Why can you trust Google?
Przemek Sienkiewicz Head of Enterprise CEE, Russia & CIS
Why is Security So Tough?
Data Problem: Users want to access their data anytime, from anywhere
60%
1-out-of-10
66%
of corporate data resides unprotected on PC
desktops and laptops
laptop computers will be stolen within 12 months
of purchase
of USB thumb drive owners report losing them, over 60% with private
The Traditional Security Model is Broken
● Data often resides on unsecured end-points like laptops and USB thumb drives
● Companies support multiple operating systems, each with
many applications, and numerous security patches may
exist for each application
● Companies take an average of 25-56 days to deploy patches once available
● Companies often can't hire and retain the foremost experts in security
● Companies struggle to keep up with the latest data center and data security best-practices
Why you can trust Google? - Physical and Personnel Security
● Dozens of data centers for redundancy
● Authorized employees & vendors only
● Protections in place
○ 24/7 guard coverage
○ Electronic key access
○ Access logs
○ Closed circuit televisions
○ Alarms linked to Guards stations
○ Internal and external patrols
○ Dual utility power feeds
Why you can trust Google? - Hardware and Software
Infrastructure
● Custom built, homogeneous systems
○ Custom built hardware
○ Hardened, custom built Linux software stack
○ Quick update of all systems
● Data distribution and multi-tenant model
○ Data sharing across servers
○ No one server has full readable data for business
○ Data obfuscation on disk
● Life of Disk
○ Labeling and tracking disks
○ Erasing data, media destruction
● Files are split up and stored in multiple files on many machines
● File names are random (do not match content type or owner)
● Obfuscate data so that it is not human readable
Why you can trust Google? - Data Structure
asdfasdf fljowijf jwoieyto ghlawefij idslkjwf owefjlkas rwdfasdl taqwdefj zswefasi GFS Machine A (Netherlands) awefwoi caowefkj eaweflkja ilijawefl mlkaswd oasdfl rawwfikl xefsasdf zewfokjl GFS Machine B (Belgium) basfawe deasdflj fasdfjok hljlijawe jlkjasdfe nasdfjol poiwefjkla yzweflkja zefojasl GFS Machine C (Finland) email — user 1 email — user 2 email — user 4 email — user 3
File names are “anonymous” on filesystem Data distributed across
multiple locations Many thousands of files
Google Apps Reliability
● SLA Commitments
● Gmail availability 99.99% in 2011 ● Zero scheduled maintenance
● 32x more reliable than average on-premise email ● 46x more reliable then MS Exchange
Downtime (minutes)
Single Sign-on (On-Premise System Integration)
● Organization responsible for user
authentication (not Google)
● Supports VPN and Geographic
Restriction
● Integrates with on premise systems for
additional flexibility
○ Biometrics
○ User/Role based authorization logic
● Uses Industry standard SAML 2.0
2-Step Verification
● Enter verification code in addition to password when signing in, except from computers you designate as trusted
Independent Third Party Verification
● Google Apps has multiple third party audits ● All Audits cover the following:
○ Data Centers & Infrastructure ○ Applications (Google Apps) ○ Operations
Google does not own customer data
● You remain Data Controller - data is
owned by you and your end users
● You can delete or remove your data
at any time
● You decide if and with whom data is
shared
Internal Data Protection
● Software development process
● Least privilege access, VP oversight
● Background checks
● Security & privacy focused culture
External Data Protection
● Google does not sell your content or personal information
http://www.google.com/privacy
● Government transparency report
http://www.google.com/transparencyreport
● US / EU Safe Harbor certified
Google Apps Infrastructure Summary
● Encrypted access to the cloud means employees don't need to copy files to vulnerable end points
● No more patches or upgrades to keep up with
● Security of the environment is
managed 24x7 by industry-recognized experts at Google
● Infrastructure is custom-built, hardened, rapidly updatable, and redundant.
● Data is replicated, obfuscated and sharded across disks.
EU Data Protection Directive
● Regulates the processing of personal data within EU
● Member states must transpose the directive into country-specific laws
(each is slightly different)
● Each country has set up a "Data Protection Authority" which
implements the Directive
● Restricts export of personal data ● No "inadequate countries" allowed
Article 29 Working Party Guidance
● The Article 29 Data Protection Working Party was set up under the
Directive 95/46/EC of the EU Parliament regarding the protection of individuals with regards to processing personal data
● On July 1st the Working Party issued an opinion on Cloud Computing
to provide DPA's and companies guidance on Data Protection
● The Article 29 Working Party Guidance: ○ Risk Analysis
○ Third Party Audits / Transparency ○ Legal Framework Requirements ○ Data Transfers
Google Apps Vault
Google Apps Vault enables users to archive, manage and preserve Gmail and on the record chats for information governance, eDiscovery and
regulatory investigations designed to reduce costs and risks
Archiving
Messages and on-the-record chats are securely managed in-place, with no need to duplicate the data
Retention
Define retention policies to ensure business critical data is preserved and properly managed
eDiscovery
Search, identify, preserve and collect data based on custodian, content and metadata
You can trust Google because security is Part of our DNA
Leverage Google’s expertise in security
Reduce end-point vulnerability and manual patching
Get the security that protects google.com
People Process Technology
● 250+, 24x7 security team
● Some of the world’s leading
security researchers from F500 and academia
● Centralized data reduced
risk of data leakage due to lost devices
● ISO 27001 Certification
● ISAE 3402 audited
● Purpose-built stack means no
third-party security issues
● Vast automated attack detection
and repulsion
● Integrates into your security
