The following nine components are added in this strategy:
- Google Corporate Security Policies: Google’s commitment to security is outlines in “Google’s Code of Conduct” in detail. These policies cover a wide range of security related topics ranging from general polices to specialized policies covering internal applications and more. These policies are always reviewed and updated.
- Organizational Security: Google’s security organization is broken down in many teams with focus on information security, global security auditing and compliance and also physical security to protect Google’s hardware infrastructure.
- Data Asset Management: Google’s data assets including customer/end-user asses and corporate data assets are managed under security procedures and policies. In addition to specific controls on how data is handles, all Google personnel taking care of data assets are required to comply with procedures and guidelines defined by security polices that cover areas of information access and media disposal.
- Access Control: Google employs a number of authentication and authorization controls which are designed to protect against unauthorized access. The policies cover areas of authentication controls, authorizations controls and accounting.
- Personnel Security: Google employees are required to have a conduct in compliance with Google’s guidelines related to confidentiality, business ethics, appropriate usage and professional standards.
- Physical and Environmental Security: Google has policies, procedures and infrastructure to handle both physical security of its data centers and environment from where the data operate. The policies cover areas of physical security controls, environmental controls, power, climate and temperature, dire detection and suppression.
- Infrastructure Security: Google security polices provide a series of threat prevention and infrastructure management procedures covering areas of malware prevention, monitoring, vulnerability management, incident management, operating system security, transport later security and network security.
- Systems and Software Developments and maintenance: It is Google’s policy to consider security properties and implication of applications, systems, and services used and provided by Google throughout the project’s lifecycle. Therefore, the policies cover areas like security consulting and review, security in the context of Google’s software Lifecycle and implementation level security testing and review.
- Disaster Recovery and Business Continuity: To minimize service interruption due to hardware failure, natural disasters and other catastrophes, Google’s has a complete disaster recovery programs at all data centers.
The security strategy includes these components to support Google’s platform - which is used by millions of organizations around the world.