In case you missed the first couple of warning signs, Google’s purchase of mail security provider Postini should erase any doubt you may have had that the company is serious about security. Even for a company with a market cap of nearly $170 billion, spending $625 million on an acquisition is no small matter. This is simply the next step in what has been a rapid move into the security market for Google. First it built out an anti-malware team, then it began indexing all of the sites hosting malware and now the company is beginning to add complementary pieces of technology to help fill out its vision of what security on the Internet should look like. When you combine the technology Google acquired in its purchase of GreenBorder in May with the mail security capabilities of Postini, you get a good idea what the vision will look like.
In his Rational Security blog, Chris Hoff describes what he thinks Google is up to:
In fact, I reckon that in the long term we’ll see the evolution of the Google Toolbar morph into a much more intelligent and rich client-side security application proxy service whereby Google actually utilizes client-side security of the Toolbar paired with the GreenBorder browsing environment and tunnel/proxy all outgoing requests to GooglePOPs.
What’s a GooglePOP?
These GooglePOPs will house large search and caching repositories that will — in conjunction with services such as those from Postini — provide a “clean pipes service to the consumer. Don’t forget utility services that recent acquisitions such as GrandCentral and FeedBurner provide…it’s too bad that eBay snatched up Skype…
Google will, in fact, become a monster ASP. Note that I said ASP and not ISP. ISP is a commoditized function. Serving applications and content as close to the user as possible is fantastic. So pair all the client side goodness with security functions AND add GoogleApps and you’ve got what amounts to a thin client version of the Internet.
For some reason, this whole thing is eerily reminscent of Microsoft’s beginnings in security. A few weeks after the Trustworthy Computing memo came out in 2002, I had an interview with a senior executive in what was then called the Security Business Unit at Microsoft. I asked whether he envisioned Microsoft becoming a security vendor and competing against folks like Symantec, Check Point, etc. His answer: “No, I don’t. That’s not our strength.” It only took a few months for Microsoft to change those plans and get into security in a big way. The difference here is that Google isn’t saying anything one way or another; it’s just going about its business as usual.
Microsoft’s security moves have generated a lot of hand-wringing among customers and competitors. But few people seem concerned about what Google is doing, aside from some obligatory, vague questions about user privacy. We’ll see whether that’s still the case a year from now once Google really gets things rolling.