Google when name arrives it is known for a variety of applications such as Gmail, Drive, Docs with cloud services. But do we ever think about how the security mechanism is worked for that? How the data is being kept intact with the security keeping in mind for about more than a billion users, you can’t bet that security is always on the mind of the Google employees but Design for security is common, throughout the infrastructure for the services running on GCP.
There are seven layers in the GCP security infrastructure and all are responsible for their respective mechanisms. Google keeps the data secure by applying it all into the mechanism layers from bottom to top as both server boards and the networking equipment used in Data Centers are custom-designed personally by google inside its hood.
Methods of securing User Data by Google
Here are some of the ways by which google keeps the data of users secure:
- Designing Custom chips:
Google designs its own customized hardware security chip known as Titan, which is currently deployed at both servers and peripherals.
Google Titan is a chip that prevents attacks from the government spies where they try to intercept hardware and introduce a firmware implant. Titan is now a part of the Google Cloud Platform to primarily secure the data of the customers. Now, these chips are also to be used in Google Pixel.
- Cryptograph Signatures:
Servers run a variety to the software at a single time, to ensure the right software the google uses the cryptographic signature. This signature verifies that the correct software is booting.
Cryptographic Signature is the key primitives that are used for message authentication, it has three fundamental characteristics namely Message Authentication, Data Integrity, and non-repudiation.
- Limiting the Access:
Data Centers are designed by Google, they ensure its development on multiple layers of physical security protections.
Access to these centers is restricted and a few employees are allowed to work there. They use multiple protection layers such as metal detection, cameras, and biometrics so that the security is not breached by one or other means.
- Communication Between the other services:
Google’s infrastructure provides a digitally signature privacy and integrity for remote procedures called data-on-the-network, this is how the data is being transferred between the applications. There are thousands of server machines connected to a local network.
This infrastructure automatically our PC ‘s traffic in transit between data centers.
- Hardware Encryption:
Google uses hardware encryption to support end-users data. They enable the hardware encryption in SSD’s and other storage devices. This is how the data is kept secure at data centers. These ensure that the data used by the users is secured and vital use is been done
and this is how the overall security is achieved.
- Open Development Opportunity:
Google also runs a vulnerability reward program where they pay anyone who can discover and inform us of bugs in our infrastructure or applications. Google provides the source code to support open development and to notify bugs into it.
- Monitoring Websites:
Google aggressively limits and actively monitors the activities of employees who are been granted administrative access to the infrastructure. To guard against phishing attacks against Google employees. Employees with administrator rights need to be specially taken care of as they can be made a threat to the organization by indirect means.
- Google Front End (GFE):
As we all know that Gmail offers two-step verification for the authenticity of the user, these are applied to the cloud as well. Google services who want to make them available have to register om the internet, they have to be on the Google Front End, which checks the incoming network connections and the certificates for best practices. GFE additionally applies protection against denial of service attacks.