February 22, 2007

Security at Google

To prove to the potential customers of Google Apps' business edition that Google cares about security, they released a white paper titled "Comprehensive review of security and vulnerability protections for Google Apps" (available as PDF). Here are some interesting details:
Google operates one of the largest networks of distributed datacenters in the world, and goes to great lengths to protect the data and intellectual property in these centers. Google operates an undisclosed number of datacenters worldwide. Many primary Google datacenters are wholly owned and managed ensuring that no outside parties can gain access. The geographic locations of the datacenters were chosen to give protection against catastrophic events. The datacenters are at confidential, undisclosed locations in order to guard against user data being targeted. These facilities are protected with armed personnel around the clock. In addition, strong methods of entry protection such as biometric devices and secure token cards are used to ensure that only authorized personnel are granted access. Only select Google employees have access to the datacenter facilities and the servers contained therein, and this access is tightly controlled and audited.

The facilities themselves are engineered not only for maximum efficiency, but also for security and reliability. Multiple levels of redundancy ensure ongoing operation and service availability in even the harshest and most extreme of circumstances. This includes multiple levels of redundancy within a center, generator-powered backup for ongoing operations, and full redundancy across multiple dispersed centers. State of the art controls are used to monitor the centers both locally and remotely, and automated failover systems are present to safeguard systems. (...)

Data such as email is stored in a difficult to decipher format optimized for performance, rather than stored in a traditional file system or database manner. Data is dispersed across a number of physical and logical volumes for redundancy and expedient access, thereby obfuscating it from tampering. Google's physical protections described above ensure that no physical access to servers is possible. All access to production systems is conducted by cleared personnel using encrypted SSH (secure shell). Specialized knowledge of the data structures and Google's proprietary distributed architecture is built to provide a higher level of security and reliability than a traditional single tenant architecture. Individual user data is dispersed across a number of anonymous servers, clusters, and data centers. This ensures that data is not only safe from potential loss, but also highly secure.

Despite all these protection measures, Google had problems with cross-site scripting and some people even lost their Gmail accounts. If you find a security breach in a Google product, report it at security@google.com and wait a reasonable amount of time before revealing the details to the public.

8 comments:

  1. > These facilities are protected
    > with armed personnel around the
    > clock.

    Holy shit. They sure try to scare people.

    Then again what kind of hacker tries to unveil data by just waltzing into a datacenter? Most hackers can do their job fine from home :)

    ReplyDelete
  2. 1) Not all evil-doers aim to hack - some aim to destroy. Ergo, all the software protection in the world is useless without physical protection.

    2) Give me physical access to your PC(s) and (unless all your data is encrypted to a level I haven't the horsepower to break) all your firewalls are useless .

    ReplyDelete
  3. actually, armed personal are normally arond most DC. This is part of the physical security..

    Actually Philipp, some of the most intriguing Hacks have been access to a vault ..its prety easy once you have fake ID's and social engg skills !!

    ReplyDelete
  4. I wonder how Yahoo and Microsoft protect our data?!

    ReplyDelete
  5. I'm seriously sick of people, no of googlesystem and tech crunch and everybody bringing up the email deletion incident. The link you provide says that it was a security flaw in firefox that made it possible. To google, those users went and deleted their own mail and contacts. Had the criminal hacker to setup the attack targeted yahoo or hotmail, it wouldn't have been any different.

    Quit harping on that.

    ReplyDelete
  6. Wizard_2, that wasn't the only incident concerning Gmail. I know that TechCrunch exaggerated the whole thing, but I tried to be balanced and show that Google's security measures are not flawless.

    ReplyDelete
  7. People also need to wake up to the fact that the security of their online data depends on a variety of factors, and the google data centers are only one of them. If anything (further demonstrated by this paper) the google data centers are probably the safest link in the chain.
    As Philipp mentioned, what kind of hacker will try to attack a google data center to get to your data?
    The weakest links in the chain are probably:
    - SSL encryption: Google still does not use a secure connection to send your data to your browser, unless you force it yourself. Without a secure connection, data is flowing unencrypted and can be snooped upon by a hacker watching IP packets go by.
    - client-side encryption: someone with access to your computer, if you are logged into your Google account (this is increasingly the case) can view and download your files without the need to even know your password. This is a serious security issue until Google can provide tools for users to protect sensitive files.
    check this on the subject: http://lepetitradiateur.blogspot.com/2007/01/suggestion-increased-security-in.html

    ReplyDelete
  8. You have a very good site, well constructed and very interesting i have bookmarked you, hopefully you keep posting new stuff, many thanks
    armed security service

    ReplyDelete

Note: Only a member of this blog may post a comment.