Google deeply cares about security

Google deeply cares about security

Google successfully protects data for eight of its products with over a billion users. More than five million organizations across the globe, including 64% of Fortune 500’s, trust Google with their most valuable asset: information. Protecting data is at the core of our business.

Google makes its investments in security, resources and expertise on a scale that others simply cannot match. Therefore, we believe that very few public cloud providers or private enterprise IT teams offer a level of protection that can match ours. Our vision on security unfolds in two area’s; our organization and our hardware. 

The largest private network in the world
Let’s start with hardware. First, Google Cloud has the largest privately owned network in the world. Google Cloud has more than 100,000 miles of fiber optic cable in which we have invested $30.9bn in the last three years. This allows us to reduce the risks posed by the public internet, allowing  us to protect more because we see more.

According to the numbers: more than 25% of all internet traffic travels on the Google network, 694,000 web pages are scanned for malicious intent every minute, more than 400 million Android devices are checked for safety every day, we defend more than 1 billion Gmail and Chrome accounts and 100% of customer data stored at rest is encrypted by default.

For me, privacy and security are really important. We think about it in terms of both: you can't have privacy without security

Larry Page Google Founder

Protocols
All data stored or transferred to the Google cloud are strongly encrypted following the AES protocol. This provides strong online security for customer data. A physical cloud service element in the form of data centers still exists. This is recognized by Google, which uses multifactor access control, as well as biometric measures to prevent unauthorized persons from entering or exiting.

We wouldn't survive if people didn't trust us

Sergey Brin Google Founder

Sharing is caring
The security team takes part in research to protect the wider Internet users community, which go beyond those who choose Google solutions. Examples include the discovery of POODLE SSL 3.0 exploit and cipher suite weaknesses. The security team also publishes security research papers that are available to the public. Further, we specifically built a full-time team known as Project Zero to prevent targeted attacks. This is done by reporting bugs to software vendors and filing them in an external database.

Google also has long enjoyed a close relationship with the security research community, and we greatly value their help. Our Vulnerability Reward Program encourages researchers to report issues that may put customer data at risk, thus offering rewards. Due to our collaborations, we’ve squashed more than 700 Chrome security bugs with rewards of over $1.25 million. More than $2 million has been awarded across Google’s various vulnerability rewards programs. We publicly thank these individuals as contributors to our products and services.

Open platforms historically undergo a lot of scrutiny, but there are a lot of advantages to having an open source platform from a security standpoint

Sundar Pichai CEO, Google

Organization
Just like any IT product, cloud security can be made or broken by those who design and maintain it. As a result, security is deeply rooted in our way of working and in our culture. All Googlers have passed an extensive background check, attended security trainings, signed a code of conduct, and attended regular in-house conferences to drive awareness and innovation in security and data privacy.

Google also employs its own security and privacy team that is a part of our software engineering and operations division.This team is tasked with maintaining the company’s defense systems, developing security review processes, building security infrastructure, and implementing Google’s security policies. 

Security risks come in numbers. Therefore, the administrative rights and database access for Google employees are minimized. Less than 1% of all Googlers have set foot in a data center. The small number of employees who are directly involved with the cloud are thus subject to extensive background checks by both internal and external parties.

Concluding
Google’s multi-faceted approach toward security minimizes the risk of data loss or theft on Google cloud services. This makes Google a security leader and a reliable partner in holding an increasingly important asset: your data.