As an industry leader, Google understands the security dynamics associated with operating in the cloud. The organization's vast infrastructure was built in a way that maximizes security. This helps mitigate the wide variety and ever-changing nature of unique threats for cloud systems. The entity draws on its extensive experience to build robust systems based on an end-to-end approach.
The security of G Suite Business and Enterprise provides much-needed protection and peace of mind to millions of customers worldwide. From Gmail and Google Drive to Hangouts, customers take advantage of advanced security when using all G Suite apps. The same applies to the Google Cloud Platform, which allows customers to host and build applications and websites. The platform is also designed to provide an ideal solution to store and analyze data.
Unlike in the past, more organizations are looking to the cloud mainly to ensure data security. This is inspired by considerable improvements to security-related technologies and techniques used to deliver secure cloud infrastructure. Cloud platforms also provide a viable way to augment data storage capacity, cost savings and flexibility.
Google's security model covers various aspects that combine to ensure reliable security.
World-class security team
Robust data encryption mechanisms
Data center physical security
Server and software stack security
Data Access and Restrictions in Google Cloud
Google keeps data safe on the Cloud Platform by separating customer’s data on its servers. In addition, access to the data is limited to a few staff members. Job function and role determine access rights and levels. Security policies require employees to submit a formal request to gain access to new or additional resources. The approvals process is well documented using workflow tools. This makes it easy for senior managers to conduct security audits of all relevant processes and events.
Google's Data Encryption Strategy
Encryption plays a critical role when it comes to Google's comprehensive security strategy for the cloud. Data encryption is grouped into categories: encryption at rest and encryption in transit. The approach is designed to limit access to authorized persons. The employees have audited access to the encryption keys.
Encryption is designed to provide a robust layer of protection for sensitive data. It prevents an attacker from accessing the data without the encryption keys. This means that possession of storage devices does guarantee access to the sensitive data. Encryption at rest is a defensive mechanism that shields lower layers of the software and hardware stack. Deployment of encryption on all levels hardens the security by providing a dependable choke point.
Google Cloud Platform products are secured using multi-layered encryption. No action is required from the data owners (customers). Each chunk of data on the servers is protected by a unique key, which is stored with the data. The Key Management Service stores all the key encryption keys. Encryption at the storage level uses either AES128 or AES256.
Google Cloud has the Information Security A-Team
The security model derives strength from the collective expertise of over 500 security professionals. The high-powered team comprises some of the best IT security talent in the world. These experts are tasked with the responsibility of making information systems more secure. The team is constantly developing new techniques and technologies to deal with new threats.
The professionals search and rectify vulnerabilities based on advanced security review processes.
Google uses an effective data destruction process to ensure customer’s data does not leave its premises when hard disks are retired. The security team approves the techniques employed in the entire process. Initially, the disks are logically wiped and then inspected by authorized personnel. All events are logged using the drive's serial number to enable tracking for audits. All disks that cannot be erased due to hardware failure are physically destroyed.
Erased disks are reused following a thorough inspection. All data centers are audited every week to ensure compliance with Google's disk erase policy.
Data center physical security
The tech giant employs a multi-layered physical security model to protect its data centers. The model takes advantage of vehicle access barriers, alarm systems, metal detectors, surveillance cameras, robust perimeter fencing, biometrics and custom-designed electronic access cards. In addition, the security model deploys a laser beam intrusion detection system to secure the data center floor.
The facilities are monitored round-the-clock using high-resolution surveillance cameras. Security guards also patrol the premises. All the security personnel have undergone extensive training and background checks.
Securing data in transit
Securing data in transit is a high priority requirement since data is most vulnerable when it traverses networks or the web. For this reason, Google protects data using HTTPS/TLS (Transport Layer Security) to encrypt information between devices and servers. The technology provider uses the latest encryption keys for all its services, including the Cloud Platform. The company recently upgraded to the RSA certificates to 2048-bit keys in line with its security policy.