[ocdtrekkie]

Let's be clear: The customer never wins when the product is closed. Google used to understand that: https://googleblog.blogspot.com/2009/12/meaning-of-open.html

In realty, mom-and-pop don't need these security developments, because mom-and-pop have much less attack surface on a server running in their back room. The cloud necessitates it be possible to manage a server over the Internet, but for many situations that isn't necessary. And in many cases, the limited needs a mom-and-pop company has doesn't require their infrastructure be public facing on the Internet at all.

I'd argue the only reason one needs these "world-class security developments" is because Google itself is a world-class target. The sort of threats you're defending against would almost never be necessary for a smaller business with an on-premises solution to be concerned about.

Many small business internally need little more than a shared network drive, rudimentary user management, etc. And you'd be stunned how many businesses today still operate off a single AOL mail account.

[timdierks]

Strongly disagree. Mom and pop businesses get owned all the time and close as a result (see Krebs On Security for cites). The economics of online attacks mean that even smallish targets are not obscure enough to be safe.

Disclosure: I work on security at Google.

[ocdtrekkie]

People's Google accounts get owned all the time too. None of this excess security measures Google is talking about helps if you have bad security practices or your password is 123456.

Google's security measures here largely are a result of a security problem Google created in the first place. That isn't unusual, mind you. Web design is much the same way. We create new problems via added complexity, then have to solve them.

The whole threat model that requires you put custom silicon in your servers just doesn't apply or matter to smaller parties.

[nickik]

Your comment extrem bad. If totally and utterly false that nothing google does helps against bad passwords. Google has some of the best 2Fa system pretty much compared to everybody else. They support TOTP, SMS and U2F.

[ocdtrekkie]

Your comment is extremely bad, because we aren't talking about TOTP (an open standard), SMS (an open standard), or U2F (an open standard).

This article is about the custom security silicon in Google servers, and Google Cloud employees selling the false concept that this is a must-have for anyone but themselves. This has nothing to do with 2FA, and 2FA, in case you're curious, works everywhere not powered by Google Cloud too.

Do not attack people when you do not know the topic of the conversation you are participating in.

[nickik]

You are really good at trolling.