In our new series about Google Workspace security, we will discuss Google’s approach to security and compliance. As Cloud computing pioneers, Google takes their security very seriously and understands the concerns over enterprise cloud computing. Their approach comes in many parts. Last time we heard about Google’s Security and Privacy Focused Culture. Today we will dive into the security involved in Google Workspace.
We all know quite a bit about the Google Workspace capabilities. If you are new to the tools, please check out some of our posts such as Hello Google Workspace, goodbye G Suite. In short, Google Workspace helps us accomplish everything we need to in our jobs. From emails to file storage, Google Workspace has you covered.
But what about the security built into the tool? This is not commonly spoken or written about. Google built their tools on the principle of “defense in depth”. The principle is not something we commonly see in other traditional IT tools. From inception, Google’s engineers design, build, and deliver tools that have security at their core. You might ask, how do they do this? Read on to find out.
We spoke a little about Google’s data centers in our environmental sustainability piece a few months ago. Beyond the environment, Google’s team have designed their data centers with security in mind.
From a purely physical standpoint, the data centers contain all the necessary features to remain secure:
- Custom-designed electronic access cards
- Vehicle access barriers
- Perimeter fencing
- Metal detectors
- and laser beam intrusion detection on the data center floors
On top of all this, there are cameras both internally and externally around the data center. There are also experienced security professionals monitoring the footage and the actual building 24/7. If an incident does occur, the team stores the camera footage so referring back to it is easy.
Only a small group of Google employees even have access to the data centers. When they get access, they still need to use the security badges, access cards, and biometrics just to get inside.
Google uses redundant power sources to ensure that their data centers are up and running without any outages. If there is a security breach or outage, each part of the data center has a primary power source which the team can turn off and a secondary source which they can use instead. The team can reduce hardware damage by utilizing heat, fire, and smoke detectors. These detectors are monitored on site and offsite using monitoring software.
As mentioned in our previous blog about environmental sustainability, Google likes to build their data centers with the latest “green” technology. This technology utilizes environmentally friendly cooling methods for the often hot data centers. Reused water and usage of outside air are the primary methods for cooling. Google also constantly monitors each data center to ensure it is exceeding industry standards.
Server Hardware and Software
Google designs and manufactures their own software and hardware contained within the data centers. By doing this, they can ensure the energy efficiency and security is up to their standards, which are quite high. Google’s operating system on these servers resembles a stripped down, bare bone Linux system, but is actually custom built to run Google’s services. So, unlike more traditional software services, Google doesn’t rely on external vendors for parts which could introduce vulnerabilities. Google also dynamically allocates their server resources, which keeps all customers happy regardless of their demands. The homogeneous environment contains software which monitors all changes at a binary level. If the software does not recognize one of the changes compared to the Google image, the responsible team will reset the system to the previous version.
Tracking and Disposal
Google uses barcodes and asset tags to meticulously track the location and status of all equipment in their data centers. This starts when the item is initially built and ends when the item is no longer in use. The video cameras referenced above help ensure that no hardware leaves the floor without prior authorization. The security team also uses metal detectors to inhibit theft.
Once a server is no longer in use, the team makes sure that the drive is wiped and completely cleaned. There is a multi-step verification process which ensures that the drive is completely empty before getting discarded. If, for whatever reason, the team cannot clean the drive, Google will store it until the team can adequately destroy it.
Think about all the data you transfer at work on a regular basis. Whether it’s chat, email, or video conferencing; data exchanges hands on a regular basis. Google takes this very seriously. While your data is “at rest” on a disk, it is encrypted. Even if someone were to physically obtain access to a data center and steal the disk containing your data, they would still need the encryption keys in order to get in. The same goes for when your data is “in transit”. Oftentimes the data will need to move from one data center to another in order to still be highly available to the end user. When this happens, the data is also encrypted.
Google pioneered the usage of Transport Layer Security (TLS) when sending emails. TLS allows total encryption when transporting emails between Google servers and non Google servers. Google also developed the MTA-STS standard which allows receiving domains to require transport confidentiality and integrity protection for emails.
It’s not all rainbows and butterflies, however. In some jurisdictions Google’s services are not available. This unavailability can come as either temporary or permanent. Google regularly updates their Transparency Report which allows customers and potential customers to see where their services are available. When journalists or other people on the ground enquire, Google allows access to their monitoring graphs which show worldwide traffic over time. Google feels it’s important to keep this data secure but also allow public access when necessary to understand the availability of online information.
All in all, there is no competition when it comes to security in workspace software. Google is the pioneer and champion of services with security at their core. When you and your organization decide to go with Google, as millions of others do, you can rest assured that your information will be safe and secure throughout the duration of your engagement.
If you and your team need any help with Google Workspace, please feel free to reach out to us at Seibert Media, we would love to help.