Monday, March 10, 2008
As many of you know, we spend a lot of time around here thinking about new products to help you run your life more efficiently, whether that’s organizing email in a better way, sharing pictures with friends, or collaborating in real time on documents. What you may not know is that we also spend a lot of time thinking about the security that goes into those products, and more specifically the ways we can protect you and your private information.
While the chances are that you'll never have a security problem, we take security very seriously, and that's why we have some of the best engineers in the world working here to secure information. Much of their work is confidential, but we do want to share some of the ways we're protecting your data. There are a few things you should know about how we handle confidential information:
- Philosophy: First is our philosophy. At Google, security is a continuous process. We don't just "check" a product for security before we launch it -- we are thinking about security before the product is even created, and we are building it in throughout the product's development. Also critical is our belief in layered protection. It's much like securing your house. You put your most private information in a safe. You secure the safe in your house, which is protected with locks and possibly an alarm system. And then you have the neighborhood watch program or the local police monitoring your neighborhood. It's very similar at Google. Our most sensitive information is difficult to find or access (the safe). Our network and facilities (the house) are protected in both high- and low-tech ways: encryption, alarms, and other technology for our systems, and strong physical security at our facilities. And finally, we've learned that when security is done right, it's done best as a community (the neighborhood); we encourage everyone to help us identify potential problems and solutions. Researchers who work at security and technology companies all over the world are constantly looking for security problems on the Internet, and we work closely with that community to find and fix potential problems.
- Technology: These layers of protection are built on the best security technology in the world. While we employ products developed by others in the security community, we build a lot of our security technology ourselves. Some of the most innovative components of our security architecture focus on automation and scale. These are important to us because we're handling searches, emails, and other activities for millions of users every day. To keep our security processes a step ahead, we automate the way we test our software for possible security vulnerabilities and the way we monitor for possible security attacks. We're also constantly seeking more ways to use encryption and other technical measures to protect your data, while still maintaining a great user experience.
- Process: In addition to technology, we have a set of processes that dictate how we secure confidential information at Google and who can access it. We carefully manage access to confidential information of any sort, and very few Googlers have access to what we consider very sensitive data. This is in no small part because there's very little reason for us to provide that access -- most of our processes are automated, and don't require much human intervention. Of course, the limited number of people who are granted access to sensitive data must have special approval. And while we hold ourselves to a very high standard, we also work to ensure that our processes meet (and in many cases exceed) industry standards. These include audits for Sarbanes-Oxley, SAS 70, PCI (payment card industry) compliance, and more. By working with independent auditors, who evaluate compliance with standards that hold hundreds of different companies to very rigorous requirements, we add another layer of checks and balances to our security processes.
- People: The most important part of our approach to security is our people. Google employs some of the best and brightest security engineers in the world. Many of our engineers came from very high-profile security environments, such as banks, credit card companies, and high-volume retail organizations, and a large number of them hold PhDs and patents in security and software engineering. As you can imagine, our engineers are smart and curious and are on the lookout for security anomalies and best practices in the industry. Our engineers have published hundreds of academic papers on technically detailed topics such as drive-by downloads that install malware (PDF file) or hostile virtualized environments. (You can find some of these papers here.) What's more, we cultivate a collaborative approach to security among all of our engineers, requiring everyone to pass a coding style review (which enables us to control the type of code used here and how it's used in order to prevent software problems) and ensuring that all code at Google is reviewed by multiple engineers so that it meets our software and security standards.