Because It Is Programmed to a Secure Server

Download pdf version

Introduction

Traditionally organizations have looked to the public cloud for price savings, or to augment private data center chapters. However, organizations are now primarily looking to the public cloud for security, realizing that providers tin can invest more than in people and processes to evangelize secure infrastructure.

As a cloud pioneer, Google fully understands the security implications of the cloud model. Our cloud services are designed to deliver ameliorate security than many traditional on-bounds solutions. Nosotros make security a priority to protect our own operations, but because Google runs on the same infrastructure that we brand available to our customers, your organisation tin can directly benefit from these protections. That's why nosotros focus on security, and protection of information is among our primary design criteria. Security drives our organizational construction, preparation priorities and hiring processes. It shapes our data centers and the technology they house. Information technology's primal to our everyday operations and disaster planning, including how we accost threats. It's prioritized in the way nosotros handle client information. And it'south the cornerstone of our account controls, our compliance audits and the certifications we offer our customers.

This paper outlines Google'due south approach to security and compliance for Google Cloud, our suite of public cloud products and services. This whitepaper focuses on security including details on organizational and technical controls regarding how Google protects your data. Details on compliance and how you lot can come across regulatory requirements are covered here.

Google'due south security civilization

Google has created a vibrant and inclusive security culture for all employees. The influence of this civilization is apparent during the hiring procedure, employee onboarding, as part of ongoing training and in visitor-wide events to raise awareness.

Employee groundwork checks

Before they join our staff, Google will verify an individual's pedagogy and previous employment, and perform internal and external reference checks. Where local labor law or statutory regulations permit, Google may also conduct criminal, credit, immigration, and security checks. The extent of these background checks is dependent on the desired position.

Security grooming for all employees

All Google employees undergo security grooming as function of the orientation procedure and receive ongoing security training throughout their Google careers. During orientation, new employees agree to our Lawmaking of Conduct, which highlights our commitment to keep customer data safety and secure. Depending on their job role, boosted training on specific aspects of security may be required. For example, the information security team instructs new engineers on topics like secure coding practices, product pattern and automated vulnerability testing tools. Engineers also attend technical presentations on security-related topics and receive a security newsletter that covers new threats, assault patterns, mitigation techniques and more than.

Internal security and privacy events

Google hosts regular internal conferences to enhance awareness and bulldoze innovation in security and information privacy, which are open to all employees. Security and privacy is an always-evolving area, and Google recognizes that dedicated employee date is a key ways of raising sensation. 1 example is "Privacy Week," during which Google hosts events across global offices to heighten awareness of privacy in all facets, from software development, data handling and policy enforcement to living our privacy principles. Google also hosts regular "Tech Talks" focusing on subjects that ofttimes include security and privacy.

Our dedicated security team

Google employs security and privacy professionals, who are part of our software engineering and operations division. Our squad includes some of the world's foremost experts in information, application and network security. This team is tasked with maintaining the company's defence systems, developing security review processes, building security infrastructure and implementing Google's security policies. Google'south dedicated security team actively scans for security threats using commercial and custom tools, penetration tests, quality assurance (QA) measures and software security reviews.

Within Google, members of the information security squad review security plans for all networks, systems and services. They provide project-specific consulting services to Google's production and engineering science teams. They monitor for suspicious activity on Google'southward networks, accost information security threats, perform routine security evaluations and audits, and engage outside experts to conduct regular security assessments. We specifically built a full-fourth dimension team, known as Project Aught, that aims to prevent targeted attacks by reporting bugs to software vendors and filing them in an external database.

The security squad also takes part in research and outreach activities to protect the wider customs of Internet users, across simply those who choose Google solutions. Some examples of this research would exist the discovery of the POODLE SSL iii.0 exploit and cipher suite weaknesses. The security squad as well publishes security research papers, available to the public. The security team also organizes and participates in open-source projects and academic conferences.

Our defended privacy squad

The Google privacy squad operates separately from product evolution and security organizations, but participates in every Google production launch by reviewing design documentation and performing code reviews to ensure that privacy requirements are followed. They help release products that reflect strong privacy standards: transparent collection of user data and providing users and administrators with meaningful privacy configuration options, while continuing to be good stewards of any information stored on our platform. Afterward products launch, the privacy team oversees automated processes that inspect data traffic to verify appropriate data usage. In addition, the privacy team conducts enquiry providing idea leadership on privacy best practices for our emerging technologies.

Internal audit and compliance specialists

Google has a dedicated internal audit team that reviews compliance with security laws and regulations around the globe. As new auditing standards are created, the internal audit team determines what controls, processes, and systems are needed to meet them. This team facilitates and supports independent audits and assessments by third parties.

Google has long enjoyed a close relationship with the security enquiry customs, and nosotros greatly value their assist identifying vulnerabilities in Google Deject and other Google products. Our Vulnerability Reward Program encourages researchers to report design and implementation issues that may put client information at take chances, offering rewards in the tens of thousands of dollars. In Chrome, for instance, we warn users against malware and phishing, and offering rewards for finding security bugs.

Due to our collaboration with the inquiry community, we've squashed more than 700 Chrome security bugs and have rewarded more than $1.25 one thousand thousand — more than than $2 million has been awarded across Google'south various vulnerability rewards programs. We publicly thank these individuals and listing them as contributors to our products and services.

Operational security

Far from existence an afterthought or the focus of occasional initiatives, security is an integral part of our operations.

Vulnerability management

Google administrates a vulnerability direction process that actively scans for security threats using a combination of commercially bachelor and purpose-built in-house tools, intensive automated and manual penetration efforts, quality assurance processes, software security reviews and external audits. The vulnerability management squad is responsible for tracking and following up on vulnerabilities. One time a vulnerability requiring remediation has been identified, it is logged, prioritized according to severity, and assigned an owner. The vulnerability management team tracks such bug and follows up ofttimes until they tin can verify that the issues have been remediated. Google too maintains relationships and interfaces with members of the security research community to track reported bug in Google services and open up-source tools. More information about reporting security issues tin can be found at Google Application Security.

Malware prevention

An effective malware assault tin lead to account compromise, data theft, and mayhap additional access to a network. Google takes these threats to its networks and its customers very seriously and uses a diversity of methods to prevent, detect and eradicate malware. Google helps tens of millions of people every day to protect themselves from harm by showing warnings to users of Google Chrome, Mozilla Firefox and Apple Safari when they effort to navigate to websites that would steal their personal data or install software designed to take over their computers. Malware sites or email attachments install malicious software on users' machines to steal private information, perform identity theft, or attack other computers. When people visit these sites, software that takes over their computer is downloaded without their knowledge. Google'south malware strategy begins with infection prevention by using manual and automated scanners to scour Google'southward search index for websites that may be vehicles for malware or phishing. Approximately ane billion people use Google's Safety Browsing on a regular ground. Google's Safe Browsing engineering examines billions of URLs per solar day looking for unsafe websites. Every day, nosotros discover thousands of new unsafe sites, many of which are legitimate websites that take been compromised. When we detect unsafe sites, nosotros show warnings on Google Search and in web browsers. In addition to our Prophylactic Browsing solution, Google operates VirusTotal, a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. VirusTotal's mission is to help in improving the antivirus and security manufacture and brand the Internet a safer place through the development of free tools and services.

Google makes use of multiple antivirus engines in Gmail, Drive, servers and workstations to help identify malware that may be missed by antivirus signatures.

Monitoring

Google's security monitoring plan is focused on information gathered from internal network traffic, employee actions on systems and outside knowledge of vulnerabilities. At many points across our global network, internal traffic is inspected for suspicious behavior, such every bit the presence of traffic that might indicate botnet connections. This assay is performed using a combination of open-source and commercial tools for traffic capture and parsing. A proprietary correlation organization congenital on top of Google technology also supports this analysis. Network analysis is supplemented past examining system logs to identify unusual beliefs, such as attempted admission of client information. Google security engineers identify continuing search alerts on public data repositories to expect for security incidents that might affect the company's infrastructure. They actively review inbound security reports and monitor public mailing lists, blog posts, and wikis. Automated network analysis helps determine when an unknown threat may exist and escalates to Google security staff, and network assay is supplemented by automated analysis of system logs.

Incident management

We have a rigorous incident management process for security events that may affect the confidentiality, integrity, or availability of systems or data. If an incident occurs, the security team logs and prioritizes it according to its severity. Events that directly impact customers are assigned the highest priority. This process specifies courses of action, procedures for notification, escalation, mitigation, and documentation. Google'due south security incident management program is structured around the NIST guidance on handling incidents (NIST SP 800–61). Central staff are trained in forensics and handling evidence in preparation for an issue, including the use of third-political party and proprietary tools. Testing of incident response plans is performed for key areas, such as systems that store sensitive client information. These tests take into consideration a variety of scenarios, including insider threats and software vulnerabilities. To help ensure the swift resolution of security incidents, the Google security team is available 24/seven to all employees. If an incident involves customer data, Google or its partners will inform the customer and support investigative efforts via our support team. We outline Google's end-to-stop data incident response process in our whitepaper.

Engineering with security at its core

Google Cloud runs on a engineering platform that is conceived, designed and built to operate securely. Google is an innovator in hardware, software, network and organisation management technologies. We custom-designed our servers, proprietary operating system, and geographically distributed data centers. Using the principles of "defence force in depth," we've created an IT infrastructure that is more secure and easier to manage than more traditional technologies.

State-of-the-art data centers

Google's focus on security and protection of data is among our principal design criteria. Google data middle physical security features a layered security model, including safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metallic detectors, and biometrics, and the data center floor features laser axle intrusion detection. Our data centers are monitored 24/7 by high-resolution interior and outside cameras that can detect and track intruders. Access logs, activity records, and photographic camera footage are available in case an incident occurs. Data centers are also routinely patrolled by experienced security guards who have undergone rigorous background checks and preparation. As yous go closer to the information heart floor, security measures besides increment. Access to the data center floor is only possible via a security corridor which implements multi-cistron admission control using security badges and biometrics. But approved employees with specific roles may enter. Less than one percent of Googlers will ever set foot in one of our data centers.

Powering our data centers

To proceed things running 24/7 and ensure uninterrupted services, Google's data centers feature redundant power systems and ecology controls. Every critical component has a principal and alternate ability source, each with equal power. Diesel engine backup generators tin can provide enough emergency electric power to run each data eye at full capacity. Cooling systems maintain a constant operating temperature for servers and other hardware, reducing the risk of service outages. Fire detection and suppression equipment helps forestall harm to hardware. Heat, burn, and smoke detectors trigger audible and visible alarms in the affected zone, at security operations consoles, and at remote monitoring desks.

Environmental affect

Google reduces the environmental impact of running our data centers by designing and edifice our ain facilities. We install smart temperature controls, use "free-cooling" techniques like using outside air or reused h2o for cooling, and redesign how power is distributed to reduce unnecessary energy loss. To gauge improvements, nosotros calculate the functioning of each facility using comprehensive efficiency measurements. Nosotros're the offset major Net services company to proceeds external certification of our high environmental, workplace prophylactic and free energy management standards throughout our data centers. Specifically, nosotros received voluntary ISO 50001 certification and incorporated our ain protocols to go beyond standards.

Custom server hardware and software

Google'south information centers house free energy-efficient, custom, purpose-congenital servers and network equipment that we design and manufacture ourselves. Unlike much commercially available hardware, Google servers don't include unnecessary components such equally video cards, chipsets, or peripheral connectors, which can introduce vulnerabilities. Our production servers run a custom-designed operating system (Os) based on a stripped-downwards and hardened version of Linux. Google's servers and their OS are designed for the sole purpose of providing Google services. Server resources are dynamically allocated, assuasive for flexibility in growth and the ability to adapt quickly and efficiently, adding or reallocating resources based on customer demand. This homogeneous environment is maintained past proprietary software that continually monitors systems for binary modifications. If a modification is found that differs from the standard Google image, the arrangement is automatically returned to its official state. These automated, cocky-healing mechanisms are designed to enable Google to monitor and remediate destabilizing events, receive notifications about incidents, and slow downwardly potential compromise on the network.

Hardware tracking and disposal

Google meticulously tracks the location and status of all equipment within our data centers from acquisition to installation to retirement to destruction, via barcodes and asset tags. Metal detectors and video surveillance are implemented to assistance make sure no equipment leaves the data centre flooring without authorization. If a component fails to pass a operation test at any point during its lifecycle, information technology is removed from inventory and retired. Google hard drives leverage technologies like FDE (full disk encryption) and drive locking, to protect data at rest. When a hard drive is retired, authorized individuals verify that the deejay is erased by writing zeros to the drive and performing a multiple-pace verification process to ensure the bulldoze contains no data. If the drive cannot exist erased for any reason, it is stored securely until it can be physically destroyed. Physical destruction of disks is a multistage process starting time with a crusher that deforms the drive, followed by a shredder that breaks the bulldoze into small-scale pieces, which are then recycled at a secure facility. Each information center adheres to a strict disposal policy and whatever variances are immediately addressed. Nosotros outline Google's end-to-end information deletion process in our whitepaper.

A global network with unique security benefits

Google's IP data network consists of our ain fiber, public fiber, and undersea cables. This allows u.s.a. to evangelize highly available and low latency services across the earth.

In other deject services and on-premises solutions, customer data must make several journeys betwixt devices, known as "hops," across the public Internet. The number of hops depends on the distance betwixt the client's Internet access provider and the solution's information center. Each boosted hop introduces a new opportunity for data to exist attacked or intercepted. Considering it's linked to near ISPs in the world, Google'southward global network improves the security of data in transit past limiting hops across the public Internet.

Defense in depth describes the multiple layers of defense that protect Google'southward network from external attacks. Just authorized services and protocols that run across our security requirements are allowed to traverse information technology; annihilation else is automatically dropped. Manufacture-standard firewalls and admission control lists (ACLs) are used to enforce network segregation. All traffic is routed through custom GFE (Google Front end) servers to detect and stop malicious requests and Distributed Denial-of-service (DDoS) attacks. Additionally, GFE servers are merely allowed to communicate with a controlled list of servers internally; this "default deny" configuration prevents GFE servers from accessing unintended resources. Logs are routinely examined to reveal whatsoever exploitation of programming errors. Access to networked devices is restricted to authorized personnel.

Securing information in transit

Data is vulnerable to unauthorized admission as it travels across the Internet or within networks. For this reason, securing data in transit is a high priority for Google. The Google Front Terminate (GFE) servers mentioned previously back up strong encryption protocols such as TLS to secure the connections betwixt customer devices and Google's web services and APIs. Cloud customers can have advantage of this encryption for their services running on Google Cloud Platform by using the Cloud Load Balancer. Google Deject Platform also offers customers additional transport encryption options, including Deject VPN for establishing IPSec virtual private networks. Our encryption in transit whitepaper and awarding layer transport security whitepaper provide more in-depth information on this topic.

Depression latency and highly available solution

Google designs the components of our platform to exist highly redundant. This redundancy applies to our server pattern, how we shop data, network and Internet connectivity, and the software services themselves. This "redundancy of everything" includes the handling of errors by pattern and creates a solution that is non dependent on a single server, information center, or network connection. Google's data centers are geographically distributed to minimize the furnishings of regional disruptions on global products such as natural disasters and local outages. In the issue of hardware, software, or network failure, platform services and control planes are automatically and instantly shifted from one facility to some other and then that platform services can continue without interruption. Google's highly redundant infrastructure also helps customers protect themselves from data loss. Google Cloud Platform resources can exist created and deployed across multiple regions and zones. Allowing customers to build resilient and highly available systems.

Our highly redundant design has allowed Google to attain an uptime of 99.984% for Gmail for the final years with no scheduled reanimation. Simply put, when Google needs to service or upgrade our platform, users do not experience downtime or maintenance windows.

Service availability

Some of Google'due south services may not be available in some jurisdictions. Often these interruptions are temporary due to network outages, merely others are permanent due to government-mandated blocks. Google's Transparency Written report also shows recent and ongoing disruptions of traffic to Google products. We provide this data to help the public clarify and sympathize the availability of online data.

Independent third-party certifications

Google Deject provides a number of third-party certifications, detailed here.

Information usage

Our philosophy

Google Cloud customers own their data, non Google. The data that customers put into our systems is theirs, and we do not browse information technology for advertisements nor sell information technology to third parties. We offer our customers a detailed information processing amendment for GCP and G Suite, both of which describe our delivery to protecting customer information. It states that Google will not procedure data for any purpose other than to fulfill our contractual obligations. Furthermore, if customers delete their data, we commit to deleting it from our systems within 180 days. Finally, we provide tools that arrive easy for customers to take their data with them if they choose to stop using our services, without penalty or additional price imposed by Google. Read our Trust Principles to learn more about Google Cloud's philosophy and commitments to customers.

Data access and restrictions

Administrative admission

To go along information private and secure, Google logically isolates each customer'south data from that of other customers and users, even when it'south stored on the same concrete server. Only a small group of Google employees accept access to customer data. For Google employees, access rights and levels are based on their chore function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities. Google employees are only granted a express set of default permissions to access visitor resources, such every bit employee email and Google'due south internal employee portal. Requests for additional access follow a formal process that involves a request and an approval from a information or arrangement owner, managing director, or other executives, every bit dictated past Google's security policies. Approvals are managed past workflow tools that maintain audit records of all changes. These tools control both the modification of authorization settings and the approval process to ensure consistent application of the approval policies. An employee's authorization settings are used to control access to all resources, including data and systems for Google Deject products. Support services are simply provided to authorized client administrators whose identities accept been verified in several means. Googler access is monitored and audited by our dedicated security, privacy, and internal audit teams, and we provide inspect logs to customers through Access Transparency for GCP.

For customer administrators

Within customer organizations, administrative roles and privileges for Google Cloud are configured and controlled past the projection owner. This means that individual squad members can manage certain services or perform specific administrative functions without gaining access to all settings and data.

Law enforcement data requests

The client, as the data owner, is primarily responsible for responding to law enforcement data requests; however, like other technology and communications companies, Google may receive straight requests from governments and courts around the world about how a person has used the company'south services. We accept measures to protect customers' privacy and limit excessive requests while besides coming together our legal obligations. Respect for the privacy and security of data you store with Google remains our priority as we comply with these legal requests. When we receive such a request, our squad reviews the asking to make sure it satisfies legal requirements and Google's policies. Mostly speaking, for u.s.a. to comply, the request must be made in writing, signed by an authorized official of the requesting agency and issued under an advisable police. If we believe a asking is overly broad, we'll seek to narrow it, and we push back ofttimes and when necessary. For instance, in 2006 Google was the just major search visitor that refused a U.S. authorities request to hand over ii months of user search queries. We objected to the subpoena, and eventually a court denied the government's request. In some cases we receive a asking for all data associated with a Google account, and we may inquire the requesting agency to limit it to a specific production or service. We believe the public deserves to know the full extent to which governments request user data from Google. That's why we became the offset company to start regularly publishing reports about authorities data requests. Detailed data about data requests and Google'southward response to them is available in our Transparency Study and government requests whitepaper. It is Google'due south policy to notify customers about requests for their data unless specifically prohibited past law or courtroom club.

Third-party suppliers

Google direct conducts virtually all data processing activities to provide our services. However, Google may engage some third-party suppliers to provide services related to Google Deject, including customer and technical support. Prior to onboarding third-party suppliers, Google conducts an assessment of the security and privacy practices of third-party suppliers to ensure they provide a level of security and privacy appropriate to their access to data and the telescopic of the services they are engaged to provide. Once Google has assessed the risks presented past the 3rd-party supplier, the supplier is required to enter into advisable security, confidentiality, and privacy contract terms.

Regulatory compliance

Our customers have varying regulatory compliance needs. Our clients operate beyond regulated industries, including finance, pharmaceutical and manufacturing.

Our about upward-to-date compliance data is available here.

Conclusion

The protection of your data is a primary design consideration for all of Google's infrastructure, products and personnel operations. Our scale of operations and collaboration with the security enquiry community enable Google to accost vulnerabilities quickly or foreclose them entirely.

We believe that Google can offer a level of protection that very few public cloud providers or private enterprise Information technology teams tin match. Because protecting information is cadre to Google'due south concern, nosotros tin can make extensive investments in security, resource and expertise at a scale that others cannot. Our investment frees you lot to focus on your business organisation and innovation. Information protection is more than just security. Google'due south strong contractual commitments make sure you maintain control over your data and how information technology is candy, including the assurance that your data is not used for advertising or any purpose other than to deliver Google Cloud services.

For these reasons and more, over 5 million organizations across the globe, including 64 percent of the Fortune 500, trust Google with their most valuable asset: their information. Google will go along to invest in our platform to allow you to do good from our services in a secure and transparent manner.

bowmanmompok.blogspot.com

Source: https://cloud.google.com/docs/security/overview/whitepaper

Share this post