The News: Google Cloud’s broad open source expertise, culled from more than three decades of using open source software for its own technology infrastructure, will now be offered to customers in curated packages on a subscription basis. As one of the largest maintainers, contributors, and users of open source code, Google’s new Google Cloud Assured Open Source Software service will assist enterprise and public sector customers in easily incorporating secure and tested open source applications into their own infrastructures by taking advantage of Google’s own proven open source code base and innovations. Read the full Google Cloud Press Release.
Google Cloud Open Source Expertise Now for Sale to Customers
Analyst Take: This new Google Cloud open source subscription service is logical and actually kind of brilliant. As I think about it, it’s also surprising that no one at Google thought of offering it sooner.
How much more sensible could it be than for an enterprise to subscribe to secure, verifiable, proven, and well-maintained open source code that is constantly being watched over by Google and its open source team of contributors and project experts, rather than trying to make such things work on its own?
And as smart and convenient as this new service can be for enterprises that want to use more open source code to improve and bolster their computing infrastructures, it’s also smart for Google Cloud as it looks to make inroads in the cloud services market. And, of course, it also offers up a new and potentially lucrative IT revenue stream.
The Google Cloud Assured Open Source Software service comes at just the right time for another reason – it also targets developer, business, and governmental concerns about software supply chain security at a time when the U.S. government is taking targeted actions to make software more secure for all users. The government concerns and actions are in reaction to a 650% year-over-year increase in cyberattacks aimed at open source suppliers, which has particularly sharpened the focus of making open source software more secure.
Through Google’s deep and longtime involvement with open source software, which includes its record of being one of the largest maintainers, contributors, and users of open source, the company has been deeply involved in improving security for open source software and for the global open source ecosystem for a long time.
As an organization, Google continues to be intimately involved in open source security through the Open Source Security Foundation (OpenSSF), the Open Source Vulnerabilities (OSV) database, and through the use of OSS-Fuzz code testing techniques that find programming errors in code. This deep and ongoing involvement in open source code security proves the value of GCP’s open source expertise and its new Google Cloud Assured Open Source Software service.
What’s Included in Google Cloud Assured Open Source Software Services
The biggest benefit for enterprises that sign up for Google Cloud Open Assured Software services it that Google has already done the heavy lifting — providing code that is already being used successfully within Google’s own workflows.
The pre-vetted Google open source code is regularly scanned, analyzed, and fuzz-tested for vulnerabilities, is verifiably signed by Google for security, and includes vulnerability scanning and metadata storage for containers via Google Container Analysis. The code is all built using the Google Cloud Build serverless CI/CD (Continuous Integration/Continuous Delivery) development platform, including evidence of verifiable SLSA-compliance.
By maintaining the code using these and other vigorous steps, the Google Cloud open source software services allow organizations to benefit from Google’s extensive security experience without the need to develop, maintain, and run all the code on their own.
Google Cloud also announced that the Assured Open Source Software services will be natively integrated into the Snyk developer security platform for joint customers to enable developers to better understand the risks and impacts of their open source dependencies in their code.
The Google Cloud Assured Open Source Software service will be available in preview mode in the third quarter of 2022.
This initiative by Google Cloud to sell its open source expertise by subscription is a smart move for a number of reasons. It will better serve GCP customers by making it much easier for them to use open source software, knowing it is more secure, robust, and reliable. I believe that this new effort will help spur growth of enterprise open source use and that this new growth will be fueled by Google Cloud’s development strengths, its reliable compute platforms, and by its deep history of working with its customers on their technology challenges. It could also be an inducement for organizations considering moving to GCP and serve as a differentiator in the cloud services market.
I’m looking forward to watching this evolve and will be waiting to see the response from GCP customers interested in diving deeper into open source.
Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum Research as a whole.
Other insights from Futurum Research:
The original version of this article was first published on Futurum Research.