Thursday, March 28, 2024

How Does World’s Highly Secured Google Network Works?

Google always Maintains an Extremely strong Cyber Security Culture for Data Security, Network Security, Cloud Security, and Physical security. Google’s this extreme level of security protection begins from hiring the employee until the biggest security breach investigations.

Employee background checks, Security training Privacy events

Before they join google staff, Google will confirm an individual’s training and past business, and perform inner and outside reference checks.

Where nearby work law or statutory directions allow, Google may likewise lead criminal, credit, migration, and security checks. The degree of these historical verifications is subject to the wanted position.

Google Requested to sign the Code of Conduct, which monitor all the new employees and highlights google’s commitment to keep customer information safe and secure and it is not only for Google but for all the subsidies which come under Alphabet Inc .

it’s depending on their job role, additional training on specific aspects of security may be required. For instance, the information security team instructs new engineers on topics like secure coding practices, product design, and automated vulnerability scanning tools.

Security and privacy is an ever-evolving areas, and Google recognizes that dedicated employee engagement is a key means of raising awareness. One example is “Privacy Week,” during which Google hosts events across global offices to raise awareness of privacy in all facets, from software development, data handling, and policy enforcement to living google privacy principles.

The dedicated Security team and Privacy team

Google employs more than 500 full-time security and privacy professionals, who are part of the software engineering and operations division.

Google team includes some of the world’s foremost experts in information, application and network security and IT Solutions.

This team is tasked with maintaining the company’s defense systems, developing security review processes, building a security infrastructure, and implementing Google’s security policies.

Google’s dedicated security team actively scans for security threats using commercial and custom tools, penetration tests, quality assurance (QA) measures and software security reviews.

Google specifically built a full-time team, known as Project Zero, that aims to prevent targeted attacks by reporting bugs to software vendors and filing them in an external database.

The Google privacy team operates separately from product development and security organizations but participates in every Google product launch by reviewing design documentation and performing code reviews to ensure that privacy requirements are followed.

They help release products that reflect strong privacy standards: a transparent collection of user data and providing users and administrators with meaningful privacy configuration options while continuing to be good stewards of any information stored on the Google platform.

Cyber Security research community

Google has a close relationship with the security research community, and google greatly values their help identifying vulnerabilities in Cloud Platform and other Google products.

Vulnerability Reward Program urges scientists to report plan and execution issues that may put customer information at hazard, offering rewards in the huge number of dollars. In Chrome, for example, google cautions clients against malware and phishing, and offer prizes for discovering security bugs. Google Hall of fame individuals .

Monitoring

Google’s security monitoring program is focused on information gathered from internal network traffic, employee actions on systems, and outside knowledge of vulnerabilities.

At many points across the global network, internal traffic is inspected for suspicious behavior, such as the presence of traffic that might indicate botnet connections.

Vulnerability Management

Google administrates a vulnerability management process that actively scans for security threats using a combination of commercially available and purpose-built in-house tools, intensive automated and manual penetration efforts, quality assurance processes, software security reviews and external audits Application Security.

Malware prevention

Google helps tens of millions of people every day to protect themselves from harm by showing warnings to users of Google Chrome, Mozilla Firefox and Apple Safari when they attempt to navigate to websites that would steal their personal information or install software designed to take over their computers.

Malware sites or email attachments install malicious software on users’ machines to steal private information, perform identity theft, or attack other computers.

Google’s Safe Browsing technology examines billions of URLs per day looking for unsafe websites. Every day, Google discovers thousands of new unsafe sites, many of which are legitimate websites that have been compromised.

Google actively reviews inbound security reports and monitors public mailing lists, blog posts, and wikis. Automated network analysis helps determine when an unknown threat may exist and escalates to Google security staff, and network analysis is supplemented by automated analysis of system logs.

Safe Browsing

Safe Browsing was launched in 2007 to protect users across the web from phishing attacks, and has evolved to give users tools to help protect themselves from web-based threats like malware, unwanted software, and social engineering across desktop and mobile platforms.

Safe Browsing engineering, product, and operations teams work at the forefront of security research and technology to build systems that help users protect themselves from harm.

Safe Browsing gives users the ability to protect themselves from multiple types of unsafe sites and applications

Data centers Security

Google data center physical security features a layered security model, including safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics, and the data center floor features laser beam intrusion detection.

Google data centers are monitored 24/7 by high-resolution interior and exterior cameras that can detect and track intruders. Access logs, activity records, and camera footage are available in case an incident occurs.

To keep things running 24/7 and ensure uninterrupted services, Google’s data centers feature redundant power systems and environmental controls.

Every critical component has a primary and alternate power source, each with equal power. Diesel engine backup generators can provide enough emergency electrical power to run each data center at full capacity.

Cooling systems maintain a constant operating temperature for servers and other hardware, reducing the risk of service outages.

Fire detection and suppression equipment help prevent damage to hardware. Heat, fire, and smoke detectors trigger audible and visible alarms in the affected zone, at security operations consoles, and at remote monitoring desks.

A Global Network Security

Google’s IP data network consists of its own fiber, public fiber, and undersea cables. This allows us to deliver highly available and low latency services across the globe.

In other cloud services and on-premises solutions, customer data must make several journeys between devices, known as “hops,” across the public Internet.

The number of hops depends on the distance between the customer’s ISP and the solution’s data center. Each additional hop introduces a new opportunity for data to be attacked or intercepted. Because it’s linked to most ISPs in the world, Google’s global network improves the security of data in transit by limiting hops across the public Internet.

Securing Data in Transit

securing data in transit is a high priority for Google. Data traveling between a customer’s device and Google is encrypted using HTTPS/TLS (Transport Layer Security).

In fact, Google was the first major cloud provider to enable HTTPS/TLS by default.

When sending to or receiving email from a non-Google user, all links of the chain (device, browser, provider of the email service) have to be strong and work together to make encryption work.

Google has also upgraded all google  RSA certificates to 2048-bit keys, making encryption in transit for Cloud Platform and all other Google services even stronger.

Perfect forward secrecy (PFS) minimizes the impact of a compromised key, or a cryptographic breakthrough.

It protects network data by using a short-term key that lasts only a couple of days and is only held in memory, rather than a key that’s used for years and kept in durable storage.

Service availability

Some of Google’s services may not be available in some jurisdictions. Often these interruptions are temporary due to network outages, but others are permanent due to government-mandated blocks. Google’s Transparency Report also shows recent and ongoing disruptions of traffic to Google products. Google provides this data to help the public analyze and understand the availability of online information.

Customers own their data, not Google

The data that customers put into google systems is theirs, and Google do not scan it for advertisements nor sell it to third parties.

Google offers its customers a detailed data processing amendment that describes google’s commitment to protecting customer data. It states that Google will not process data for any purpose other than to fulfill google’s contractual obligations

if customers delete their data, Google commits to deleting it from google systems within 180 days.

Only a small group of Google employees have access to customer data. For Google employees, access rights and levels are based on their job function and role, using the concepts of least privilege and need-to-know to match access privileges to defined responsibilities.

Google employees are only granted a limited set of default permissions to access company resources, such as employee email and Google’s internal employee portal.

Regulatory Compliance

Google customers and regulators expect independent verification of security, privacy and compliance controls. Google undergoes several independent third-party audits on a regular basis to provide this assurance.

This means that an independent auditor has examined the controls present in Google data centers, infrastructure, and operations.

Visit the Google Security Blog .

Website

Latest articles

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles