Technical Insight

Theory: Google will Open Source Their Web Server — or Should

Google has two competitors, market-share and Microsoft. Google already dominates the online advertising industry, so there is not much more room for them to grow. They must expand the available market. Secondly, Google wants a slice of that Microsoft Office cash cow, representing $19 billion a year in sales, which is exactly what Google Apps for whatever is all about. For them to win the name of the game is NOT security, it is NOT privacy, it is SPEED. Pure unadulterated Internet speed. For Google, Internet speed equals more page views, more pages views equals more ads delivered, on an Internet wide scale (i.e. market expansion). Internet speed also makes Google Apps more attractive as compared to Office, especially to business customers.

The first salvo in the “Let’s make the web faster” battle plan was by unveiling the speed demon Google Chrome and escalating the second browser war. At that very moment Microsoft was faced with a difficult choice. Internet Explorer must either match pace with Google Chrome or lag behind and risk losing their dominant market-share position to their sworn enemy. Whatever Microsoft decided would be a win for Google, who could care less about browser market-share because Internet Explorer was slowing things down for years. If Microsoft sped up Internet Explorer, Google Apps would look that much better as opposed to Office. If they did not, browser market-share moves to Chrome or Firefox and Google Apps still looks better. What else could Microsoft do, they jumped into the browser speed game.

My theory is the second stage of the “Let’s make the web faster” plan is about to begin and will take place on the other end of the connection, the Web server. Google has been developing an experimental protocol called SPDY (pronounced “SPeeDY”) meant as a modern day open source alternative to HTTP, TCP, and SSL. SPDY offers unlimited concurrent streams over a single TCP connection, request prioritization, header compression, server-initiated requests, and doesn’t require any changes to be made to the existing networking infrastructure. Reports state SPDY deployments are resulting in a performance boost between 15% and 50%. That’s huge for any website operator. Oh, and if you are a Chrome user, you are already using SPDY on properties.

To get SPDY widely adopted, Google will likely open source a web server (GWS) that supports the protocol. Work has already begun on an Apache module. Microsoft, with a respectable 18.83% IIS market-share that drives Windows server sales and .Net development, must either support SPDY or risk losing market share to GWS or Apache. And to make the decision just that much harder, Microsoft must also slap SPDY into Internet Explorer. As before, Google would be fine either way, both options make Google Apps look better as compared to Office and gets more ads get delivered.

What does this mean for the Web security professional? Time to learn how to deploy, defend, interrogate, and hack SPDY.