Google Applications

When other tools aren't available, many employees simply use a variety of Google apps to satisfy their need to collaborate with peers, customers, and other business partners. In some cases, management actually authorizes the use of easily-accessible programs like Google messaging, Google Docs, Gmail, and Google Calendar because these programs are seen as useful, free resources that solve a legitimate business need. At other times, frustrated employees turn to these familiar apps out of frustration. Every business owner should examine this practice to decide if these cloud-based technologies provide enough security to safeguard their company’s sensitive electronic resources.

Although using these Google apps actually means that company resources are stored on non-proprietary servers in the “cloud,” Google assures everyone that the data is both safe and secure. In fact, this Internet giant uses a multi-disciplined approach to safeguard all data stored on their servers whether it is personal or business in nature. Here are the primary methods used by Google to accomplish this goal:

 

Corporate Policies

Google’s commitment to information security is documented in a detailed set of corporate policies that each employee must read and agree to follow. The corporate security policy is reviewed and updated on a regular basis. Employees are also educated frequently on best-practice security procedures for the Tech Industry as a whole.

Organizational Security

Google has hired a team of leading experts in the fields of information, network, and application security to make sure each and every security policy is followed and that all facets of the infrastructure include state-of-the-art security features. This team monitors all Google networks for suspicious activity to quickly recognize and correct any security threats. Google also performs internal audits as an additional safety point and has a highly-trained team of physical security experts to keep all Google facilities safe from physical intrusions.

Asset Control

Google uses a widely-distributed network of servers to ensure that no single machine is a point of failure or a dedicated storage device for all the information owned by a single account or enterprise. All requests for access are verified, authenticated, and authorized to ensure each one is valid even within Google’s own network. Access to the production environment by Google staff to perform maintenance tasks is always controlled by secure shell authenticated connections. Google uses a three-phased approach to media disposal to ensure data is completely eliminated.

Personnel Security

All Google job candidates are subjected to an extensive background check in addition to signing a confidentiality agreement prior to officially becoming a Google employee. Every employee is given security training relative to their position in the company.

Physical Security

Google is composed of many different physical locations so that a single breach wouldn’t compromise the entire organization. Each building is safeguarded with a variety of different security measures depending on its location and the area’s perceived risk. These measures may include alarm systems, security cameras, software systems, and security guards. All facilities are restricted to authorized employees, visitors, and third-party agents.

Operational Security

Google takes every step possible to prevent malware from infecting its user’s computer systems. This involves both automated and manual monitoring as well as blacklisting. Google employs several teams including vulnerability management, incident management, network security, and operating system security to ensure a safe infrastructure for both Google employees and Google users.

Controlled Access

Every Google employee is required to use a unique user ID to access the system. This ID is used to track their activities and to control their access. Google requires the highest level of password strength and immediately disables each account when an employee leaves the company.

Systems Development

Google evaluates the security impact of every new system in addition to modifications to existing applications. A dedicated security team reviews each change and implementation plan to ensure that all security policies are followed. Software developers are trained to follow the latest security measures, and the security team is available for consultations if any questions or problems arise during the development process.

Disaster Recovery

Through data replication, regular backups, and geographical diversity, Google has minimized the chances of any wide-spread outages due to a localized event. The company also has a continuity plan in place for its Mountain View, CA headquarters to cover any major disaster in that area.

Compliance with Regulations

Google follows all privacy regulations when faced with third-party requests for data access. The Google Legal Team thoroughly evaluates each request to ensure it’s valid before releasing the information. Except for legal requirements and emergencies, the owner of the data is notified. Google has developed a strong privacy policy and has passed a SAS 70 external security audit.

Although Google has implemented a well-rounded set of security precautions to safeguard user data, there is always some level of risk when corporate data is stored on non-corporate servers. While this risk may not be acceptable for mission-critical data, the level of security may be sufficient for non-confidential communications in exchange for the cost savings of free applications.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>