Google and Microsoft Cloud Solutions Compared

Google and Microsoft Cloud Solutions Compared

Microsoft 365

Many PC users will already be familiar with many applications from the Microsoft 365 suite. Word, Excel, and PowerPoint are some of the most well-known programs in the world and are part of the standard equipment in many offices. Microsoft 365 enables software solutions to be used in the cloud. This simplifies working on the go and transforms traditional office applications into modern collaboration tools.

Advantages Disadvantages
✓   Popular Office applications X   Complex licensing system
✓   Cloud and desktop solutions X  
✓   Extensive opportunities for collaboration X  
✓   Cloud storage included X  

Google Workspace

Google has been offering more than just its search engine for a while now. Office solutions were also part of its product portfolio relatively early on. Back then, Google was actually one of the first to offer spreadsheets, word processing, and the ability to create presentations via a web application in the browser. By integrating Gmail and Google Drive, the individual programs in the meantime, it has grown into a comprehensive suite that is completely in the cloud.

Advantages Disadvantages
✓   Device-independent operation X   No desktop version
✓   Professional email domain included in Gmail X  
✓   Extensive opportunities for collaboration X  
✓   Cloud storage included X  

Google and Microsoft cloud solutions compared

With the productivity software Google Workspace, Google is targeting the business segment – a declaration of war to market leader Microsoft and their competitor product Microsoft 365.

App feature Microsoft 365 Google Workspace
Word processing Microsoft Word Google Docs
Spreadsheet calculation Microsoft Excel Google Sheets
Presentations Microsoft PowerPoint Google Slides
Email Microsoft Outlook Gmail
Digital notepad Microsoft One Note Google Keep
Web hosting Microsoft Sharepoint Google Sites
Video conferencing Skype for Business Google Meet
Instant messaging service, group chats Microsoft Teams, Skype for Business Google Chat
Chat-based workspace Microsoft Teams Google Chat
Social Media for companies Yammer Google Currents
Office applications as web apps Yes Yes
Offline operation possible Yes Yes
Cloud storage & file sharing Microsoft 365 Google Workspace
Storage capacity per user license 1 TB Depending on the plan 30 GB, 1 TB, 5 TB or unlimited
Synchronization Yes Yes
Versioning Yes  
File sharing via link including expiration date Yes Yes
Search function Yes NLP supported
Collaboration Microsoft 365 Google Workspace
Business suitable appointment and contact management Yes Yes
Joint editing of texts, tables, and presentations Yes Yes
Video calling Yes Yes
Instant messaging Yes Yes
Group chats Yes Yes
Video conferencing Yes Yes
Internal company websites/Intranet Yes Yes
Social Media for companies Yes Yes
Email Microsoft 365 Google Workspace
Ad free Yes Yes
Includes your own email domain No Yes
Mobile app Yes Yes
Desktop mail client included Depends on plan No
Email aliases Yes Yes
Groups/Email distributors Yes Yes
Security & data security Microsoft 365 Google Workspace
Data encryption Yes Yes
ISO /IEC 27001 (Information security) Yes Yes
ISO /IEC 27017 (cloud security) Yes Yes
ISO 27018 (cloud privacy) Yes Yes
SOC 1 Yes No
SOC 2 Yes Yes
SOC 3 Yes Yes
FedRAMP Yes Yes
PCI DSS (security standard for credit card transactions) Yes Yes
HIPAA BAA Yes Not all applications
Support & availability Microsoft 365 Google Workspace
High availability 99.9 % 99.9 %
24/7 support Yes Yes
Telephone Yes Yes
Chat/Email Yes Yes

What’s Included in Each Google Workspace Plan

As G Suite has integrated more communication and collaboration tools, it has been rebranded to Google Workspace. All Google Workspace plans provide a custom email for your business and include collaboration tools like Gmail, Calendar, Meet, Chat, Drive, Docs, Sheets, Slides, Forms, Sites, and more.

Some of the Google Workspace plans available are listed below:

Business Starter

This plan includes custom and secure business email, security and management controls, as well as standard support. Each user is provided with 30GB of cloud storage and video meetings can include up to 100 participants.

Business Standard

The Business Standard plan includes all the features of the Business Starter plan, with users provided with a larger cloud storage capacity (2TB). Video meetings can include up to 150 participants, with recording capability.

Business Plus

For enhanced security and management controls, as well as eDiscovery and retention, this plan provides greater control and peace of mind. Video meetings of up to 250 participants, including recording and attendance tracking capability. Each user is provided with 5TB of cloud storage.

Each plan will give you access to your own email account and all the Google Workspace productivity and collaboration tools. The main differences lie in storage allowance, security features, and the level of administrative control you have over the products.

Google Workspace Business Starter Google Workspace Business Standard Google Workspace Business Plus Google Workspace Enterprise
Price $6/user/month $12/user/month $18/user/month Contact sales
Professional email (using your own domain) Yes Yes Yes Yes
Google Workspace Products (Gmail, Drive, Docs, Sheets, Slides, Calendar, Hangouts, Meet, Forms, Sites) Yes Yes Yes Yes
File storage 30 GB/user 2 TB/user 5 TB/user Unlimited
24/7 support Yes Yes Yes Yes
App Maker No Yes Yes Yes
Max. number of video participants 100 150 250 250
Ability to record and save video & voice conferences No Yes Yes Yes
Live-streaming on Meet Video No No No Yes
Cloud Search (advanced enterprise-wide search through Gmail, Drive, Docs, etc.) No Yes Yes Yes
Advanced enterprise controls (data loss prevention, security center, security key management, etc.) No No No Yes
Alerts for changes to Drive documents No Yes Yes Yes
Google Vault security (archiving for mail and chat messages, export features, etc.) No No Yes Yes
Ability to set rules for device management No No No Yes

Which Google Workspace Plan Should You Choose?

Google Workspace Business Starter

This plan would be a good option if:

  • You’re a freelancer, solopreneur or small business owner who manages a small team (i.e. less than 5 employees)
  • You want an email address on your own domain
  • You want to run your office tools out of Google (e.g. as opposed to Microsoft Office)
  • You don’t work with large file formats and don’t need a huge amount of space to store files and emails
  • You don’t need archiving for your emails and chat messages, or advanced admin and security controls

However, if you have a bigger team and/or don’t think the 30 GB of personal storage will cut it, then it’s worth considering one of the higher plans.

Google Workspace Business Standard

The $6/user/month price difference between Google Workspace Business Starter and Business Standard means that the Standard plan may not be a realistic option for some businesses. However, we’d recommend this plan if:

  • You manage a medium-to-large sized team
  • You want access to all the features of Google Workspace Business Starter, but also want email and message archiving (Google Vault)
  • You don’t want to worry about running out of storage space for your files
  • Easily syncing and sharing files across teams/the company is important to you
  • You plan to use Google Hangouts for video conferencing and would have less than 150 participants on any call
  • You don’t need advanced admin and security controls (e.g. data loss prevention, security key management)

Of course, if you need even greater control and more advanced security features, then Business Plus would be the way to go.

Google Workspace Business Plus

At $18/month/user, this plan is directed at larger businesses. We’d recommend it if:

  • You are in need of more advanced security features
  • 2 TB per user isn’t enough for you. The Business Plus plan allows for 5 TB per user
  • You regularly host very large video conferences with up to 250 participants

Google Workspace Enterprise

This is ideal for businesses and enterprises that need the features offered by Google Workspace Business Plus, but also:

  • Have larger teams, and therefore require greater admin and security controls over their Google Workspace apps
  • Need advanced security features such as device management rules, security key management and data loss prevention
  • Aside from having access to email archiving via Google Vault, need to be able to integrate with third-party archiving tools like Barracuda or Mailstore

The good thing is that you can purchase different plans for different users within your business. For example, if you only want Enterprise for some of your users, you don’t have to commit your entire team to it. This could help you reduce your monthly cost significantly.

There are also special plans available for schools (Google Workspace for Education and Google Workspace Enterprise for Education), and non-profits (Google Workspace for Non-profits, which is free of charge).

Plans can be billed monthly or annually. Discounts may also apply to annual plans, but generally only if you sign up through a Google representative.

Vulnerability in the kernel allows privilege escalation through directory manipulation

Recently Qualys security researchers (a cloud security, compliance and related services company) released details of a vulnerability what they detected and what they affect the Linux kernel.

CVE-2021-33909 affects the kernel and allows a local user to achieve code execution and escalate privileges by manipulating highly nested directories.

The vulnerability is due to the lack of validation of the result of converting size_t to type int before performing operations on the seq_file code, which creates files from a sequence of records. Lack of validation can result in writes to an area outside the buffer limits when creating, mounting, and dropping a directory structure with a very high level of nesting (path size greater than 1GB).

Any non-privileged user can gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration.

As a result, an attacker can get a 10-byte string “// deleted” with an offset of “- 2 GB – 10 bytes”, pointing to the area immediately before the allocated buffer.

The threat of vulnerability is compounded by the fact that researchers were able to prepare functional exploits on Ubuntu 20.04, Debian 11 and Fedora 34 in the default settings. It is noted that other distributions have not been tested, but theoretically, they are also susceptible to the problem and can be attacked.

Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and gain full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation. Other Linux distributions are likely to be vulnerable and probably exploitable.

The work of the exploit boils down to creating a hierarchy of roughly a million directories nested via mkdir () call to achieve a file path size greater than 1GB.

This directory is bind-mount mounted in a separate user namespace, after which the rmdir () function is run to remove it. In parallel, a thread is created that loads a small eBPF program, which hangs at the stage after verifying the eBPF pseudocode, but before its JIT compilation.

In the unprivileged user ID namespace, the / proc / self / mountinfo file opens and reads the long directory path mounted with bind-mount, resulting in the line “// deleted” being written in the region before the start of the buffer. The position for writing the line is chosen in such a way that it overwrites the instruction in the already tested but not yet compiled eBPF program.

Furthermore, at the eBPF program level, uncontrolled writing out of the buffer is transformed into a read / write capability controlled in other kernel structures by manipulating the btf and map_push_elem structures.

The exploit then places the modprobe_path [] buffer in kernel memory and overwrites the path “/ sbin / modprobe” in it, allowing any executable file to be launched as root if a request_module () call is made, which is executed for example when creating a netlink socket ..

Researchers have provided several solutions that are effective only for a specific exploit, but they do not fix the problem itself.

As such it is recommended to set the parameter “/ proc / sys / kernel / unprivileged_userns_clone” to 0 to disable mounting of directories in a separate userid namespace and “/ proc sys / kernel / unprivileged_bpf_disabled” to 1 to disable the loading of eBPF programs into the kernel.

In addition to the fact that all users of a Linux distribution are also recommended to update their system to have the corresponding patch. The problem has been evident since July 2014 and it affects kernel versions since 3.16. The vulnerability patch was coordinated with the community and accepted in the kernel on July 19.

Finally, if you are interested in knowing more about it, you can consult the details in the following link.

GEOIP redirect with https in nginx

With the full Nginx Installation with MAP Module active You can redirect based on GEOIP.

You will need the geoip-database installed, on RedHat based system with YUM you will use the following:

yum install geoip geoip-devel

So once you have that installed you will need MaxMind’s City database which can be retrieved from MaxMind’s website.

  1. wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz -O /usr/share/GeoIP/GeoLiteCity.dat.gz
  2. gunzip /usr/share/GeoIP/GeoLiteCity.dat.gz

So now you have the setup out the way you are ready to configure NGINX, which is relatively straightforward.

The example configuration for your case would go something like the following:

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
  geoip_city /usr/share/GeoIP/GeoLiteCity.dat;

  map $geoip_city_country_code $nearest_server {
    default example.com;
    CA      example.ca;
  }

  server{
      listen 80;
      listen [::]:80;
      server_name example.com
                  example.ca;

      if ($nearest_server != $host) {
        rewrite ^ $scheme://$nearest_server$request_uri break;
      }

  }
}

So, specifics: In the configuration above it does depend on your installation so you’ll need to ensure that the include, error_log and pid directory is correct to your installation and preference.

In respect of how it works, I believe it’s pretty self-explanatory however to delve into it a bit:

geoip_city /usr/share/GeoIP/GeoLiteCity.dat; > links the downloaded MaxMind GeoIP city data to NGINX.

  map $geoip_city_country_code $nearest_server {
    default example.com;
    CA      example.ca;
  }

The above section links your multiple hosts, and their respective country code, e.g. CA for Canada- you can add as many entries as you want.

  if ($nearest_server != $host) {
    rewrite ^ $scheme://$nearest_server$request_uri break;
  }

The above section decides what server based to use based on location, and passes on the request URI. Example http://example.com/store.php requested from a Canadian IP will redirect to http://example.ca/store.php

That is pretty much it, the main sections are the MAP section, and the IF statement within the server component (and fulfilment of the requirements)