Security and data protection
In this tutorial we will learn and understand about security and data protection.
Google employs security and privacy professionals that include some of the world’s foremost experts in information, application, and network security. This expert team is tasked with maintaining the company’s defense systems, developing security review processes, building stronger security infrastructure, and precisely implementing Google’s security policies. Further, Google also employs an extensive team of lawyers, regulatory compliance experts, and public policy specialists who look after privacy and security compliance for Google Cloud.
Data Protection Services
Availability, Integrity & Resilience
Google designs the components of our platform to be highly redundant. Google’s data centers are geographically distributed to minimize the effects of regional disruptions on global products. However, in the event of hardware, software, or network failure, services are automatically and instantly shifted from one facility to another. This so that operations can continue without interruption.
Equipment Testing and Security
Google utilizes barcodes and asset tags to track the status and location of data center equipment from acquisition to installation, retirement, and destruction. However, if a component fails to pass a performance test at any point during its lifecycle. Then, it is removed from inventory and retired. Google hard drives leverage technologies, such as Full Disk Encryption (FDE) and drive locking, to protect data at rest.
Disaster Recovery Testing
Google conducts disaster recovery testing on an annual basis to provide a coordinated venue for infrastructure and application teams. This is to test communication plans, fail-over scenarios, operational transition, and other emergency responses. Further, all teams that participate in the disaster recovery exercise develop testing plans and post mortems.
Encryption
Google uses encryption to protect data in transit and at rest. Google Workspace and Google Cloud Platform services encrypt customer content stored at rest, without any action required from customers. And, using one or more encryption mechanisms.
Access Controls
For Google employees, access rights and levels are based on job function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities. However, requests for additional access follow a formal process that involves a request and an approval from a data or system owner, manager, or other executives. Data centers that house Google Cloud systems and infrastructure components are subject to physical access restrictions. Further, they are equipped with 24 x 7 on-site security personnel, security guards, access badges, biometric identification mechanisms, physical locks and video camera.
Incident Management
Google has a dedicated security team responsible for security and privacy of customer data and managing security 24 hours a day and 7 days a week worldwide. Individuals from this team receive incident-related notifications and are responsible for helping resolve emergencies 24 x 7. However, incident response policies are in place and procedures for resolving critical incidents are documented. Information from these events is used to help prevent future incidents. And it can be used as examples for information security training. Further, Google’s incident management processes are tested on a regular basis as part of our ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27001, PCI-DSS1, SOC 2 and FedRAMP programs.
Vulnerability Management
We scan for software vulnerabilities using a combination of commercially available and purpose-built in-house tools. This also include intensive automated and manual penetration testing, quality assurance processes, software security reviews, and external audits. Further, we also rely on the broader security research community. Our Vulnerability Reward Program encourages researchers to report design and implementation issues that may put customer data at risk.
Reference: Google Documentation