everything's in a, in a secured perimeter or secure area and you just have remote access into it.

Um And the data never leaves and that's the whole core idea. So where Google Stadia is trying to tackle the challenge of gaming hardware and updates and moving big data around, we use the same design to um prevent data from moving around and leaking out to multiple places.

Because when you have this structure, you're normally using a protocol called PC over IP. And basically all that is is an optimized communication protocol to send screenshots back and forth between the client and the servers and to take input from a remote client to work a computer sitting in a data center in a cloud somewhere.

And it's a really interesting way of working. It's been, you know, evolving over the last 20 years. A lot of people have used these sort of uh terminals, you know, the concept goes way way back to the origins of mainframe computing and terminal computing.

Um And it just increased. And for years, the biggest problem was bandwidth, we might might finally be at the point where, uh, there's a broad enough access, there's fast enough access. I know when I use some of these services that aren't specifically designed for security, but for ease of access.

So things like Windows desktop on Azure or Aws, uh, workspace is, um, that when I use them for my tablet, it's pretty good. There's a little bit of lag sometimes if my connection sucks. Um, but in general, this is a pretty solid thing.

So for convenience, it's really good. But for security, there's some really significant advantages. And so let's put on our imagination hats for a minute. I wish I was like, Mr Dress up hardcore Canadian reference there. Um, where I had the tickle trunk, you could pull out and actually put on an imagination hat.

But I digress. So think about us having this, uh business that we are. Um, you know, we have sensitive information. We're working on a formula for New Coke, not actual New Coke, but like a new, new Coke, like a new Cola, a new soft drink.

We think it's going to be all the rage, but we want to make sure that that formula is protected. So instead of going through a traditional route where I have a copy on my laptop and I'm working on the model and you have a copy on your laptop or on your phone and you're working on that, what we've done is set up this secure network, we could be using a service from a cloud provider.

Maybe we built it out ourselves really doesn't matter. The concept is the same is that we're going to keep all the data on systems that we control and have really strong security around and active monitoring. And the only thing we're going to allow is these encrypted PC over IP connections to trusted clients.

And we're gonna set policies that say if you're going to log in and access this data or if I'm going to log in and access this data, I need two factor authentication. I need a client that won't allow screen captures.

I need to put a message in front of the user before they access it to remind them of how sensitive this is and we're going to disable external devices. So no USB sticks, no printing, nothing like that.

Now, this isn't a complete solution. There's still the potential that maybe I'm sitting here with my camera and filming my computer as I access this information, but it greatly reduces the risk. And now we can still log in and work on our collaborative software.

We can work on the model to figure out this formula so that we can have a new soft drink that takes the world by storm. And that's an interesting balance because what you've done with this design and it's the same design stadia is using in the back end, that same architectural concept is that we've tried to keep the user experience really, really high.

But we've already uh also tried to keep the data compartmentalized and that's uh um had limited success because the technologies have always had high user friction. People compare it to, you know, I'm using windows on my desktop or on my laptop and it works a certain way and then I log into the system and oh, it doesn't work anymore.

But it also allows because of this model, it allows the same device to be able to handle information at multiple different levels. So you could have your normal um you know, public information or just sensitive information on your normal tablet.

And then you click open this app that logs you in securely with a multi factor and meets all these criteria. And now you're working on a high level top secret sensitivity um data set. And then when you're done, you close that down and go back to your normal with one device instead of two or three or four or things like that.

So it's a really interesting architectural pattern and I thought stadio was a great opportunity to bring it up to your attention. So when you see a large um offering from a cloud provider like windows desktops like Aws workspaces instead of just going, oh, well, what's the use case for that?

No, my users won't take a degraded experience. Start thinking about the security or the privacy experience where maybe you've got a subset of users who are working on really sensitive information that you'd like to get a better handle on.

You'd like to put some controls around it so that you have a higher level of assurance without actually impacting your user experience or their ability to do their jobs. This is the pattern that works this remote cloud access into systems.

It's a really strong architectural pattern. Finally, we're at the point where we have the network bandwidth, we have the um low latency connections, we have the multitude of devices with these types of connections. Um And obviously, the cloud back ends to run it effectively will stadia take off.

That's another question because gaming is super sensitive to latency. And I don't know while people may have enough bandwidth on their connection. I don't know if they have latency efficient uh low enough latencies on these connections.

We'll see. I think it's a really interesting experiment, but at the end of the day, it's an excellent pattern for you to adopt. If you have an organizational use case for a team or lots of teams who have highly sensitive information.

That's it for today. Let me know what you think online. Hit me up, mark NC A on most social networks in the comments down below. And as always by email me at mark N dot C A. Look forward to talking to you about this issue, this architectural pattern.

Anything else under the sun around privacy and security? We'll see you on the next show.

Share Tweet Share Share Email

Read next