Recently, Google released a new whitepaper that reveals the multi-layered data security strategy they use to protect cloud-hosted data.
Specifically, the company uses a six-tier approach, with hardware and physical security at the bottom, and with operational security controls sitting at the top of the stack.
Only a couple of Google employees are allowed to access the facilities where the systems are stored. In order to make sure only the authorised personnel can get in, they use several different security measures, including vehicle barriers, biometric identification, laser-based intrusion detection systems, webcams, and metal detection.
The whitepaper reveals that neither the hardware nor the software infrastructure assume any trust between any of the services running on them.
Their inter-service communication uses cryptographic technology. One step higher is the user identity and access management.
Data encryption and data deletion are two of Google’s key controls for protecting consumer data.
Google goes to great lengths to ensure that any decommissioned storage systems are free of consumer data or any other data that might be considered sensitive. They use multi-step processes to ensure this is the case. Those devices that fail the tests get shredded or otherwise destroyed on premise.
On the operational level, Google takes advantage of intrusion detection technology. On the software side of things, they use software libraries which have been designed to prevent developers from creating certain, existing classes of security flaws.
Apart from that, the company also makes significant investments in vulnerability research and discovering zero-day bugs.