On January 10, 2017, Google updated and released the Google security white paper, which is applicable to the Google cloud platform products described in cloud.google.com. E security hereby presents the Chinese translation of the full text of the white paper. If there are any mistakes or omissions in the following translation, please contact us for rewards.

content validity

Traditional enterprises have begun to see public cloud more and more as an ideal solution to save costs or increase the capacity of their own data centers. However, enterprises currently focus on security issues when choosing public cloud, and have realized that cloud service providers can invest more manpower and processes to deliver a more secure infrastructure system.

As one of the pioneers of cloud computing, Google fully understands the security risks in the cloud model. Our cloud services are designed to provide enterprise customers with a better level of security than traditional internal solutions. We consider security as a priority, and because Google uses the same infrastructure to run its own business, as a customer you will be able to benefit directly from these protections. Because of this, we pay high attention to security issues, and fully consider data protection requirements in the core design standards. Security runs through our entire organizational structure, training focus and recruitment process. Security even directly shapes our data center and the specific technologies used in it. Security is at the heart of our day-to-day operations and disaster planning efforts, including coaching us on how to deal with potential threats. Security is the foundation of our priority judgment when dealing with customer data. It is also the cornerstone of our account control, compliance audit and certification for customers.

This white paper outlines Google's security and Compliance Assurance Solutions for Google cloud platform, our public cloud products and service suite. This platform has been adopted by all kinds of organizations around the world. From large enterprises and retailers with thousands of users to start-ups with rapid growth, cloud platform provides them with various resources such as computing, storage, network and big data. This white paper focuses on how Google can achieve security control at the organizational and technical levels to protect customer data. For details on compliance and compliance with regulatory requirements, you can click here to see another document.

Google has a strong security culture

Google has built a vibrant and inclusive security culture for all its employees. The influence of this culture has penetrated into the recruitment process, employee recruitment, current employee training and the overall activities of the enterprise in an obvious way.

Employee background survey

Before officially joining our team, Google will first verify the personal education background and previous work experience of the candidates, and conduct internal and external reference surveys. Google can also conduct criminal, credit, immigration and security background checks on candidates, if permitted by local labor laws or regulations. The extent of these background checks depends on the candidate's expected position.

Safety training for all employees

All Google employees must receive security training as an important part of the coaching process and receive continuous security training throughout Google's tenure. During the induction period, new employees need to agree with our code of conduct, which emphasizes our commitment to provide safe and reliable guarantee for customer information. Depending on the functional direction, employees may need to receive additional training in relation to specific directions in the area of safety. (WeChat official account E security), for example, the information security team will teach new engineers professional knowledge of safety encoding practice, product design and automated vulnerability testing tools. Engineers also need to participate in various security related thematic technology demonstrations, and understand new threats, attack modes, response technologies and other communication security trends.

Internal security and privacy events

Google regularly holds internal meetings open to all employees, aiming to improve employees' awareness of security and data privacy, and promote innovative activities. Security and privacy are a constantly changing field, and Google realizes that the participation of professional employees is an important means to enhance security awareness. Take "privacy week" as an example. During this period, Google will hold activities in various offices around the world to strengthen staff's security awareness based on software development, data processing, policy implementation and privacy principles. Google also holds "technical lectures" on a regular basis, often on topics related to security and privacy.

Our special safety team

Google has more than 500 full-time security and privacy professionals who are also an important part of our software engineering and operations departments. Our team includes a group of world-renowned information, application and network security experts. The team's mission is to maintain Google Corporation's defense system, develop a security review process, establish a security infrastructure and implement Google's security strategy. Google's special security team will take the initiative to scan all kinds of security threats using commercial and customized tools, penetration testing, quality assurance (QA) measures and software security review.

Within Google, members of the information security team conduct security planning reviews for all networks, systems and services. They provide project specific consulting services to Google's product and engineering team. They are based on Google network to monitor abnormal activities, solve information security threats, perform routine security assessment and audit, and encourage external experts to participate in routine security assessment. In July 2014, we set up a full-time team named "Project Zero", which is responsible for reporting bugs to software suppliers and recording relevant information in an external database to avoid targeted attacks.

The security team is also involved in various research and outreach activities to help protect a wide range of Internet users who choose or do not choose Google solutions. The relevant examples of this research work include the detection of malicious exploitation activities of Poole SSL 3.0 and cipher suite vulnerabilities. The security team also publishes various security research reports, which are open to the public directly. The team will also organize and participate in various open source projects and academic conferences.

Our dedicated privacy team

Google's privacy team operates independently of the product development and security organization, but it also participates in the release of Google's products in a variety of ways - including reviewing design documents and performing code reviews to ensure that privacy protection requirements are met. They help ensure that Google's products accurately reflect clear privacy standards: provide users and administrators with meaningful privacy configuration options, and use them to transfer user data sets, while continuing to manage all kinds of information stored on our platform well. After the launch, the privacy team monitors automated processes used to audit data traffic to verify data usage. In addition, the privacy team will provide privacy level best practice guidance and support for the development of various emerging technologies.

Internal audit and compliance specialist

Google has a dedicated internal audit team dedicated to compliance review based on security laws and regulatory requirements around the world. After the new audit standards are introduced, the internal audit team will consider what controls, processes and systems are needed to meet the specific requirements of the standards. The team is also willing to invite and support independent audit and evaluation work initiated by a third party.

Collaboration with security research community

Google has been working closely with the security research community for a long time, and with its help, we have found a large number of security vulnerabilities in cloud platforms and other Google products. Our security vulnerability reward program encourages researchers to report design and implementation issues that could put customer data at risk, and provides tens of thousands of dollars for such results. Take chrome as an example, we have been providing users with all kinds of warnings related to malware and phishing activities, and distributing bonuses to the researchers who found the bugs.

Thanks to our close cooperation with the research community, we have been able to successfully discover more than 700 Chrome browser security bugs, and have successively issued more than $1.25 million in bonuses - while the overall bonus spending of Google's various security vulnerability incentive programs has exceeded $2 million. Here, we sincerely thank all participants and their outstanding contributions to our products and services.

Operational safety

Security is a regular part of our operations, not just a matter of hindsight or chance.

Security vulnerability management

Google uses a complete set of security vulnerability management process, a variety of commercial and customized internal tools, high-density automatic and manual penetration, quality assurance process, software security review and external audit to actively scan for security threats. The security vulnerability management team is responsible for tracking and monitoring the progress of vulnerability handling. Once a vulnerability is determined to need to be handled, it is recorded and prioritized according to the severity, and assigned to an owner for processing. The security vulnerability management team will track the issue and continue to follow up until it is confirmed that the issue itself has been fixed. Google also maintains a partnership with members of the security research community to continuously communicate security issues reported in Google services and various open source tools. For more details about security issues, please refer to the Google App security documentation.

Malware prevention

Once the malicious attack is successfully implemented, it is likely to cause serious consequences such as account loss, data theft and illegal network access. Google attaches great importance to these threats that may invade its own network and customers, and adopts various methods to prevent, detect and clean up malware. Google uses warnings in chrome, Mozilla Firefox and Apple's Safari browser to help millions of users avoid security threats every day, that is, to help them prevent malicious websites that may cause software downloads that may cause computer intrusion or may cause user data theft in a timely manner. Malware sites or email attachments can steal privacy information, perform identity theft or attack other computers by installing malware on user devices. When people visit these sites, malicious software will be quietly downloaded to the local. Google's malware response strategy uses manual and automatic scanning tools to clean up Google's website search directory, aiming to remove those websites that may belong to malware or phishing activity carriers. About one billion people around the world regularly use Google's safe browsing feature to view Internet content. (WeChat official account E security) Google Corporation's security browsing technology checks billions of URL daily and searches for non secure websites. Every day, we will find thousands of new unsafe sites, a considerable part of which belong to the legitimate websites that have been invaded. When detecting unsafe sites, we will display warning prompts in Google search results and web browsers. In addition to secure browsing solutions, Google also provides a free online service, VirusTotal, which is responsible for analyzing files and URLs containing viruses, worms, Trojans and other types of malicious content found by anti-virus engines and website scanning tools. VirusTotal's mission is to help improve the work results of the anti-virus and security industry, and at the same time, to effectively improve the overall security of the Internet through the continuous development of free tools and services.

Google uses a variety of anti-virus engines in Gmail, drive and various servers and workstations to help users find malware that may not have been included in the anti-virus signature library.

Monitoring mechanism

Google's security monitoring program focuses on specific information collected from internal network traffic, employee system operation activities and external security vulnerability knowledge. On multiple nodes of our global network, internal traffic will be checked to find suspicious behaviors, such as traffic that may be related to botnet connections. This analysis mechanism uses two kinds of traffic capture and analysis tools, open source and commercial. Google has a set of special related systems, with a series of Google technical solutions to support the above analysis process. In addition, Google will check the system log to find abnormal behaviors (such as trying to access customer data), and use this as a supplementary protection method. Google's security engineers will introduce search alerts on public data repositories to detect security incidents that could impact Google's infrastructure. They actively review immigration security reports and monitor public mailing lists, blogs and Wikipedia. The mechanism of automatic network analysis and the analysis of Google's security officer help to determine the potential unknown threats, while the automatic analysis of system logs is a powerful supplement to network analysis.

Event management

We have a set of strict security event management process for all kinds of security events that may affect the confidentiality, integrity and availability of the system or data. Once related events occur, the security team will record and prioritize the events according to their severity. Events that directly affect the customer are considered top priority situations. The whole process specifies the notification, step-by-step processing, mitigation and documentation procedures. Google's security incident management plan is structured based on NIST's incident handling guidelines (NIST sp 800-61). Key employees are trained to predict and deal with possible situations in such safety incidents, including the use of third-party and various special tools. Google tests event response planning in a number of key areas, including systems for storing sensitive customer information. These tests take into account a variety of practical scenarios, including insider threats and software security vulnerabilities. To ensure flexible handling of security incidents, Google's security team is on call 24 / 7 and can respond to any employee's request for assistance at any time. If the security incident involves customer data, Google or its partners will notify the customer in a timely manner and conduct the investigation through the support team.

Safety core technology plan

Google cloud platform runs on a set of technical platform that fully considers the security requirements in the design, design and construction. Google is very innovative in hardware, software, network and system management technology. We design our own servers, proprietary operating systems and geographically distributed data centers in a customized way. Based on the principle of "defense in depth", we have established a set of IT infrastructure which is far beyond the traditional technical solutions in terms of security and management ease.

Industry leading data center

Google has always made data security and protection an integral part of our core design standards. The physical security of Google data center is realized by a set of layered security mode, including various security measures such as customized electronic access card, alarm, vehicle access barrier, surrounding fence, metal detector, biometric technology and laser beam intrusion detection mechanism in the data center. Our data center uses high-resolution internal and external cameras for 24 / 7 all-weather monitoring, which can detect and track the whereabouts of intruders in a timely manner. Access logs, activity records, and cameras are able to record the entire process in the event of a security event. Google data center is also equipped with a large number of security personnel who have undergone strict background checks and training, and they will patrol the infrastructure regularly. The closer to the data center floor, the higher the number and level of security measures. The only access to the internal data center is a secure corridor with a multi factor access control system using security badges and biometrics, which means that only authorized specific staff can access. Within Google, less than one percent of employees have access to our data center.

Data center power supply mechanism

In order to ensure 24 / 7 continuous operation of all services, Google data center adopts redundant power supply system and environmental control scheme. Each key component is equipped with two sets of main and standby power supply systems, which can provide the same power supply. (E, the official account of the security micro channel) our standby diesel generator can provide sufficient emergency power to ensure that the data center can still operate at full capacity when power failure occurs. The cooling system can ensure that the server and other hardware are always at the ideal constant operating temperature, thus reducing the risk of service interruption. Fire detection and fire fighting equipment helps to prevent hardware damage. After the heat, fire and smoke detectors are triggered, the affected area will be reported to the management personnel through the safe operation console, and the alarm will be given in the way of sound and light on the remote monitoring console.

Impact on surrounding environment

Google reduces the impact of data center operation on the surrounding environment through careful design and construction of facilities. We have an intelligent temperature control system, using "natural cooling" technology to cool with external air or reusable water resources, and redesigning the power distribution to minimize unnecessary energy loss. In order to quantify the improvement effect, we use comprehensive efficiency indicators to measure and calculate the performance of each set of cultural relics. We are the first large-scale Internet service enterprise to introduce external certification of main level environment, workplace security and energy management standards in the data center. Specifically, we are ISO 14001, OHSAS 18001 and ISO 50001 certified. In short, these standards establish a very simple concept: express what we are going to do, then do it - and then repeat the improvement process.

Customized server hardware and software

Unlike most existing commercial hardware, Google's servers do not contain unnecessary components such as graphics cards, chipsets or peripheral connectors that may introduce security vulnerabilities. Our production servers run a customized operating system based on a streamlined and enhanced version of Linux. The only function of Google server and its operating system is to provide corresponding Google services. Each server resource is distributed dynamically, which enables it to adapt to specific load requirements quickly and flexibly, or reallocate resources according to customer needs. This uniform operating environment is maintained by proprietary software that continuously monitors fundamental changes in the system. If some changes are found to conflict with the standard Google image, the system will automatically restore it to its official state. These automatic self-healing mechanisms are introduced to enable Google to continuously monitor and repair unstable events, receive event notifications and mitigate potential malicious network activities.

Hardware tracking and processing

Google carefully tracks the location and status of all devices in the data center, and the entire monitoring process uses barcode and asset tag to cover the entire cycle from purchase to installation, from return to destruction. We use metal detectors and video surveillance devices in our infrastructure to ensure that no unauthorized equipment is shipped out. If a component fails a performance test in its normal life cycle, it will be removed from inventory and cleared. Google's disk drive uses FDE (full encryption) and drive locking technologies to protect idle data. When a disk drive is backed off, the authorized staff will verify whether the disk has been cleared by writing "0" to the whole disk, and perform multi-step verification to ensure that it no longer contains any data. If the contents of the drive cannot be erased for any reason, Google will store it securely until it can physically destroy the drive itself. The physical destruction of the disk is carried out in many steps. First, the drive is crushed, then it is broken into small pieces by using the crushing equipment, and finally it is recycled in the security facilities. Each data center adheres to strict processing policies and will immediately solve any problems in the implementation process.

Set up a global network with unique security effects

Google's IP data network consists of our optical fiber, public optical fiber and submarine cable. This enables us to provide high availability and low latency services globally.

In other cloud services and internal solutions, customer data must be transferred between devices via the Internet for many times, which is called "jump". The number of jumps depends on the actual distance between the customer ISP and the solution data center. Every additional jump may cause data to be attacked or intercepted. Because of its direct connection with most ISPs in the world, Google's global network can limit the number of data jumps on the public Internet, thus improving the data security effect.

Defense in depth represents that Google's network establishes a multi-layer defense system against external attacks. Only authorized services and protocols that meet our security requirements can be allowed to traverse; any other activity will be automatically rejected. (E security micro channel official account) we use the industry standard firewall and access control list (ACL) to achieve network isolation. All traffic is detected through a customized GFE (Google front-end) router, and malicious requests and distributed denial of service (DDoS) traffic will be directly blocked. In addition, GFE server only allows the same group of internal controlled servers to communicate; this set of "default deny" configuration can prevent GFE server from accessing unnecessary resources. The log is routinely checked for programming errors at any development level. In addition, access to network devices is limited to authorized personnel.

Protect data in transit

When data is transmitted through the Internet or internal network, it is most vulnerable to unauthorized access activities. In view of this, the transmission of data security has become a top priority for Google. The data between the customer's device and Google is encrypted using HTTPS / TLS (Transport Layer Security). In fact, Google is the first mainstream cloud service provider to default to HTTPS / TLS. When sending or receiving e-mail to non Google users, all connections in the link (including devices, browsers and email service providers) must work closely together to implement this encryption mechanism. We will report the specific situation of TLS adoption in the industry on our own secure email site, and firmly believe that this is a very meaningful work. Google has upgraded all our SA certificates to 2048 bit keys, which makes our encryption system for Google cloud platform and all other Google services more perfect. Full forward secrecy (PFS). E security Encyclopedia: a key is required to access only the data protected by it; the elements used to generate the key are changed once, and no other key can be generated; a key is cracked, which does not affect the security of other keys.) It can minimize the negative impact of single key disclosure or password cracking. It uses a short-term key that lasts only a few days to protect network data, and the key always resides in memory - rather than the traditional key that exists for several years and is stored in a permanent storage medium. Google is the first major network manufacturer to use full forward secrecy by default. Google also uses encryption when cloud platform data is transmitted between data centers via private networks.

Low latency and high availability solutions

When designing the platform, Google fully considers the high redundancy requirements of each component. This redundancy runs through our overall server design, data storage mode, network and Internet connection and even software service itself. This "all redundancy" approach involves designing and creating a solution that does not rely on a single server, data center, or network connection to handle all potential errors. Google's data centers are geographically distributed so as to minimize the impact of regional (possibly caused by natural disasters and local interruptions) interruptions on global services. In case of hardware, software or network failure, the service and control panel of Google cloud platform will automatically switch between facilities immediately, so as to ensure that all services can continue to operate and use without interruption. Google's highly redundant infrastructure also helps customers protect themselves from data loss. Various resources of Google cloud platform can be created and deployed across regions and service areas. This means that customers will be able to build their own elastic and primary availability systems.

Our highly redundant design enables Google to achieve up to 99.984% of Gmail uptime in the past few years without any planned downtime. In short, when Google needs to add services or upgrade the platform, users will not encounter any unexpected downtime or maintenance windows.

Service availability

Some Google services may not be delivered properly in some jurisdictions. Most of these deficiencies are temporary interruptions caused by network problems, but some of them are permanent due to government authorization problems. Through transparency reports, Google explained its products that had been and are still in a state of interruption. We provide this data to help the public analyze and understand the actual availability of online information.

Independent third party certification

Google cloud platform provides a number of third-party authentication, please click here for details.

Data usage

Our philosophy

Google cloud platform customers have ownership of their data, which is not owned by Google. Customers only store their data on our systems, and we will not scan them or sell them to third parties for advertising purposes. We provide customers with detailed data processing process description to prove that we have fulfilled the customer data protection commitment. It states that Google will not process customer data for any purpose other than the obligations of the distribution contract. In addition, if customers delete their data, we promise to delete them from our system within 180 days. Finally, we provide tools to help customers easily access their data stored in the cloud. If they choose to stop using our service, Google will not ask for any fines or other mandatory fees.

Data access and restrictions

Administrative access

In order to ensure data privacy and security, Google will logically isolate each customer's data on the cloud platform from other customers and users, even if all parts of the data are still stored on the same physical server. Only a small number of Google employees have access to customer data. For Google employees, the access rights and levels of data are determined by their actual work functions and roles, and follow the principle of minimum rights and necessary knowledge to match their access rights and responsibilities. Google employees only have some default restricted access to corporate resources, such as email and Google's internal employee portal. Requests for other access activities need to follow a formal process, requiring the corresponding staff to submit applications and obtain the approval of the data or system owner, manager or other senior personnel according to the specified content of Google's security policy. Approval is managed by the workflow tool to ensure that all change records are retained for audit. These tools also control the authorization setting modification and approval process, so as to ensure that the approval policy is strictly followed at all times. The authorization settings of the staff are used to control their access to all resources, including the access to data and systems in various products of Google cloud platform. Support services are provided to authorized customer administrators, and their identities need to be verified in a variety of ways. Access by Google employees is monitored and audited by our dedicated security, privacy and internal audit team.

Customer administrator

Within the customer's organization, the administrative roles and permissions of Google cloud platform can be configured and controlled by the project owner. This means that team members can manage specific services or perform specific management functions without having to access all settings and data.

Law enforcement data request

As data owners, customers are primarily responsible for law enforcement data requests; however, like other technology and communications companies, Google may directly receive administrative orders from governments and courts around the world to review how a user uses Google services. We will take measures to protect our customers' privacy from excessive enforcement requirements, but at the same time, we will follow the necessary legal obligations. We attach great importance to and respect the privacy and security protection of the data stored on the Google cloud platform, and also need to meet the relevant legal requirements. When such a request is received, our team will review the content of the request to ensure that it complies with legal requirements and Google's own policies. Generally speaking, in order to meet our policy requirements, authorized personnel of authorized institutions need to sign materials in written form and submit applications to us according to the appropriate legal terms. If we are convinced that a data access request is too broad, we will try to narrow its scope of application and reject it if necessary. Google, for example, was the only search service in 2006 that refused a request from the U.S. government to submit user search records for nearly two months. We challenged this request and the court finally rejected the government's request. In some cases, the requests we receive contain all the information related to Google accounts, and we will ask our counterparts to restrict them to specific products or services. We believe that the public should know to what extent the government can access its user information through Google. That's why we became the first company to publish government data request reports on a regular basis. Details about data requests and Google's response can be found in our transparency report. In addition, according to Google's policy, unless explicitly prohibited by law and court order, we will send a notice to the customer that the government has issued a law enforcement data acquisition request.

Third party suppliers

Google directly performs almost all data processing activities and provides our services. However, Google may occasionally hire some third-party suppliers to provide services related to the cloud platform, including customers and technical support. Before the introduction of third-party suppliers, Google will evaluate the level of security and privacy it can provide, aiming to ensure that each third-party supplier can provide security and privacy guarantee commitment matching with the data and service scope it accesses. Once Google finds that there is a potential risk in the third-party supplier, the other party must promise to provide appropriate security, confidentiality and privacy protection scheme in the contract terms.

Regulatory compliance

Our customers have different compliance requirements from each other. Our customers are in various industries, including finance, pharmaceutical and manufacturing industries, etc.

You can click here to view our latest compliance information.

summary

The protection of customer data runs through the design process of all Google's infrastructure, products and personal daily operation activities. We have established a large-scale operation and cooperation relationship with the security research community, which enables Google to quickly solve all kinds of security vulnerabilities and even completely prevent them from happening.

We believe that the level of protection provided by Google is beyond the reach of most public cloud providers or private it teams. Given that protecting data is at the heart of Google's business, we are able to invest massively in security, resources and expertise that almost no other vendor can achieve. Our investment will help you focus on business and innovation. Data protection is not just about security. Google provides a strong contractual commitment to ensure that you keep your data and understand and control how it is processed, including ensuring that the data you save on the cloud platform services will not be used for purposes other than advertising or any contractual content.

For these reasons, more than 5 million organizations around the world, including 64% of the Fortune 500 companies, trust Google and are willing to leave its most valuable asset, information, to Google. Google will continue to invest in its own cloud platform to help every customer benefit from our services in a secure and transparent way.

Original address: https://cloud.google.com/security/whitepaper

E security note: This article is the exclusive compilation report of e security. Please contact the authorized person for reprint, and keep the source and link, and do not delete the content. Contact information: ① wechat Zhu Geliang ② email [email protected]

@E security, the most professional cutting-edge network security media and industrial service platform, provide quality global network security information and deep thinking every day. Welcome to WeChat official account "E security" (EAQapp), or visit E security portal website www.easyaq.com, to see more exciting content.