Follow Mark on LinkedIn Follow @marknca on Twitter Follow marknca on YouTube
marknca

Mornings With Mark
no. // 0 0 0 1

Stadia & Secure Access Design

Subscribe to the podcast.

Watch the episode here

Join the discussion on LinkedIn

Tweet about this episode

Full machine generated transcript follows

Hey everybody, Mark here on this episode of the show. We're going to talk about Google's new gaming service and how it relates to building secure remote access architectures. Now, that's a really weird intro and I get it. But bear with me this does make sense. At least it made sense up here.

So hopefully it makes sense. OK Google this week announced the new service called Stevia or at least they announce that stadia was coming soon. And essentially it's gaming in the cloud at scale all of the computation the gpus everything runs in the Google cloud and you can access your gaming instance from your phone from your tablet from your Chrome browser from your Chromecast on your TV from anywhere you want and that's a really cool selling point.

It's very much. I like Abby online service that we saw years ago that's on live a tried and have failed to gain traction. Google seems to have a real shot. Stadia here because they are Google they've got the clout to pull this off and it's awesome real very real gaming problems.

In this case. The problem solving is that gpus are expensive and having all the computation and the games running in your house or on your mobile device like a switch or something like that. That's a pain in the butt downloads of new games. I'm releasing updates and patches. I'm making sure that latency between the client and a server doesn't affect the gameplay.

All these are very real technical challenges that Gamers deal with all the time shoving all of that in the cloud simplifies the equation all the hard stuff happens in the cloud and every game is on equal footing as they have to just worried about bandwidth and latency to connect.

It doesn't matter if they're on their phone doesn't matter if they're on a tablet or if they're sitting in front of a massive widescreen TV. So that's really cool. You'll see more coming from stadia. I'm over the next few months. I'm sure and if your game You probably kind of excited about it.

If you got a great internet connection. This could be a really really cool thing. But how does this relate at all to security or privacy which is of course the theme of this show and this channel there was a slide you can see it here. Now in the presentation where Google claim you don't don't worry about there's hackers or cheating no cheating and why is that? Well, it's the same reason this is the design we use for secure networks for desktop access or for user access.

So you see this a lot in government work for like secret top secret networks on for really privacy and security concerned organizations around corporate IP. You see this model the same kind of thing where everything's in a in a secured perimeter secure area and you just have remote access into it.

I'm in the day that never leaves and that's the whole core idea. So where Google Sadie has trying to tackle the challenge of gaming hardware and updates and moving Big Data around we use the same designed to prevent data from moving around and leaking out to multiple places because when you have this structure, you're normally using a protocol to call PC over IP and basically all that is is an optimized communication protocol to send screenshots back and forth between the client and the servers and to take input from a remote client to work a computer sitting in a Datacenter on a cloud somewhere and it's really interesting way of working.

It's been evolving over the last 20 years. Why do people have used these sort of terminals, you know, the concept goes way way back to the origins of Mainframe Computing in terminal Computing and it just increased and four years. The biggest problem was bandwidth. We might might finally be at the point where there's a broad enough access.

There's fasting Access I know I'm when I use some of these services that aren't specifically designed for security. How about for ease of access? So things like Windows desktop on Azure or AWS workspaces that when I use them for my tablet pretty good. There's a little bit of lag.

Sometimes it's my connection sucks. But in general is is a pretty salty sow for convenience. It's really good, but for security, there's some really significant advantages and so let's put on our imagination hats for a minute. I wish I was like, mr. Dressup hardcore Canadian reference there where I had the tickle trunk you can pull out and actually put on imagination but I think about us having this business that we are, you know, we have sensitive information.

We're working on a formula for New Coke not actual New Coke, but like a new new new Cola a new soft drink. We think it's going to be all the rage but we want to make sure that that formula is protected. So instead of going through a traditional right where I have a copy on my laptop and I'm working on the model and you have a copy on your lap.

Top 4 on your phone in your working on that. What we've done is set up the secure network. We could be using a service from a cloud provider. Maybe we built it out ourselves really doesn't matter the concept the same is that we're going to keep all the data on systems that we control and have really strong security around and active monitoring.

And the only thing we're going to allow is the encrypted PC over IP connections to trusted client to order set policies that say if you're going to login and access the state or if I'm going to login access to State. I need two Factor authentication. I need a client that won't allow screen captures.

I need to put a message in front of user before they access it to remind him of how sensitive this is and we're going to disable external devices. So no USB sticks no printing nothing like that. This isn't a complete solution. They're still the potential that maybe I'm sitting here with my camera and filming my computer is I access this information, but it greatly reduces the risk and now we can still log in and work on our collaborative software we can work.

Models to get this formula so we can have a new soft drink that takes the World by storm and that's an interesting balance because what you've done with this design is the same design stadia is using in the back on that same architectural concept is that we've tried to keep the user experience really really high but we've already also tried to keep the data compartmentalised and that's had limited success because the Technologies of always had high user friction people compare it to you know, I'm using Windows on my desktop or my laptop and it works a certain way and then I log into the system and it doesn't work anymore.

But it also allows because of this model allows the same device to be able to handle information multiple different levels. So you can have your normal, you know public information or just sensitive information on your normal tablet. And then you click open this app that logs you and securely with the multi-factor and meets all these criteria and now you're working on a high-level top-secret sensitivity data.

And then when you're done you close that down and go back to your normal with one device instead of two or three or four things like that. So it's a really interesting architectural pattern and I thought it was a great opportunity to bring it up to your attention. So when you see a large offering from a cloud provider like Windows desktops like AWS workspaces won't take a degraded experience start thinking about the security or the Privacy experience or maybe you got a subset of users were working on really sensitive information that you'd like to get a better handle on you like to put some controls around it so that you have a higher level of assurance without actually impacting your users experience or their ability to do their jobs.

This is the pattern that works on this remote Cloud access into systems as a really strong architectural pattern. Finally. We're at the point where we have the network bandwidth. We have the low latency connections. We have the multitude of devices with these types of connections and obviously the card back into run it effectively.

Stadia take off that's another question because gaming is super sensitive to latency. And I don't know why people may have enough bandwidth on their connection. I don't know if they have latency efficient load up late and sees all these connections will see I think it's a really interesting experiment but at the end of the day, it's an excellent pattern for you.

If you have an organizational use case for a team or lots of teams who have highly sensitive information, that's it for today. Let me know what you think online. Hit me up Mark NCAA on all social networks in the comment down below and as always by email me at Mark end.

CA look forward to talking to you about this issue this architectural pattern anything else Under the Sun around privacy and Security will see you on the next show. Hey everybody, Mark here on this episode of the show. We're going to talk about Google's new gaming service and how it relates to building secure remote access architectures.

Now, that's a really weird intro and I get it. But bear with me this does make sense. At least it made sense up here. So hopefully it makes sense. OK Google this week announced the new service called Stevia or at least they announce that stadia was coming soon. And essentially it's gaming in the cloud at scale all of the computation the gpus everything runs in the Google cloud and you can access your gaming instance from your phone from your tablet from your Chrome browser from your Chromecast on your TV from anywhere you want and that's a really cool selling point.

It's very much. I like Abby online service that we saw years ago that's on live a tried and have failed to gain traction. Google seems to have a real shot. Stadia here because they are Google they've got the clout to pull this off and it's awesome real very real gaming problems.

In this case. The problem solving is that gpus are expensive and having all the computation and the games running in your house or on your mobile device like a switch or something like that. That's a pain in the butt downloads of new games. I'm releasing updates and patches. I'm making sure that latency between the client and a server doesn't affect the gameplay.

All these are very real technical challenges that Gamers deal with all the time shoving all of that in the cloud simplifies the equation all the hard stuff happens in the cloud and every game is on equal footing as they have to just worried about bandwidth and latency to connect.

It doesn't matter if they're on their phone doesn't matter if they're on a tablet or if they're sitting in front of a massive widescreen TV. So that's really cool. You'll see more coming from stadia. I'm over the next few months. I'm sure and if your game You probably kind of excited about it.

If you got a great internet connection. This could be a really really cool thing. But how does this relate at all to security or privacy which is of course the theme of this show and this channel there was a slide you can see it here. Now in the presentation where Google claim you don't don't worry about there's hackers or cheating no cheating and why is that? Well, it's the same reason this is the design we use for secure networks for desktop access or for user access.

So you see this a lot in government work for like secret top secret networks on for really privacy and security concerned organizations around corporate IP. You see this model the same kind of thing where everything's in a in a secured perimeter secure area and you just have remote access into it.

I'm in the day that never leaves and that's the whole core idea. So where Google Sadie has trying to tackle the challenge of gaming hardware and updates and moving Big Data around we use the same designed to prevent data from moving around and leaking out to multiple places because when you have this structure, you're normally using a protocol to call PC over IP and basically all that is is an optimized communication protocol to send screenshots back and forth between the client and the servers and to take input from a remote client to work a computer sitting in a Datacenter on a cloud somewhere and it's really interesting way of working.

It's been evolving over the last 20 years. Why do people have used these sort of terminals, you know, the concept goes way way back to the origins of Mainframe Computing in terminal Computing and it just increased and four years. The biggest problem was bandwidth. We might might finally be at the point where there's a broad enough access.

There's fasting Access I know I'm when I use some of these services that aren't specifically designed for security. How about for ease of access? So things like Windows desktop on Azure or AWS workspaces that when I use them for my tablet pretty good. There's a little bit of lag.

Sometimes it's my connection sucks. But in general is is a pretty salty sow for convenience. It's really good, but for security, there's some really significant advantages and so let's put on our imagination hats for a minute. I wish I was like, mr. Dressup hardcore Canadian reference there where I had the tickle trunk you can pull out and actually put on imagination but I think about us having this business that we are, you know, we have sensitive information.

We're working on a formula for New Coke not actual New Coke, but like a new new new Cola a new soft drink. We think it's going to be all the rage but we want to make sure that that formula is protected. So instead of going through a traditional right where I have a copy on my laptop and I'm working on the model and you have a copy on your lap.

Top 4 on your phone in your working on that. What we've done is set up the secure network. We could be using a service from a cloud provider. Maybe we built it out ourselves really doesn't matter the concept the same is that we're going to keep all the data on systems that we control and have really strong security around and active monitoring.

And the only thing we're going to allow is the encrypted PC over IP connections to trusted client to order set policies that say if you're going to login and access the state or if I'm going to login access to State. I need two Factor authentication. I need a client that won't allow screen captures.

I need to put a message in front of user before they access it to remind him of how sensitive this is and we're going to disable external devices. So no USB sticks no printing nothing like that. This isn't a complete solution. They're still the potential that maybe I'm sitting here with my camera and filming my computer is I access this information, but it greatly reduces the risk and now we can still log in and work on our collaborative software we can work.

Models to get this formula so we can have a new soft drink that takes the World by storm and that's an interesting balance because what you've done with this design is the same design stadia is using in the back on that same architectural concept is that we've tried to keep the user experience really really high but we've already also tried to keep the data compartmentalised and that's had limited success because the Technologies of always had high user friction people compare it to you know, I'm using Windows on my desktop or my laptop and it works a certain way and then I log into the system and it doesn't work anymore.

But it also allows because of this model allows the same device to be able to handle information multiple different levels. So you can have your normal, you know public information or just sensitive information on your normal tablet. And then you click open this app that logs you and securely with the multi-factor and meets all these criteria and now you're working on a high-level top-secret sensitivity data.

And then when you're done you close that down and go back to your normal with one device instead of two or three or four things like that. So it's a really interesting architectural pattern and I thought it was a great opportunity to bring it up to your attention. So when you see a large offering from a cloud provider like Windows desktops like AWS workspaces won't take a degraded experience start thinking about the security or the Privacy experience or maybe you got a subset of users were working on really sensitive information that you'd like to get a better handle on you like to put some controls around it so that you have a higher level of assurance without actually impacting your users experience or their ability to do their jobs.

This is the pattern that works on this remote Cloud access into systems as a really strong architectural pattern. Finally. We're at the point where we have the network bandwidth. We have the low latency connections. We have the multitude of devices with these types of connections and obviously the card back into run it effectively.

Stadia take off that's another question because gaming is super sensitive to latency. And I don't know why people may have enough bandwidth on their connection. I don't know if they have latency efficient load up late and sees all these connections will see I think it's a really interesting experiment but at the end of the day, it's an excellent pattern for you.

If you have an organizational use case for a team or lots of teams who have highly sensitive information, that's it for today. Let me know what you think online. Hit me up Mark NCAA on all social networks in the comment down below and as always by email me at Mark end.

CA look forward to talking to you about this issue this architectural pattern anything else Under the Sun around privacy and Security will see you on the next show.