Google Cloud Apps Admins

Google’s Approach to IT Security

Written by Joey Allen (GCP Apps Admin) | August 24, 2014

Google technologies which use cloud computing (such as Gmail, Google Docs, and Google Cloud Storage etc.) provide easy to use products and services for business and personal settings. Google provides these services by its own experience gained from its own business therefore, Google has ways of creating platform for offerings cloud products with security. Google’s security strategy provides controls at multiple levels of data storage, transfer and access.

The following nine components are added in this strategy:

  • Google Corporate Security Policies: Google’s commitment to security is outlines in “Google’s Code of Conduct” in detail. These policies cover a wide range of security related topics ranging from general polices to specialized policies covering internal applications and more. These policies are always reviewed and updated.
  • Organizational Security: Google’s security organization is broken down in many teams with focus on information security, global security auditing and compliance and also physical security to protect Google’s hardware infrastructure.
  • Data Asset Management: Google’s data assets including customer/end-user asses and corporate data assets are managed under security procedures and policies. In addition to specific controls on how data is handles, all Google personnel taking care of data assets are required to comply with procedures and guidelines defined by security polices that cover areas of information access and media disposal.
  • Access Control: Google employs a number of authentication and authorization controls which are designed to protect against unauthorized access. The policies cover areas of authentication controls, authorizations controls and accounting.
  • Personnel Security: Google employees are required to have a conduct in compliance with Google’s guidelines related to confidentiality, business ethics, appropriate usage and professional standards.
  • Physical and Environmental Security: Google has policies, procedures and infrastructure to handle both physical security of its data centers and environment from where the data operate. The policies cover areas of physical security controls, environmental controls, power, climate and temperature, dire detection and suppression.
  • Infrastructure Security: Google security polices provide a series of threat prevention and infrastructure management procedures covering areas of malware prevention, monitoring, vulnerability management, incident management, operating system security, transport later security and network security.
  • Systems and Software Developments and maintenance: It is Google’s policy to consider security properties and implication of applications, systems, and services used and provided by Google throughout the project’s lifecycle. Therefore, the policies cover areas like security consulting and review, security in the context of Google’s software Lifecycle and implementation level security testing and review.
  • Disaster Recovery and Business Continuity: To minimize service interruption due to hardware failure, natural disasters and other catastrophes, Google’s has a complete disaster recovery programs at all data centers.

    The security strategy includes these components to support Google’s platform - which is used by millions of organizations around the world.