Cloud computing is used by the majority of Google technologies, including Google App Engine, Gmail, Google Documents, Google Calendar, and Google Cloud Storage (Brodkin 1-3). The aforementioned technologies offer simple-to-use services as well as goods for personal and corporate use. The services they provide enable individuals to access the internet from any internet-enabled device, allowing them to retrieve data and information needed for various tasks (Korns, Stephen, and Joshua 60). The cloud computing used by Google technologies allows various storage resources to be shared by many users while at the same time offering a lot of benefits to the users, for example, security (Brodkin 1-3; Ramanathan, Shalini, Savita, and Subramanian). It is true to state that security is a vital component of Google and it is put into consideration in each of Google’s computing systems, for example, server assignment, processing, computerization, and data storage. This particular paper will argue that Google is well aware of the security vulnerability in its computing system and through techniques such as the access control, it has managed to create a safer platform for offering its cloud products.
Google is a multinational technology company based in the United States of America (USA). It specializes in internet-related products and services, for example, cloud computing, online advertising technologies, hardware, and software (Korns, Stephen, and Joshua 60). It is important to note that it was established in the year 1996 by Sergey Bin and Larry Page who were both Ph.D students at the Stanford University (Vise). It can be acknowledged that the company has grown rapidly over the recent years and this can be directly attributed to the acquisitions, chain of products, and the partnerships it has done over the recent years. Google offers services that are designed for productivity and work, based on the cloud technology and these include; email, Google Docs, and the Sheets and Slides. It offers time management and scheduling services and these include; the Google drive, Google Calendar, Google +, Hangouts, and the Google translate. The company also offers the turn by turn navigation and mapping services through the Google maps. It also provides a video sharing platform referred to as YouTube and a photo sharing platform referred to as Google photos (Vise). Google is also known for creating the Android operating system and the famous Google Chrome browser (Shabtai, Asaf, et al. 35-44). Since Google offers a wide range of services that are primarily based on the cloud technology, the company has developed a security strategy that makes sure that any vulnerability in its computing system is promptly discovered and immediate action is taken to remedy the situation. This particular security strategy is based on the following components; the corporate security policies, organizational security, data asset management, access control, personal security, infrastructure security, as well as, the physical and environmental security.
The Corporate Security Policies
It is true to state that Google’s commitment to security is deeply rooted in its codes of codes of conduct. It can be acknowledged that security vulnerabilities may arise from account, physical, and data threats, thus, these policies inform topics ranging from the general policies each and every employee in the company must comply with, as well as, the policies that are more specialized and cover the internal applications, as well as, the systems that employees are required to follow. To make sure that its cloud system is well protected from various vulnerabilities, Google has its security policies frequently reviewed and updated (Shabtai, Asaf, et al. 35-44). It is important to note that the employees are also required to receive regular training on various security topics, for example, working safely from remote locations, how to use the internet safely, and how to handle sensitive data and information (Korns, Stephen, and Joshua 60). The company also makes sure that the employees receive regular training on the policy topics of interest, for example, the safety of emerging technologies like the social and the mobile technologies.
The Organizational Security
It is important to note that the organizational security of Google is divided into various teams with each team focusing on one particular element of its organizational security. The teams work together to make sure that they address the company’s global computing environment.
The Information Security Team
This team is made up of 250 experts in network, information, and application security. It is the responsibility of this particular team to make sure that Google’s internal defense system is well maintained and it does this by customizing the company’s security infrastructure and by conducting regular security reviews. It is important to note that it is this team that is tasked with the responsibility of the security policies, as well as, the standards discussed in the corporate security policy section of this paper.
The Physical Security Team
The physical security team is responsible for maintaining the staff of the company at a global level. This particular team is headquartered in the USA and makes sure that the physical security of the data center facilities, as well as, the offices of the company is maintained. It is important to note that members of this particular team are trained to maintain security in mission-critical infrastructures.
The Global Compliance and Internal audit Team
Complying with the regulatory, as well as, the statutory compliances worldwide is a major security concern for Google. Therefore, the company has established a regulatory compliance, as well as, a global internal audit function that continuously checks the compliance requirements, as well as, the auditing adherence of the company.
Access Control
It can be acknowledged that Google is one of the companies in the world that has a wide data asset. This wide data asset needs to be well protected from computer system vulnerabilities, thus, the company has employed authorization, as well as, authentication controls that have been customized to prevent any unauthorized access to its vast data assets.
The Authorization Controls
Through these authorization controls, the employees at Google have access rights that are based on their jobs, as well as, their role functions (Chow, Richard, et al.). The employees are only given a limited set of permissions to access the company’s resources. The access to additional resources is granted on the basis of the employee’s role functions. To access additional resources, the employees have to apply for permissions from the system or data managers, owners, and executives and this is indicated in the company’s corporate security policies. Special tools referred to as the workflow tools manage the approvals, as well as, maintain the audited records of all the changes made. It is important to note that the authorization settings of all the employees in the company are used to grant access to all the company resources, for example, the systems and data from the Google’s products and cloud technologies.
The Authentication Controls
To ensure that its system is well secured, Google requires each and every employee to have a unique user ID. These particular accounts are used to identify the activities of each and every employee on the company’s network and this includes any attempts to access the customer or employee data. Once an individual is hired, the human resource department grants the individual the user ID that grants the new employee a set of privileges, for example, signing into their workstations. To protect each and every employee’s account, Google makes effective use of the 2-step authentication mechanism, for example, the one-time password generator, as well as, the certificates. At the end of an individual’s employment at Google, the user ID access to the company’s network is disabled in the HR system internally.
Personal Security
It is a requirement by the company that all the employees conduct themselves in ways that are in accordance with the set guidelines. These guidelines regard the business ethics, confidentiality, appropriate usage, as well as, the professional standards. Before an individual is hired, his or her education and previous employment are analyzed. It is important to note that where the labor law regulations permit, Google also analyzes the credit immigration and the criminal record of an individual. Upon employment, the new employees are expected to acknowledge the receipt of the company’s policies, as well as, execute a confidentiality agreement with the company.
Data Asset and Management
Google’s data assets that are mainly comprised of corporate data assets, as well as, end-user assets are usually managed under the security procedures, as well as, policies. Those handling data assets within the company are required to comply with the guidelines and the procedures outlined in Google’s security policies and they include;
Media Disposal
Through media disposal, all the disks that have retired from the company’s system are subjected to a data destruction process so that they may be allowed to leave the company’s premises. The disks are first logically scanned by the authorized individual who only uses the processes that have been approved by the company’s security team. The disks are then logically scanned for a second time by an authorized individual who confirms that the disks were appropriately scanned. Finally, the scanned disk is marked for reuse and redeployment, however, if the disc cannot be erased due to system issues, it I stored carefully until when it will be physically destroyed. It is important to note that this process is audited on a weekly basis to make sure that the erasing procedure is in line with company’s security policy.
Information Access
Google is tasked with the responsibility of protecting its customers’ information, thus, for it to do this effectively it Google runs its applications in distributed multi-tenant environments. By running its applications in this kind of environment, its consumer and business data is shared among specific infrastructure that is composed of many of Google’s homogenous machines only located in the company’s data centers. Both the structured and the unstructured data is stored in distributed storage technologies, for example, the Google file systems like Big Table. Each of Google’s application and storage stack requires authentication from an authentication infrastructure designed by Google.
The Physical and Environmental Security
The physical security, as well as, the good maintain ace of the environments in which the Google’s data centers are located is the main security concern for Google. For this particular reason, the company has come up with policies, procedures, as well as, infrastructure through which the physical security of its data centers, as well as, the maintain ace of a good environment within the data centers would be ensured.
The Physical Security Controls
It can be acknowledged that Google’s data centers are geographically distributed, hence, they require a variety of the physical security measures. It is important to note that the policies and the technologies used in these data centers vary greatly because they depend on the location of the building, as well as, the regional and the local risks. However, the standard physical controls implemented by Google in all its data centers include;
The alarm system
An electronic card access control system (Chow, Richard, et al.)
Security guards
Exterior and interior cameras
The access to areas where system components are located is segregated and is located away from areas such as the lobbies and the general office areas. The cameras installed in this data centers are centrally located so that they may monitor spacious activity and the premises are routinely patrolled by the security guards. It is important to note that the cameras installed in these data centers are of high resolution and have special features such as the video analytic that allows for the quick detection of intruders. All the activity records, as well as, the video footage from all the installed cameras are safely kept for future review. It is also important to mention the additional security controls, for example, the biometrics, thermal imaging cameras, and the perimeter fence (Chow, Richard, et al.).
The Environmental Controls
It is true to state that Google has over the years managed to implement a set of controls that are mean to support its operating environment and they include;
The Climate and Temperature Controls
In order to maintain a constant operating temperature for the computing hardware, as well as, the servers, Google as installed cooling facilities in its data centers. It is important to note that effective cooling prevents overheating which may cause service outage (Fink). The cooling facilities installed are usually powered by both the normal and the emergency electrical systems of the company (Fink).
Power
Due to its vast operations, Google has to ensure that its facilities run on a 24/7 basis. Thus, the company has adopted alternative power sources which would continue to power its facilities in case of under-voltage, blackouts, out-of-tolerance frequency, and utility burnout.
The detection and suppression of fire
In all its facilities, Google gas installed fire detection and suppression equipment which have helped reduce the damage the company’s hardware would get in case of a fire breakout. The fire detection and suppression equipment installed in Google’s facilities use heat, water, and smoke to detect fire and raise an alarm. It is also important to note that manually operated fire extinguishers are located throughout the premises. The technicians in the systems receive regular training on fire detection and extinguishment and this includes the effective use of the fire extinguishers within the facilities.
The Infrastructure Security
The proper management of infrastructure ensures that threats are well prevented. Google is well aware of this, thus, it has come up with security policies that inform the proper management of its infrastructure.
The Vulnerability Management
It can be acknowledged that Google has employed a team that has been tasked with the responsibility of managing the company’s vulnerabilities in a timely way. Using the commercial and the in-house-developed tools, the security team effectively scans the security threats. It is important to note that once a potential vulnerability has been identified by the vulnerability management team, it is logged according to its priority then it is assigned to the relevant owner to effectively remedy it.
Monitoring
Google has installed an advanced monitoring system that effectively analyzes all the information that is gathered from the actions of the employees in the system, internal network traffic, and the outside knowledge of various vulnerabilities. The internal traffic is frequently checked for any suspicious behavior, for example, the botnet connections. It is also important to note that the Google engineers always put standing search alerts in all the public data repositories and with this, they are able to look for any security incidents that may affect Google’s infrastructure.
The Prevention of Malware
In the contemporary IT environment, it is true to state that malware presents a major security threat. It is important to note that malware can lead to data theft, unauthorized access to a network, and account compromise. It is because of this that Google takes the prevention of malware seriously. Google has implemented a strategy through which malware can be detected and prevented. The strategy is composed of automated and manual scanners that scan the search index of Google in the websites that might have malware in them. It is because of this malware that the blacklist procedure was incorporated into many web browsers, as well as, led to the creation of the Google toolbar which helps protect the internet users from compromised websites (Korns, Stephen, and Joshua 60).
Conclusion
As it has been discussed above, Google has employed a multi-layered security strategy that is made up of core components that have been illustrated in the above-discussed sections of this paper. These components protect Google’s computer system and allow it to create an environment through which it can effectively offer its services that are mainly based on cloud computing.
Works Cited
Brodkin, Jon. "Gartner: Seven cloud-computing security risks." Infoworld2008 (2008): 1-3.
Chow, Richard, et al. "Controlling data in the cloud: outsourcing computation without outsourcing control." Proceedings of the 2009 ACM workshop on Cloud computing security. ACM, 2009.
Fink, James. "Data center cooling system." U.S. Patent No. 6,859,366. 22 Feb. 2005.
Korns, Stephen W., and Joshua E. Kastenberg. "Georgia's cyber left hook."Parameters 38.4 (2008): 60.
Ramanathan, Shalini, Savita Goel, and Subramanian Alagumalai. "Comparison of cloud database: Amazon's SimpleDB and Google's Bigtable." Recent Trends in Information Systems (ReTIS), 2011 International Conference on. IEEE, 2011.
Shabtai, Asaf, et al. "Google android: A comprehensive security assessment." IEEE Security & Privacy 8.2 (2010): 35-44.
Vise, David. "The google story." Strategic Direction 23.10 (2007).
