Google Cloud Platform
Oppolis has chosen Google Cloud Platform to host and secure its software applications.
Used by over five million organizations across the globe, from large enterprises (including 64 percent of the Fortune 500) and retailers with hundreds of thousands of users to fast-growing startups, Cloud Platform includes offerings in compute, storage, networking and big data and has the security and scalability to serve our meticulous requirements.
Oppolis Software utilises global Google servers that are based in the US, UK and EU. This is to comply with GDPR and regional data processing regulations, whilst also ensuring a faster software delivery service.
Oppolis can use Google Cloud Platform’s global flexibility to easily expand its server network as and when required.
Google Security Team
All Google employees undergo security training as part of the orientation process and receive ongoing security training throughout their Google careers.
Google employs more than 500 full-time security and privacy professionals, who are part of its software engineering and operations division. The team includes some of the world’s foremost security experts and is tasked with maintaining the company’s defense systems, developing security review processes, building security infrastructure and implementing Google’s security policies.
Google’s dedicated security team actively scans for security threats using commercial and custom tools, penetration tests, quality assurance (QA) measures and software security reviews.
Within Google, members of the information security team review security plans for all networks, systems and services. They provide project-specific consulting services to Google’s product and engineering teams.
They monitor for suspicious activity on Google’s networks, address information security threats, perform routine security evaluations and audits, and engage outside experts to conduct regular security assessments. They specifically built a full-time team, known as Project Zero, that aims to prevent targeted attacks by reporting bugs to software vendors and filing them in an external database.
Google has a dedicated internal audit team that reviews compliance with security laws and regulations around the world. As new auditing standards are created, the internal audit team determines what controls, processes, and systems are needed to meet them. This team facilitates and supports independent audits and assessments by third parties.
Google administrates a vulnerability management process that actively scans for security threats using a combination of commercially available and purpose-built in-house tools, intensive automated and manual penetration efforts, quality assurance processes, software security reviews and external audits.
An effective malware attack can lead to account compromise, data theft, and possibly additional access to a network. Google uses a variety of methods to prevent, detect and eradicate malware and its strategy begins with infection prevention by using manual and automated scanners to scour Google’s search index for websites that may be vehicles for malware or phishing.
Google’s Safe Browsing technology examines billions of URLs per day looking for unsafe websites and it also makes use of multiple antivirus engines in Gmail, Drive, servers and workstations to help identify malware that may be missed by antivirus signatures.
Google’s security monitoring program is focused on information gathered from internal network traffic, employee actions on systems and outside knowledge of vulnerabilities. At many points across its global network, internal traffic is inspected for suspicious behavior, such as the presence of traffic that might indicate botnet connections. This analysis is performed using a combination of open-source and commercial tools for traffic capture and parsing.
Automated network analysis helps determine when an unknown threat may exist and escalates to Google security staff, and network analysis is supplemented by automated analysis of system logs.
Google has a rigorous incident management process for security events that may affect the confidentiality, integrity, or availability of systems or data.
If an incident occurs, the security team logs and prioritizes it according to its severity. Events that directly impact customers are assigned the highest priority. This process specifies courses of action, procedures for notification, escalation, mitigation, and documentation. Google’s security incident management program is structured around the NIST guidance on handling incidents (NIST SP 800–61).
Key staff are trained in forensics and handling evidence in preparation for an event, including the use of third-party and proprietary tools. Testing of incident response plans is performed for key areas, such as systems that store sensitive customer information. These tests take into consideration a variety of scenarios, including insider threats and software vulnerabilities.
To help ensure the swift resolution of security incidents, the Google security team is available 24/7 to all employees. If an incident involves customer data, Google or its partners will inform us and support investigative efforts via its support team.
State-of-the-art Data Centers
Google data center physical security features a layered security model, including safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics, and the data center floor features laser beam intrusion detection.
The data centers are monitored 24/7 by high-resolution interior and exterior cameras that can detect and track intruders. Access logs, activity records, and camera footage are available in case an incident occurs. Data centers are also routinely patrolled by experienced security guards who have undergone rigorous background checks and training.
As you get closer to the data center floor, security measures also increase. Access to the data center floor is only possible via a security corridor which implements multi-factor access control using security badges and biometrics. Only approved employees with specific roles may enter. Less than one percent of Googlers will ever set foot in one of our data centers.
Powering the Data CentersTo keep things running 24/7 and ensure uninterrupted services, Google’s data centers feature redundant power systems and environmental controls. Every critical component has a primary and alternate power source, each with equal power.
Diesel engine backup generators can provide enough emergency electrical power to run each data center at full capacity. Cooling systems maintain a constant operating temperature for servers and other hardware, reducing the risk of service outages.
Google reduces environmental impact of running its data centers by designing and building its own facilities. It installs smart temperature controls, uses “free-cooling” techniques like using outside air or reused water for cooling, and redesigns how power is distributed to reduce unnecessary energy loss. To gauge improvements, Google calculates the performance of each facility using comprehensive efficiency measurements.
It is the first major Internet services company to gain external certification of its high environmental, workplace safety and energy management standards throughout its data centers. Specifically, Google received voluntary ISO 14001, OHSAS 18001 and ISO 50001 certifications.
Custom Hardware and Software
Google’s data centers house energy-efficient custom, purpose-built servers and network equipment that it designs and manufactures itself. Unlike much commercially available hardware, Google servers don’t include unnecessary components such as video cards, chipsets, or peripheral connectors, which can introduce vulnerabilities.
Its production servers run a custom-designed operating system (OS) based on a stripped-down and hardened version of Linux. Google’s servers and their OS are designed for the sole purpose of providing Google services. Server resources are dynamically allocated, allowing for flexibility in growth and the ability to adapt quickly and efficiently, adding or reallocating resources based on customer demand.
Hardware Tracking and Disposal
Google meticulously tracks the location and status of all equipment within its data centers from acquisition to installation to retirement to destruction, via bar codes and asset tags.
Metal detectors and video surveillance are implemented to help make sure no equipment leaves the data center floor without authorization.
If a component fails to pass a performance test at any point during its lifecycle, it is removed from inventory and retired. Google hard drives leverage technologies like FDE (full disk encryption) and drive locking, to protect data at rest. When a hard drive is retired, authorized individuals verify that the disk is erased by writing zeros to the drive and performing a multiple-step verification process to ensure the drive contains no data. If the drive cannot be erased for any reason, it is stored securely until it can be physically destroyed.
Physical destruction of disks is a multistage process beginning with a crusher that deforms the drive, followed by a shredder that breaks the drive into small pieces, which are then recycled at a secure facility. Each data center adheres to a strict disposal policy and any variances are immediately addressed.
A Global Network with Unique Security Benefits
Google’s IP data network consists of its own fiber, public fiber, and undersea cables. This allows it to deliver highly available and low latency services across the globe.
In other cloud services and on-premises solutions, customer data must make several journeys between devices, known as “hops,” across the public Internet.
The number of hops depends on the distance between the customer’s ISP and the solution’s data center. Each additional hop introduces a new opportunity for data to be attacked or intercepted. Because it’s linked to most ISPs in the world, Google’s global network improves the security of data in transit by limiting hops across the public Internet.
Defense in depth describes the multiple layers of defense that protect Google’s network from external attacks. Only authorized services and protocols that meet its security requirements are allowed to traverse it; anything else is automatically dropped. Industry-standard firewalls and access control lists (ACLs) are used to enforce network segregation. All traffic is routed through custom GFE (Google Front End) servers to detect and stop malicious requests and Distributed Denial of Service (DDoS) attacks.
Additionally, GFE servers are only allowed to communicate with a controlled list of servers internally; this “default deny” configuration prevents GFE servers from accessing unintended resources. Logs are routinely examined to reveal any exploitation of programming errors. Access to networked devices is restricted to authorized personnel.
Securing Data in Transit
Data is most vulnerable to unauthorized access as it travels across the Internet or within networks. For this reason, securing data in transit is a high priority for Google. Data traveling between a customer’s device and Google is encrypted using HTTPS/TLS (Transport Layer Security). In fact, Google was the first major cloud provider to enable HTTPS/TLS by default. When sending to or receiving email from a non-Google user, all links of the chain (device, browser, provider of the email service) have to be strong and work together to make encryption work.
Google has also upgraded all its RSA certificates to 2048-bit keys, making its encryption in transit for Cloud Platform and all other Google services even stronger. Perfect forward secrecy (PFS) minimizes the impact of a compromised key, or a cryptographic breakthrough. It protects network data by using a short- term key that lasts only a couple of days and is only held in memory, rather than a key that’s used for years and kept on durable storage. Google encrypts Cloud Platform data as it moves between its data centers on its private network.
Low Latency and Highly Available Solution
Google designs the components of its platform to be highly redundant. This redundancy applies to its server design, how it stores data, network and Internet connectivity, and the software services themselves. This “redundancy of everything” includes the handling of errors by design and creates a solution that is not dependent on a single server, data center, or network connection.
Google’s data centers are geographically distributed to minimize the effects of regional disruptions on global products such as natural disasters and local outages. In the event of hardware, software, or network failure, platform services and control planes are automatically and instantly shifted from one facility to another so that platform services can continue without interruption.
Google’s highly redundant infrastructure also helps us protect ourselves from data loss. Cloud Platform resources can be created and deployed across multiple regions and zones, allowing GoProof to build resilient and highly available systems.
Its highly redundant design has allowed Google to achieve an uptime of 99.984% for Gmail for the last years with no scheduled downtime. Simply put, when Google needs to service or upgrade its platform, users do not experience downtime or maintenance windows.
Some of Google’s services may not be available in some jurisdictions. Often these interruptions are temporary due to network outages, but others are permanent due to government-mandated blocks. Google’s Transparency Report also shows recent and ongoing disruptions of traffic to Google products. It provides this data to help the public analyze and understand the availability of online information.
Data Usage Philosophy
Cloud Platform customers own their data, not Google. Google does not scan it for advertisements nor sell it to third parties.
Google offers its customers a detailed data processing amendment that describes our commitment to protecting customer data. It states that Google will not process data for any purpose other than to fulfill its contractual obligations. Furthermore, if customers delete their data, it commits to deleting it from its systems within 180 days.
Finally, Google provides tools that make it easy for customers to take their data with them if they choose to stop using its services, without penalty or additional cost imposed by Google.
Administrative Data Access
Only a small group of Google employees have access to customer data. For Google employees, access rights and levels are based on their job function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities.
Support services are only provided to authorized customer administrators whose identities have been verified in several ways. Google access is monitored and audited by our dedicated security, privacy, and internal audit teams.
Within customer organizations, administrative roles and privileges for Google Cloud Platform are configured and controlled by the project owner. This means that individual team members can manage certain services or perform specific administrative functions without gaining access to all settings and data.
Law Enforcement Data Requests
The customer, as the data owner, is primarily responsible for responding to law enforcement data requests; however, like other technology and communications companies, Google may receive direct requests from governments and courts around the world about how a person has used the company’s services.
It takes measures to protect customers’ privacy and limit excessive requests while also meeting its legal obligations. Respect for the privacy and security of data we store with Google remains its priority as it complies with these legal requests. When it receives such a request, Google’s team reviews the request to make sure it satisfies legal requirements and Google’s policies. Generally speaking, for it to comply, the request must be made in writing, signed by an authorized official of the requesting agency and issued under an appropriate law. If it believes a request is overly broad, it’ll seek to narrow it, and it pushes back often and when necessary.
Google directly conducts virtually all data processing activities to provide its services. However, Google may engage some third-party suppliers to provide services related to Cloud Platform, including customer and technical support.
Prior to onboarding third-party suppliers, Google conducts an assessment of the security and privacy practices of third-party suppliers to ensure they provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide.
Once Google has assessed the risks presented by the third-party supplier, the supplier is required to enter into appropriate security, confidentiality, and privacy contract terms.
The Google content above is extracted from the publicly available Google Cloud Platform Security White Paper.