Thursday, February 22, 2007

Security at Google

To prove to the potential customers of Google Apps' business edition that Google cares about security, they released a white paper titled "Comprehensive review of security and vulnerability protections for Google Apps" (available as PDF). Here are some interesting details:
Google operates one of the largest networks of distributed datacenters in the world, and goes to great lengths to protect the data and intellectual property in these centers. Google operates an undisclosed number of datacenters worldwide. Many primary Google datacenters are wholly owned and managed ensuring that no outside parties can gain access. The geographic locations of the datacenters were chosen to give protection against catastrophic events. The datacenters are at confidential, undisclosed locations in order to guard against user data being targeted. These facilities are protected with armed personnel around the clock. In addition, strong methods of entry protection such as biometric devices and secure token cards are used to ensure that only authorized personnel are granted access. Only select Google employees have access to the datacenter facilities and the servers contained therein, and this access is tightly controlled and audited.

The facilities themselves are engineered not only for maximum efficiency, but also for security and reliability. Multiple levels of redundancy ensure ongoing operation and service availability in even the harshest and most extreme of circumstances. This includes multiple levels of redundancy within a center, generator-powered backup for ongoing operations, and full redundancy across multiple dispersed centers. State of the art controls are used to monitor the centers both locally and remotely, and automated failover systems are present to safeguard systems. (...)

Data such as email is stored in a difficult to decipher format optimized for performance, rather than stored in a traditional file system or database manner. Data is dispersed across a number of physical and logical volumes for redundancy and expedient access, thereby obfuscating it from tampering. Google's physical protections described above ensure that no physical access to servers is possible. All access to production systems is conducted by cleared personnel using encrypted SSH (secure shell). Specialized knowledge of the data structures and Google's proprietary distributed architecture is built to provide a higher level of security and reliability than a traditional single tenant architecture. Individual user data is dispersed across a number of anonymous servers, clusters, and data centers. This ensures that data is not only safe from potential loss, but also highly secure.

Despite all these protection measures, Google had problems with cross-site scripting and some people even lost their Gmail accounts. If you find a security breach in a Google product, report it at security@google.com and wait a reasonable amount of time before revealing the details to the public.

No comments:

Post a Comment