Highlighting a range of topics such as cloud forensics, information privacy, and standardization and security in the cloud, this multi-volume book is ideally designed for IT specialists, web designers, computer engineers, software developers, academicians, researchers, and graduate-level students interested in cloud computing concepts and security.
Authors: Management Association, Information Resources. As with an. Cyber security has become a topic of concern over the past decade as private industry, public administration, commerce, and communication have gained a greater. The internet is established in most households worldwide and used for entertainment purposes, shopping, social networking, business activities, banking, telemed.
Server resources are dynamically allocated, allowing for flexibility in growth and the ability to adapt quickly and efficiently, adding or reallocating resources based on customer demand. This homogeneous environment is maintained by proprietary software that continually monitors systems for binary modifications. If a modification is found that differs from the standard Google image, the system is automatically returned to its official state. These automated, self-healing mechanisms are designed to enable Google to monitor and remediate destabilizing events, receive notifications about incidents, and slow down potential compromise on the network.
Google meticulously tracks the location and status of all equipment within our data centers from acquisition to installation to retirement to destruction, via barcodes and asset tags. Metal detectors and video surveillance are implemented to help make sure no equipment leaves the data center floor without authorization. If a component fails to pass a performance test at any point during its lifecycle, it is removed from inventory and retired. Google hard drives leverage technologies like FDE full disk encryption and drive locking, to protect data at rest.
When a hard drive is retired, authorized individuals verify that the disk is erased by writing zeros to the drive and performing a multiple-step verification process to ensure the drive contains no data. If the drive cannot be erased for any reason, it is stored securely until it can be physically destroyed. Physical destruction of disks is a multistage process beginning with a crusher that deforms the drive, followed by a shredder that breaks the drive into small pieces, which are then recycled at a secure facility.
Each data center adheres to a strict disposal policy and any variances are immediately addressed. We outline Google's end-to-end data deletion process in our whitepaper. Google's IP data network consists of our own fiber, public fiber, and undersea cables. This allows us to deliver highly available and low latency services across the globe. In other cloud services and on-premises solutions, customer data must make several journeys between devices, known as "hops," across the public Internet.
The number of hops depends on the distance between the customer's ISP and the solution's data center. Each additional hop introduces a new opportunity for data to be attacked or intercepted. Because it's linked to most ISPs in the world, Google's global network improves the security of data in transit by limiting hops across the public Internet.
Defense in depth describes the multiple layers of defense that protect Google's network from external attacks.
Only authorized services and protocols that meet our security requirements are allowed to traverse it; anything else is automatically dropped. Industry-standard firewalls and access control lists ACLs are used to enforce network segregation.
Additionally, GFE servers are only allowed to communicate with a controlled list of servers internally; this "default deny" configuration prevents GFE servers from accessing unintended resources. Logs are routinely examined to reveal any exploitation of programming errors.
Access to networked devices is restricted to authorized personnel. Data is vulnerable to unauthorized access as it travels across the Internet or within networks. For this reason, securing data in transit is a high priority for Google. Cloud customers can take advantage of this encryption for their services running on Google Cloud Platform by using the Cloud Load Balancer. Our encryption in transit whitepaper and application layer transport security whitepaper provide more in-depth information on this topic.
Google designs the components of our platform to be highly redundant. This redundancy applies to our server design, how we store data, network and Internet connectivity, and the software services themselves.
This "redundancy of everything" includes the handling of errors by design and creates a solution that is not dependent on a single server, data center, or network connection. Google's data centers are geographically distributed to minimize the effects of regional disruptions on global products such as natural disasters and local outages.
In the event of hardware, software, or network failure, platform services and control planes are automatically and instantly shifted from one facility to another so that platform services can continue without interruption.
Google's highly redundant infrastructure also helps customers protect themselves from data loss. Google Cloud Platform resources can be created and deployed across multiple regions and zones. Allowing customers to build resilient and highly available systems.
Our highly redundant design has allowed Google to achieve an uptime of Simply put, when Google needs to service or upgrade our platform, users do not experience downtime or maintenance windows. Some of Google's services may not be available in some jurisdictions. Often these interruptions are temporary due to network outages, but others are permanent due to government-mandated blocks.
Google's Transparency Report also shows recent and ongoing disruptions of traffic to Google products. We provide this data to help the public analyze and understand the availability of online information. Google Cloud provides a number of third-party certifications, detailed here.
Google Cloud customers own their data, not Google. The data that customers put into our systems is theirs, and we do not scan it for advertisements nor sell it to third parties. We offer our customers a detailed data processing amendment for GCP and G Suite, both of which describe our commitment to protecting customer data.
It states that Google will not process data for any purpose other than to fulfill our contractual obligations. Furthermore, if customers delete their data, we commit to deleting it from our systems within days.
Finally, we provide tools that make it easy for customers to take their data with them if they choose to stop using our services, without penalty or additional cost imposed by Google. Read our Trust Principles to learn more about Google Cloud's philosophy and commitments to customers. To keep data private and secure, Google logically isolates each customer's data from that of other customers and users, even when it's stored on the same physical server.
Only a small group of Google employees have access to customer data. For Google employees, access rights and levels are based on their job function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities.
Google employees are only granted a limited set of default permissions to access company resources, such as employee email and Google's internal employee portal. Requests for additional access follow a formal process that involves a request and an approval from a data or system owner, manager, or other executives, as dictated by Google's security policies.
Approvals are managed by workflow tools that maintain audit records of all changes. These tools control both the modification of authorization settings and the approval process to ensure consistent application of the approval policies. An employee's authorization settings are used to control access to all resources, including data and systems for Google Cloud products. Support services are only provided to authorized customer administrators whose identities have been verified in several ways.
Googler access is monitored and audited by our dedicated security, privacy, and internal audit teams, and we provide audit logs to customers through Access Transparency for GCP. Within customer organizations, administrative roles and privileges for Google Cloud are configured and controlled by the project owner.
This means that individual team members can manage certain services or perform specific administrative functions without gaining access to all settings and data. The customer, as the data owner, is primarily responsible for responding to law enforcement data requests; however, like other technology and communications companies, Google may receive direct requests from governments and courts around the world about how a person has used the company's services.
We take measures to protect customers' privacy and limit excessive requests while also meeting our legal obligations. Respect for the privacy and security of data you store with Google remains our priority as we comply with these legal requests. When we receive such a request, our team reviews the request to make sure it satisfies legal requirements and Google's policies. Generally speaking, for us to comply, the request must be made in writing, signed by an authorized official of the requesting agency and issued under an appropriate law.
If we believe a request is overly broad, we'll seek to narrow it, and we push back often and when necessary. For example, in Google was the only major search company that refused a U. We objected to the subpoena, and eventually a court denied the government's request. In some cases we receive a request for all information associated with a Google account, and we may ask the requesting agency to limit it to a specific product or service. We believe the public deserves to know the full extent to which governments request user information from Google.
That's why we became the first company to start regularly publishing reports about government data requests. Detailed information about data requests and Google's response to them is available in our Transparency Report and government requests whitepaper.
It is Google's policy to notify customers about requests for their data unless specifically prohibited by law or court order. Google directly conducts virtually all data processing activities to provide our services. However, Google may engage some third-party suppliers to provide services related to Google Cloud, including customer and technical support.
Prior to onboarding third-party suppliers, Google conducts an assessment of the security and privacy practices of third-party suppliers to ensure they provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once Google has assessed the risks presented by the third-party supplier, the supplier is required to enter into appropriate security, confidentiality, and privacy contract terms.
Our customers have varying regulatory compliance needs. Our clients operate across regulated industries, including finance, pharmaceutical and manufacturing. Our most up-to-date compliance information is available here. The protection of your data is a primary design consideration for all of Google's infrastructure, products and personnel operations. Our scale of operations and collaboration with the security research community enable Google to address vulnerabilities quickly or prevent them entirely.
We believe that Google can offer a level of protection that very few public cloud providers or private enterprise IT teams can match. Because protecting data is core to Google's business, we can make extensive investments in security, resources and expertise at a scale that others cannot. Our investment frees you to focus on your business and innovation. Data protection is more than just security. Google's strong contractual commitments make sure you maintain control over your data and how it is processed, including the assurance that your data is not used for advertising or any purpose other than to deliver Google Cloud services.
For these reasons and more, over five million organizations across the globe, including 64 percent of the Fortune , trust Google with their most valuable asset: their information. Google will continue to invest in our platform to allow you to benefit from our services in a secure and transparent manner.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4. For details, see the Google Developers Site Policies. Why Google close Discover why leading businesses choose Google Cloud Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help you solve your toughest challenges.
Learn more. Key benefits Overview. Run your apps wherever you need them. Keep your data secure and compliant. Build on the same infrastructure as Google.
Data cloud. Unify data across your organization. Scale with open, flexible technology. Run on the cleanest cloud in the industry. Connect your teams with AI-powered apps. Resources Events. Browse upcoming Google Cloud events. Read our latest product news and stories. Read what industry analysts say about us.
Reduce cost, increase operational agility, and capture new market opportunities. Analytics and collaboration tools for the retail value chain. Solutions for CPG digital transformation and brand growth. Computing, data management, and analytics tools for financial services. Health-specific solutions to enhance the patient experience.
Solutions for content production and distribution operations. Hybrid and multi-cloud services to deploy and monetize 5G. AI-driven solutions to build and scale games faster. Migration and AI tools to optimize the manufacturing value chain. Digital supply chain solutions built in the cloud. Data storage, AI, and analytics solutions for government agencies. Teaching tools to provide more engaging learning experiences.
Develop and run applications anywhere, using cloud-native technologies like containers, serverless, and service mesh. Hybrid and Multi-cloud Application Platform. Platform for modernizing legacy apps and building new apps. This publication provides an overview of the security and privacy challenges pertinent to public cloud computing and points out considerations organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment.
Security and Privacy acquisition ; planning ; privacy. You are viewing this page in an unauthorized frame window. Search Search. To compile this list, consider the following questions: Who is using the cloud? Who is responsible for maintaining the cloud service on the organizational end and the provider end? Who is responsible for maintaining cloud security? Who is responsible for selecting new cloud solutions? Who is responsible for making significant decisions? Example: Cloud Security Administrator The person ultimately responsible for implementation, configuration and maintenance of cloud services security.
This person shall address the following: Implementing security for new services Customizing the configuration of the cloud service security settings Maintaining access control and permissions management for each cloud service provided Retiring terminated services Service Level Manager The person ultimately responsible for managing service-level agreements and acting as liaison with the cloud provider to negotiate SLA contracts and ensure the provider meets all the terms of those contracts.
Secure Usage of Cloud Computing Services This section defines the requirements for acceptable use of cloud services. Example: All cloud-based services must be approved prior to acquisition and deployment. To ensure secure adoption and usage of cloud services, the following steps must be taken: Define organizational needs and priorities. Define service users, both internal and external. Determine the type of cloud service to be adopted, including the physical and operational characteristics for SaaS, PaaS and IaaS solutions.
Define the data types to be stored. Determine the security solutions and configurations required for encryption, monitoring, backups, etc. Generate a list of past security incidents involving this cloud provider.
Request available security certifications. Obtain copies of agreements with the provider, including SLAs. Example: The cloud security administrator and IT security manager must perform an inventory of cloud services in use at least quarterly. Approved Services Provide a synopsis of your cloud-based infrastructure with a list of approved services. Example: The organization has a central headquarters and several offices located across the U.
Example: Only the cloud-based solutions on the list of approved services specified in Section 2 of this document may be used. The Cloud Security Administrator and the IT Security team shall conduct a risk assessment at the following times: Upon the implementation of a new cloud service After major upgrades or updates to an existing cloud service After any changes to the configuration of a cloud service When following up on a security event or incident Quarterly for all existing cloud services The cloud security risk assessment shall include the following: Audit results, both internal and external cloud provider system security audit results Threat and vulnerability analysis Regulatory compliance 6.
Security Controls The cloud security policy specifies the various security components available and in use by the organization. Technical Security Controls Requirements This section specifies all requirements for technical controls for access management.
For example: The organization shall put into place tools for centralized visibility of the cloud service infrastructure, such as cloud workload protection CWP tools. Access control methods to be used shall include: Auditing of attempts to log on to any device on the company network Windows NTFS permissions to files and folders Role-based access model Server access rights Firewall permissions Network zone and VLAN ACLs Web authentication rights Database access rights and ACLs Encryption at rest and in flight Network segregation Access controls apply to all networks, servers, workstations, laptops, mobile devices, cloud applications and websites, cloud storages, and services.
Auditing includes configuration and change auditing. Data protection includes encryption, data remediation, data erasure, and data recovery. Mobile Security Requirements This section should include controls for configuring mobile access, generating a robust identity, device monitoring, employing anti-malware solutions and mobile device management. Physical Security Requirements Include in the policy the reasons for designing and applying countermeasures against damage to physical access and equipment.
0コメント