Security at Google

To prove to the potential customers of Google Apps' business edition that Google cares about security, they released a white paper titled "Comprehensive review of security and vulnerability protections for Google Apps" (available as PDF). Here are some interesting details:
Google operates one of the largest networks of distributed datacenters in the world, and goes to great lengths to protect the data and intellectual property in these centers. Google operates an undisclosed number of datacenters worldwide. Many primary Google datacenters are wholly owned and managed ensuring that no outside parties can gain access. The geographic locations of the datacenters were chosen to give protection against catastrophic events. The datacenters are at confidential, undisclosed locations in order to guard against user data being targeted. These facilities are protected with armed personnel around the clock. In addition, strong methods of entry protection such as biometric devices and secure token cards are used to ensure that only authorized personnel are granted access. Only select Google employees have access to the datacenter facilities and the servers contained therein, and this access is tightly controlled and audited.

The facilities themselves are engineered not only for maximum efficiency, but also for security and reliability. Multiple levels of redundancy ensure ongoing operation and service availability in even the harshest and most extreme of circumstances. This includes multiple levels of redundancy within a center, generator-powered backup for ongoing operations, and full redundancy across multiple dispersed centers. State of the art controls are used to monitor the centers both locally and remotely, and automated failover systems are present to safeguard systems. (...)

Data such as email is stored in a difficult to decipher format optimized for performance, rather than stored in a traditional file system or database manner. Data is dispersed across a number of physical and logical volumes for redundancy and expedient access, thereby obfuscating it from tampering. Google's physical protections described above ensure that no physical access to servers is possible. All access to production systems is conducted by cleared personnel using encrypted SSH (secure shell). Specialized knowledge of the data structures and Google's proprietary distributed architecture is built to provide a higher level of security and reliability than a traditional single tenant architecture. Individual user data is dispersed across a number of anonymous servers, clusters, and data centers. This ensures that data is not only safe from potential loss, but also highly secure.

Despite all these protection measures, Google had problems with cross-site scripting and some people even lost their Gmail accounts. If you find a security breach in a Google product, report it at security@google.com and wait a reasonable amount of time before revealing the details to the public.

Labels

Web Search Gmail Google Docs Mobile YouTube Google Maps Google Chrome User interface Tips iGoogle Social Google Reader Traffic Making Devices cpp programming Ads Image Search Google Calendar tips dan trik Google Video Google Translate web programming Picasa Web Albums Blogger Google News Google Earth Yahoo Android Google Talk Google Plus Greasemonkey Security software download info Firefox extensions Google Toolbar Software OneBox Google Apps Google Suggest SEO Traffic tips Book Search API Acquisitions InOut Visualization Web Design Method for Getting Ultimate Traffic Webmasters Google Desktop How to Blogging Music Nostalgia orkut Google Chrome OS Google Contacts Google Notebook SQL programming Google Local Make Money Windows Live GDrive Google Gears April Fools Day Google Analytics Google Co-op visual basic Knowledge java programming Google Checkout Google Instant Google Bookmarks Google Phone Google Trends Web History mp3 download Easter Egg Google Profiles Blog Search Google Buzz Google Services Site Map for Ur Site game download games trick Google Pack Spam cerita hidup Picasa Product's Marketing Universal Search FeedBurner Google Groups Month in review Twitter Traffic AJAX Search Google Dictionary Google Sites Google Update Page Creator Game Google Finance Google Goggles Google Music file download Annoyances Froogle Google Base Google Latitude Google Voice Google Wave Google Health Google Scholar PlusBox SearchMash teknologi unik video download windows Facebook Traffic Social Media Marketing Yahoo Pipes Google Play Google Promos Google TV SketchUp WEB Domain WWW World Wide Service chord Improve Adsence Earning jurnalistik sistem operasi AdWords Traffic App Designing Tips and Tricks WEB Hosting linux How to Get Hosting Linux Kernel WEB Errors Writing Content award business communication ubuntu unik