Google Blogoscoped

Thursday, February 22, 2007

Google’s Security Statement (They’re Armed!)

Ionut found a remarkable bit in a Google PDF titled “Comprehensive review of security and vulnerability protections for Google Apps.” This is from the part on “Physical Security”:

Google operates one of the largest networks of distributed datacenters in the world, and goes to great lengths to protect the data and intellectual property in these centers. Google operates an undisclosed number of datacenters worldwide. Many primary Google datacenters are wholly owned and managed ensuring that no outside parties can gain access. The geographic locations of the datacenters were chosen to give protection against catastrophic events. The datacenters are at confidential, undisclosed locations in order to guard against user data being targeted. These facilities are protected with armed personnel around the clock. In addition, strong methods of entry protection such as biometric devices and secure token cards are used to ensure that only authorized personnel are granted access. Only select Google employees have access to the datacenter facilities and the servers contained therein, and this access is tightly controlled and audited.

Hackers don’t care about weapons, though, as they’re not walking in through the front door. Google knows as much and adds this piece about “Logical Security”:

In web-based computing, the logical security of data and applications is as critical as physical security. Google goes to extremes to ensure that applications are secure, that data is handled in a secure and responsible way, and that no external unauthorized access to customer or user data can be achieved. To achieve this goal, Google uses a number of industry standard techniques as well as some unique, innovative approaches. One such approach is leveraging special purpose technology as opposed to general-purpose software.

Much of Google’s technology is written to provide special purpose capabilities as opposed to general purpose computing. For example, the web server layer is specially designed and implemented by Google to only expose the capabilities required for operation of specific applications. Therefore, it is not as vulnerable to the wide range attacks that most commercial software would be susceptible to.

Google has also made modifications to core libraries for security purposes. Because the Google infrastructure is a dedicated application system rather than a general purpose computing platform, a number of the services provided by the standard Linux operating system can be limited or disabled. For example, Google engineers have made significant updates to GNU Linux libraries and systems including ssh, python, initscripts, fsck and libc among others. Google has developed internal log rotate systems and a specialized version of cron. These modifications focus on enhancing the capabilities of the system needed for the task at hand and disabling or removing any exploitable aspects of the system that aren’t required.

Google’s servers are also protected by multiple levels of firewalls to protect against attacks. Inbound and outbound traffic is constantly scanned to ensure no malicious attacks are enacted upon Google’s applications.

Nevertheless, in the past serious vulnerabilities were exposed in Google products – some of them allowing a malicious hacker to access private user data. While Google says that data such as email “is stored in a difficult to decipher format,” a cracker will attack the weakest link. No matter how many doors Google locks, an individual user will always need to be given the key to unlock all those doors (no user wants to read difficult to decipher emails!)... and thus, hijacking the key is enough to get the data.


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!