A central part of a comprehensive security strategy is encryption technology, which helps prevent information from being accessed in the event that it falls into the wrong hands. In this section, we will describe Google’s approach to encryption and how it keeps your sensitive information safe.
Encryption works by replacing data with unreadable code known as ciphertext. To decrypt the ciphertext back into its original form, you need to employ the key used in the encryption algorithm. Attackers who want to circumvent encryption will typically try to steal the keys or exploit flaws in the encryption algorithms and their implementation. Encryption strength depends on a number of factors, such as how keys are created, managed and secured. It also depends on the algorithm used and the key size for that algorithm.
As computers get better and faster, it becomes easier to perform the complicated mathematical computations needed to break encryption. Even the mathematics behind this process — known as cryptanalysis — can improve over time, making it easier to break encryption. To keep pace with this evolution, Google has a team of world-class security engineers tasked with following, developing and improving encryption technology. The engineers take part in standardization processes and in maintaining widely used encryption software such as OpenSSL.
Encryption is an important piece of our security strategy, helping to protect your data on our products. We encrypt all data while it is “in transit” — traveling over the Internet and across the network between data centers. Should an attacker intercept such transmissions, they will only be able to capture encrypted data
Google administrates a vulnerability management process that actively scans for security threats using a combination of commercially available and purpose-built in-house tools, intensive automated and manual penetration efforts, quality assurance processes, software security reviews and external audits. The vulnerability management team is responsible for tracking and following up on vulnerabilities.
An effective malware attack can lead to account compromise, data theft, and possibly additional access to a network. Google takes these threats to its networks and its customers very seriously and uses a variety of methods to prevent, detect and eradicate malware. Google helps tens of millions of people every day to protect themselves from harm by showing warnings to users of Google Chrome, Mozilla Firefox and Apple Safari when they attempt to navigate to websites that would steal their personal information or install software designed to take over their computers. Malware sites or email attachments install malicious software on users’ machines to steal private information, perform identity theft, or attack other computers. When people visit these sites, software that takes over their computer is downloaded without their knowledge.
Google’s security monitoring program is focused on information gathered from internal network traffic, employee actions on systems and outside knowledge of vulnerabilities. At many points across our global network, internal traffic is inspected for suspicious behavior, such as the presence of traffic that might indicate botnet connections. This analysis is performed using a combination of open-source and commercial tools for traffic capture and parsing. A proprietary correlation system built on top of Google technology also supports this analysis. Network analysis is supplemented
by examining system logs to identify unusual behavior, such as attempted access of customer data. Google security engineers place standing search alerts on public data repositories to look for security incidents that might affect the company’s infrastructure. They actively review inbound security reports and monitor public mailing lists, blog posts, and wikis. Automated network analysis helps determine when an unknown threat may exist and escalates to Google security staff, and network analysis is supplemented by automated analysis of system logs.
Google Cloud Storage is designed for 99.999999999% durability and has 4 different types of storage: Coldline storage, nearline, regional storage, and multi-regional storage. It stores data redundantly, with automatic checksums to ensure data integrity. The beauty of multi-regional storage is that it is also geo-redundant, which means cloud storage stores your data redundantly in at least two regions within the multi-regional location of the bucket. As it pertains to Google Cloud hosting, this ensures you will never lose your data, even in the case of a disaster.