GooglePOPs - Cloud Computing and Clean Pipes: Told Ya So...

In July of last year, I prognosticated that Google with it's various acquisitions was entering the security space with the intent to not just include it as a browser feature for search and the odd GoogleApp, but a revenue-generating service delivery differentiator using SaaS via applications and clean pipes delivery transit in the cloud for Enterprises.

My position even got picked up by thestreet.com.  By now it probably sounds like old news, but...

Specifically, in my post titled "Tell Me Again How Google Isn't Entering the Security Market? GooglePOPs will Bring Clean Pipes..." I argued (and was ultimately argued with) that Google's $625M purchase of Postini was just the beginning:

This morning's news that Google is acquiring Postini for $625 Million dollars doesn't surprise me at all and I believe it proves the point.

In fact, I reckon that in the long term we'll see the evolution of the Google Toolbar morph into a much more intelligent and rich client-side security application proxy service whereby Google actually utilizes client-side security of the Toolbar paired with the GreenBorder browsing environment and tunnel/proxy all outgoing requests to GooglePOPs.

What's a GooglePOP?

These GooglePOPs (Google Point of Presence) will house large search and caching repositories that will -- in conjunction with services such as those from Postini -- provide a "clean pipes service to the consumer.  Don't forget utility services that recent acquisitions such as GrandCentral and FeedBurner provide...it's too bad that eBay snatched up Skype...

Google will, in fact, become a monster ASP.  Note that I said ASP and not ISP.  ISP is a commoditized function.  Serving applications and content as close to the user as possible is fantastic.  So pair all the client side goodness with security functions AND add GoogleApps and you've got what amounts to a thin client version of the Internet.

Here's where we are almost a year later.  From the Ars Technica post titled "Google turns Postini into Google Web Security for Enterprise:"

The company's latest endeavor, Google Web Security for Enterprise, is now available, and promises to provide a consistent level of system security whether an end-user is surfing from the office or working at home halfway across town.

The new service is branded under Google's "Powered by Postini" product line and, according to the company, "provides real-time malware protection and URL filtering with policy enforcement and reporting. An additional feature extends the same protections to users working remotely on laptops in hotels, cafes, and even guest networks." The service is presumably activated by signing in directly to a Google service, as Google explicitly states that workers do not need access to a corporate network.

The race for cloud and secure utility computing continues with a focus on encapsulated browsing and application delivery environments, regardless of transport/ISP, starting to take shape.   

Just think about the traditional model of our enterprise and how we access our resources today turned inside out as a natural progression of re-perimeterization.  It starts to play out on the other end of the information centricity spectrum.

What with the many new companies entering this space and the likes of Google, Microsoft and IBM banging the drum, it's going to be one interesting ride.

/Hoff

Google Security: Frightening Statistics On Drive-By Malware Downloads...

Read a scary report from Google's security team today titled "All your iFrame Are Point to Us" regarding the evolving trends in search-delivered drive-by malware downloads.  Check out the full post here, but the synopsis follows:

It has been over a year and a half since we started to identify web pages that infect vulnerable hosts via drive-by downloads, i.e. web pages that attempt to exploit their visitors by installing and running malware automatically. During that time we have investigated billions of URLs and found more than three million unique URLs on over 180,000 web sites automatically installing malware. During the course of our research, we have investigated not only the prevalence of drive-by downloads but also how users are being exposed to malware and how it is being distributed. Our research paper is currently under peer review, but we are making a technical report [PDF] available now.  Although our technical report contains a lot more detail, we present some high-level findings here:

The above graph shows the percentage of daily queries that contain at least one search result labeled as harmful. In the past few months, more than 1% of all search results contained at least one result that we believe to point to malicious content and the trend seems to be increasing.

Ugh.  The technical report offers some really good background data on infrastructure and methodology,  geographic distribution, properties and delivery mechanisms.  Fascinating reading.

/Hoff

Prediction: Google Will Acquire ThePudding...Parsing Voice Calls for Targeted Ad Delivery...

A couple of weeks ago I blogged about the potential coming of the GooglePhone as follow-on to all things Google and their impending World Domination Tour™

The highlight of the GooglePhone rambling was my fun little illustration of how, if Google won the spectrum auction and became a mobile operator, they would offer free wireless service on the GooglePhone underwritten with ad revenues utilizing some unique applications of some of their new and existing services:

So, without the dark overlord overtones, let's say that Google wins the auction.  They become a mobile operator -- or they can likely lease that space back to others with some element of control over the four conditions above.  Even if you use someone else's phone and resold service, Google wins.

This means that they pair the GooglePhone which will utilize the newly acquired GoogleFi (as I call it) served securely cached out of converged IMS GooglePOPs which I blogged about earlier.   If the GooglePhone has some form of WiFi capabilities, I would expect it will have the split capability to use that network connectivity, also.

...but here's the rub.  Google makes it's dough from serving Ads. What do you think will subsidize the on-going operation and assumed "low cost" consumer service for the GooglePhone.

Yup.  Ads.

So, in between your call to Aunt Sally (or perhaps before, during or after) you'll get an Ad popping up on your phone for sales on Geritol.  An SMS will be sent to your GooglePhone which will be placed in your GoogleMail inbox.  It'll then pop up GoogleMaps directing you to the closest store.  When you get to the store, you can search directly for the Geritol product you want by comparing it to pictures provided by Google Photos and interact in realtime with a pharmacist using Google Talk whereupon you'll be able to pay for said products with Google Checkout.

All. From. Your. GooglePhone.

All driven, end-to-end, through GoogleNet.  Revenue is shared throughout the entire transaction and supply chain driven from that one little ad.

I got a ton of emails suggesting I was a little GoogleMad and that the blue/underlined section above was neither possible or sustainable from a business model perspective.  To address the former point regarding the technical possibility of what amounts to electronic parsing of audio -- of course it is.  I've blogged about that before in my DRM/DLP/Watermarking discussions.

To the latter point regarding using this as a base for a business model, check this out from TechCrunch today:

The New York Times is reporting today on a new service called ThePudding that provides free, PC-based phone calls to anywhere in the US or Canada.

The big catch: computers in Fremont, CA will eavesdrop on and analyze every word of your conversation so they can serve up advertisements tailored to the topic at hand.

So all this takes is a move to a platform like the GooglePhone (what's a "PC" today, anyway?") to enable this in the mobile market...looks like these guys were born to be bought!

Users initiate a phone call simply by visiting ThePudding’s website (currently in private beta) and entering a phone number into the browser. After the call begins, advertisements tailored to the conversation will begin to appear on screen. The NYT has a good screenshot of what these advertisements will look like here.

That's the exact model I suggested in the underlined section above!  Quite honestly, with the "privacy specter" aside, this would be pimp!  It's the natural voice-operated semantic web!

Phone conversations are monitored only by computers, not actual human beings. The company also does not record any of the conversations or log any of the topics discussed. Therefore, advertisements are tailored to each particular phone call and not to trends in users’ calling behavior.

ThePudding has already experienced a fair amount of backlash, with some calling it a terrible idea because users will not be comfortable enough with allowing their phone conversations to be monitored. There is also the concern that niche users will not be swayed by this completely free offering, because they already pay very little for services like Skype. However, ThePudding may be a potential acquisition target for Skype itself, which may be interested in developing an ad-based revenue model.

While Skype is mentioned, I'd add a whole host of others to this list if they're smart...

Despite the criticism, ThePudding does not seem all that different to me from a privacy perspective than Gmail. If users are comfortable with letting computers analyze their email messages and display targeted advertisements alongside them, why won’t they be comfortable with allowing the same thing with their verbal communications? Perhaps there is an important psychological factor at play here that will always make people unwilling to let strangers monitor what they actually speak. But consumers are caring less and less about how much information they provide online about themselves to unverified companies, so it doesn’t seem implausible to me that with time many people will overcome their anxieties about this type of service.

I totally agree.

While ThePudding is currently only available through the web browser on PCs, the company has plans to expand into mobile (and to display advertisements on the screens of handheld devices).

ThePudding is a service of Pudding Media, which was founded by two Israelis with experience in military intelligence and telecommunications. The company is based in San Jose, California.

So whether it's Google, Skype, Yahoo or Cisco, you can expect this technology to make its way into/onto communications platforms in the near future; it's a natural extension of data mining...we get targeted ads today in search engines, unified communications is next.  i wonder who's going to pony up the cash. I still bet on Google -- it's a natural integration into GrandCentral!

...still waiting for my GooglePhone, although the iPhone would be a pretty damned good platform for this, too ;)

/Hoff

P.S. Did you see that Google is now sinking it's own transpacific oceanic fiber cable...

Speaking of Yesterday, Mr. Shimel, You Do Know It's Not 2001, Right?

In response to my post regarding the CapGemini/GoogleApps relationship, in which I espoused the benefits of the upcoming service offering, Alan Shimel obviously forgot to take his meds as he referenced some bizarre military campaign reference in his post titled "Yesterday's Argument, Tomorrow's Solution."

I really tried to keep up with Alan's logic in this post, but try as I might, I could not make heads or tails from Alan's arguments in which seemed to contradict himself and ultimately make the same argument I did in my post.


As far as I can tell, Alan is suggesting that I'm out of touch with the realities of market economics and that security, privacy and compliance have no impact on the adoption of SaaS:

One of the classic mistakes that armies on the losing side make is fighting the next war with the last wars weapons and tactics.  I am afraid Mr Hoff is guilty as charged in talkingGoogle/CapGemini deal.  In case you have not heard, CapGemini will offer Google Apps to the one million strong corporate desktops that it services. 

Firstly, this announcement is less than 12 hours old.  I hardly see how I'm on the "losing" side of anything? I've been suggesting that Google is in a position to encroach upon and own multiple markets currently monopolized by titans.  Alan's already disagreed with me on Microsoft vs. Google once before, but that's not what this is about.  I really don't understand what the heck he means by my supposed "guilt" in "taking the losing side."

Chris does a nice job of explaining how CG will make money on this and some of the advantages of Google Apps. However, Chris seems to side on the camp of those who think that SaaS based, centrally managed applications and the data that goes with it, will present compliance and security concerns that could slow adoption. 

Um, yeah!  Want some electricity for that cave you're living in!?  You're not seriously suggesting that privacy, security and compliance do not hinder the adoption of technology and services are you, and more specifically, centrally-hosted applications and data?

I say poppycock to that.

I guess you are.

I heard the same thing about Qualys storing vulnerability data 5 years ago and over the intervening time have seen that argument melt away except for maybe in the federal government space.  In fact Qualys has now become the tester of choice for PCI compliance in many cases.  But beyond that, the whole issue of outsourcing application hosting brings me back to my days at Interliant, an early entrant into the ASP market.  We hosted Lotus Notes, PeopleSoft and other enterprise level applications. As well as managed security (mostly checkpoint firewalls, which was sold to Akiva).

Just so I understand this, Alan is ignoring the history of my blog and then attempts to shore up his point by citing the poster child of Security SaaS for the last 6 years or so, Qualys.  For those of who who read my blog regularly, you already know that (1) I am a huge proponent of SaaS, and (2) I was a Qualys customer and advisory board member.  Alan obviously doesn't recognize either of those points.

To wit, storing scrubbed and encrypted vulnerability data (as Qualys does) is quite different than storing unparsed, unencrypted sensitive corporate data which is intended to be collaboratively shared. 

The issue has not melted away, Alan...in fact, it's the impetus of probably half of the security industry's income statements, including yours.

One thing that we learned the hard way at Interliant is that people will not outsource applications which they consider critical and core to the business.  So for instance, if they were an accounting firm, they would probably not outsource the hosting and management of their accounting software.  However, critical, non-core applications are good candidates for outsourcing.  I think for the most part, this is exactly where the Google Apps fall.  I think the success of hosted CRM like Salesforce.com also shows that people are willing to outsource critical, non-core applications.

So there's been no movement in the adoption of SaaS from your experience 6 years ago at Interliant?  Look, SaaS is certainly on the uptake and it's bringing new and interesting avenues to market for services that range from hosted apps to security, but it's far from ubiquitous and it's certainly got its fair share of scale, security and privacy concerns to deal with.

Poppycock away all you like, but riddle me this, how is it that you do not consider email, spreadsheets, presentations and documents "...critical and core to the business?"  I dare you to turn off your email fora week and tell me it's not critical.

Now the fact that it is Google after all, raises in my mind anyway, two other issues. One is the privacy of my data from Google.  Is Google going to use that to hone the ad words they serve up to me?  The other is that as Google continues to grow, will it suffer from Microsoft like "evil empire" syndrome, where people attach dark aspirations to everything they do. I guess we will have to see how this plays out.

You just contradicted yourself and reinforced the exact point I made!  So now you're concerned about privacy and hosted data?  That's what my post was about entirely.

SaaS does and will absolutely continue to drive privacy concerns, especially for the very reasons at the end of your argument you make such a big point about highlighting.  I even talked about this in this post here titled "On-Demand SaaS Vendors Able to Secure Assets Better than Customers?"

I can't figure out what point Alan's making here; he seems to agree and disagree with my posting in the same post.

/Hoff

Google Makes Its Move To The Corporate Enterprise Desktop - Can It Do It Securely?

Coming (securely?) soon to a managed enterprise desktop near you, GoogleApps.  As discussed previously in my GooglePOP post demonstrating how Google will become the ASP of choice, outsouring and IT Consultancy CapGemini announced it is going to offer Google's Apps as a managed SaaS desktop option to its corporate enterprise customers, the Guardian says today:

Google has linked up with IT consultancy and outsourcing specialist CapGemini to target corporate customers with its range of desktop applications, in the search engine's most direct move against the dominance of Microsoft.

CapGemini, which already runs the desktops of more than a million corporate workers, will provide its customers with "Google Apps" such as email, calendar, spreadsheets and word processing.

...

"Microsoft is an important partner to us as is IBM," said the head of partnerships at CapGemini's outsourcing business, Richard Payling. "In our client base we have a mix of Microsoft users and Lotus Notes users and we now have our first Google Apps user. But CapGemini is all about freedom, giving clients choice of the most appropriate technology that is going to fit their business environment."

Google's applications such as its Google Docs word processing and spreadsheet service allow several people to work on one document and see changes in real time.

"If you look at the traditional desktop it is very focused on personal productivity," said Robert Whiteside, Google enterprise manager, UK and Ireland. "What Google Apps brings is team productivity."

...If you're wondering how they're going to make money from all this:

CapGemini will collect the £25 ($50) licence fee charged by Google for its applications, which launched in February.

It will make further revenues from helping clients use the new applications, providing helpdesk services and maintenance. It will also provide help with corporate security, especially for applications such as email, as well as storage and back-up services.

CapGemini expects customers to mix and match products, providing some users with expensive Microsoft tools and others with cheaper and lower-spec Google Apps.

You can check out the differences between the free and for-pay versions here.

Besides being a very good idea from an SaaS "managed services" perspective, it shows that Google (and global outsourcers) see a target market waiting to unfold in the corporate enterprise space based upon the collaboration sale.

What's really interesting from a risk management perspective, continuing to ride the theme of Google's Global Domination, is that Google's SaaS play will draw focus on the application of security as regulatory compliance issues continue to bite at the heels of productivity gains offered by the utility of centrally hosted collaboration-focused toolsets such as GoogleApps.

Interestingly, Nick Carr points out that GoogleApps' "outsourced" application hosting capability hasn't caught on with the large corporate enterprise set largely due to "enterprise readiness," security and compliance concerns, a suggestion that Steve Jones, a Capgemini outsourcing executive who oversees the firm's work with software-as-a-service applications, maintains is not an issue:

"[Carr] asked Jones about the commonly heard claim that Google Apps, while fine for little organizations, isn't "enterprise-ready." He scoffed at the notion, saying that the objection is just a smokescreen that some CIOs are "hiding behind." Google Apps, he says, is "already being used covertly" in big companies, behind the backs of IT staffers. The time has come, he argues, to bring Apps into the mainstream of IT management in order to ensure that important data is safeguarded and compliance requirements are met. Jones foresees "a lot of big companies" announcing the formal adoption of Apps.

Remember, these applications and their data are hosted on Google's infrastructure.  Think about the audit, privacy, security and compliance implications of that; folks that utilize ASP services are perhaps used to this, but the question is, what can Google do to suggest it's hosting model is secure enough, after all, Hoff's 9th law represents:

Since Google's app. suite isn't quite complete yet, Microsoft's not entirely in danger of seeing it's $12 Billion office empire crumble, but it's got to start somewhere...

/Hoff

Das GooglePhone...Powered by GoogleOS...Will Be Connected Via GoogleFi via GooglePOPs...paid for by GoogleAds...

There have been no shortage of rumors, leaks and innuendo lately regarding Google's plans for the production of the GooglePhone.

Google's made no secret of the fact that it's shopping for platform partners as they "explore" the potential.  It's suggested an announcement will come officially after the Labor Day holidays here in the U.S.

Google has quietly made at least one acquisition that would support the case, namely that of a mobile software company called Android.  Android was started by one of Danger's co-founders and developed a Linux based OS for mobile platforms.

Stick that OS on any number of platforms (such as those from HTC which recently leaked prototype information) and you get a nifty little extensible platform that runs a litany of Google Apps natively.  So far we've got the GooglePhone and GoogleOS labels out of the way...

Mitchell is smiling in anticipation in that he thinks he'll be able to ditch his possessed PPC/SmartPhone and use a GooglePhone on Verizon's network.  Not so fast, Mr. Happy...

Now, while many folks are happy to think that they can have a more usable, extensible, flexible, reliable and expandable mobile platform that natively runs Google's Apps., what many are not piecing together is Google's 4.6 Billion dollar decision to participate in the federal government’s upcoming auction of wireless spectrum   in the 700 megahertz (MHz) band:    

In a filing with the FCC on July 9, Google urged the Commission to adopt rules for the auction that ensure that, regardless of who wins the spectrum at auction, consumers' interests are served. Specifically, Google encouraged the FCC to require the adoption of four types of "open" platforms as part of the license conditions:

• Open applications: Consumers should be able to download and utilize any software applications, content, or services they desire;
• Open devices: Consumers should be able to utilize a handheld communications device with whatever wireless network they prefer;
• Open services: Third parties (resellers) should be able to acquire wireless services from a 700 MHz licensee on a wholesale basis, based on reasonably nondiscriminatory commercial terms; and
• Open networks: Third parties (like internet service providers) should be able to interconnect at any technically feasible point in a 700 MHz licensee's wireless network.

As a sign of Google’s commitment to promoting greater innovation and choices for consumers, CEO Eric Schmidt sent a letter to FCC Chairman Kevin Martin, stating that should the FCC adopt all four license conditions requested above, Google intends to commit a minimum of $4.6 billion to bidding in the upcoming 700 MHz auction.

So, without the dark overlord overtones, let's say that Google wins the auction.  They become a mobile operator -- or they can likely lease that space back to others with some element of control over the four conditions above.  Even if you use someone else's phone and resold service, Google wins.

This means that they pair the GooglePhone which will utilize the newly acquired GoogleFi (as I call it) served securely cached out of converged IMS GooglePOPs which I blogged about earlier.   If the GooglePhone has some form of WiFi capabilities, I would expect it will have the split capability to use that network connectivity, also.

...but here's the rub.  Google makes it's dough from serving Ads.  What do you think will subsidize the on-going operation and assumed "low cost" consumer service for the GooglePhone.

Yup.  Ads.

So, in between your call to Aunt Sally (or perhaps before, during or after) you'll get an Ad popping up on your phone for sales on Geritol.  An SMS will be sent to your GooglePhone which will be placed in your GoogleMail inbox.  It'll then pop up GoogleMaps directing you to the closest store.  When you get to the store, you can search directly for the Geritol product you want by comparing it to pictures provided by Google Photos and interact in realtime with a pharmacist using Google Talk whereupon you'll be able to pay for said products with Google Checkout.

All. From. Your. GooglePhone.

All driven, end-to-end, through GoogleNet.  Revenue is shared throughout the entire transaction and supply chain driven from that one little ad.

Think I'm nuts?

/Hoff

First Tibet and Now Me...The Great Firewall of China Claims Another Victim.

Thanks to Mr. Stiennon, it seems that I have been labeled a threat to the People's Party and access to this, my seditious and politically undermining little pile in cyberspace has been, gasp!, blocked by the eeeeeviill Chinese Firewall of Disinformation.  Well, that sucks.

I have to say that Richard really did me a favor by posting this.

Firstly, it reminded me that despite my many travels, I've become quite an American-centric little drone without much of an appreciation for the hardships experienced by those in many other countries as it relates to censorship and net neutrality.  We take a lot of things for granted over here and in many cases Americans seem to wield the hammer of nationalism a little to heavily, even if inadvertently.

I was reminded of this by a high-ranking member of a British Telecoms company recently when, despite all attempts to rectify my ill-timed transgressions, he suggested that my sense of humor needed a much better cultural filter applied to it should I not wish to piss people off with my "Americanism."  Ouch.  I find it odd typing this because I'm somewhat culturally conflicted because whilst I was born in the U.S. and love it dearly, I moved to New Zealand and grew up there for most of my early life.

It made me think, so I really do owe you both a renewed apology and a thanks, Ray. 

Secondly, I would really like to be able to use something like Google to compare natively a search using any one of their engines to determine where, what and how searches and click-throughs are allowed or blocked in the countries they serve.  I reckon that as we get closer to GooglePOPs around the world, this ought to be plausible.

At any rate, back to the post at hand.  I quoteth Richard:

On my recent travels in China I had an opportunity to experience first hand China’s so called “Golden Wall”. In each hotel I would try to get to several sites.  For some reason  this security blog is censored throughout China. How does that make you feel Mr. Hoff? And a Google search on “Tibet” will have the usual results but you cannot click through to any of the links on the first page of results. I did not search on Falun Gong for fear of really setting off the alarms and reprisals. Next time I think I will set up GoToMyPC at home and use it as a poor man’s proxy.

To answer Richard's question directly, I guess I'm flattered on two fronts; firstly that Richard bothered to try to get to my blog while surfing in China (bored much?) and secondly that some government other than my own considers me a threat to their sovereignty.

I could, of course, rant tirelessly about my opposition to widespread and targeted filtering of information and the impact on privacy, etc., but there are far more qualified people than I to do so.  At a much more basal level, I think it sucks, because now nobody in China will be able to follow along as Richard and I smack each other. ;(

In protest, no more General Tsao's chicken for me.

{Posted @ 2:30am after I just got back from Blackhat/Defcon with no luggage.  Apologies for any perceived lack of sensitivity for the greater global political issue of censorship here, but I want my toothbrush back from United Airlines and it's clouding my judgment}

/Hoff

More on GoogleTini...(Google/Postini Acquisition) by Way of Shimel's Post

Y esterday's post regarding my prognostication of the Google/Postini M&A activity yielded a ton of off-line feedback/opinion/queries.  I had three press/analyst calls yesterday on my opinion, so either I'm tickling somebody's interest funny bone or I'm horribly wrong ;)

Either way, Alan Shimel piped up today with his perspective.  It's not often I disagree with Alan, but the root of his comment leaves me puzzled.  Alan said:

I do not think that Google's acquisition of Postini is a shot across the bow of Microsoft.  I think Google goes about its business of delivering on its vision.  I think its vision is rather simple really. Google believes that the future belongs to Software as a Service (SaaS).  As part of their SaaS strategy, they need to secure their web based apps, as well as offer security as a service.  This is not really much different than Microsofts "Live" program, also a Software as a Service play.  That is where the competition is.

It appears that Alan's really re-stating what I said yesterday regarding SaaS and especially as I highlighted the security aspects thereof, but his statements are strangely contradictory in the scope of this single paragraph.

To wit, if Google is indeed focused on SSaaS (Secure Software as a Service) and they're looking to displace at least for certain markets traditional "Office" applications which are Microsoft's cash cow ($12B business?) how is this not a "shot across the bow of Microsoft?"

Further, if Microsoft is engaging in SaaS with Live, then it further underscores the direct competitive model that demonstrates that Microsoft (et al.) are firmly in the target hairs.

What am I missing here?

/Hoff

(EDIT: Added a link to an interview I did with TheStreet.com here.)

Tell Me Again How Google Isn't Entering the Security Market? GooglePOPs will Bring Clean Pipes...

Not to single out Jeremiah, but in my Take5 interview with him, I asked him the following:

3) What do you make of Google's foray into security?  We've seen them crawl sites and index malware.  They've launched a security  blog.  They acquired GreenBorder.  Do you see them as an emerging force to be reckoned with in the security space?

...to which he responded:

I doubt Google has plans to make this a direct revenue generating  exercise. They are a platform for advertising, not a security company. The plan is probably to use the malware/solution research  for building in better security in Google Toolbar for their users.  That would seem to make the most sense. Google could monitor a user's  surfing habits and protect them from their search results at the same time.

To be fair, this was a loaded question because my opinion is diametrically opposed to his.   I believe Google *is* entering the security space and will do so in many vectors and it *will* be revenue generating. 

This morning's news that Google is acquiring Postini for $625 Million dollars doesn't surprise me at all and I believe it proves the point. 

In fact, I reckon that in the long term we'll see the evolution of the Google Toolbar morph into a much more intelligent and rich client-side security application proxy service whereby Google actually utilizes client-side security of the Toolbar paired with the GreenBorder browsing environment and tunnel/proxy all outgoing requests to GooglePOPs.

What's a GooglePOP?

These GooglePOPs (Google Point of Presence) will house large search and caching repositories that will -- in conjunction with services such as those from Postini -- provide a "clean pipes service to the consumer.  Don't forget utility services that recent acquisitions such as GrandCentral and FeedBurner provide...it's too bad that eBay snatched up Skype...

Google will, in fact, become a monster ASP.  Note that I said ASP and not ISP.  ISP is a commoditized function.  Serving applications and content as close to the user as possible is fantastic.  So pair all the client side goodness with security functions AND add GoogleApps and you've got what amounts to a thin client version of the Internet.

Remember all those large sealed shipping containers (not unlike Sun's Project Blackbox) that Google is rumored to place strategically around the world -- in conjunction with their mega datacenters?  I think it was Cringley who talked about this back in 2005:

In one of Google's underground parking garages in Mountain View ... in a secret area off-limits even to regular GoogleFolk, is a shipping container. But it isn't just any shipping container. This shipping container is a prototype data center.

Google hired a pair of very bright industrial designers to figure out how to cram the greatest number of CPUs, the most storage, memory and power support into a 20- or 40-foot box. We're talking about 5000 Opteron processors and 3.5 petabytes of disk storage that can be dropped-off overnight by a tractor-trailer rig.

The idea is to plant one of these puppies anywhere Google owns access to fiber, basically turning the entire Internet into a giant processing and storage grid.

Imagine that.  Buy a ton of dark fiber, sprout hundreds of these PortaPOPs/GooglePOPs and you've got the Internet v3.0

Existing transit folks that aren't Yahoo/MSN will ultimately yield to the model because it will reduce their costs for service and they will basically pay Google to lease these services for resale back to their customers (with re-branding?) without the need to pay for all the expensive backhaul.

Your Internet will be served out of cache..."securely."  So now instead of just harvesting your search queries, Google will have intimate knowledge of ALL of your browsing -- scratch that -- all of your network-based activity.   This will provide for not only much more targeted ads, but also the potential for ad insertion, traffic prioritization to preferred Google advertisers all the while offering "protection" to the consumer.

SMB's and the average Joe consumers will be the first to embrace this as cost-based S^2aaS (Secure Software as a Service) becomes mainstream and this will then yield a trickle-up to the Enterprise and service providers as demand will pressure them into providing like levels of service...for free.

It's not all scary, but think about it...

Akamai ought to be worried.  Yahoo and MSN should be worried.  The ISP's of the world investing in clean pipes technologies ought to be worried (I've blogged about Clean Pipes here.)

Should you be worried?  Methinks the privacy elements of all this will spur some very interesting discussions.

Talk amongst yourselves.

/Hoff

(Didn't see Newby's post here prior to writing this...good on-topic commentary.  Dennis Fisher over at the SearchSecurity Blog has an interesting Microsoft == Google perspective.)