Earlier in the year Google disclosed that the company, along with at least twenty other large companies from a variety of industries, were victims of cyber attacks.
In an effort toward increased transparency, Google now wants to help customers understand the security practices, policies, and technology surrounding Google Apps with a newly published “Google Apps Security White paper.”
While most of what’s covered in the white paper should be expected and obvious to most information security professionals, the 14-page document does provide a more detailed look at the security policies, technologies and procedures that Google has in place to protect its over 10 million Google Apps users.
Some of the more interesting security initiatives include:
• Google’s “home made” servers are based on a stripped and hardened version of Linux, customized to include only the components necessary to run Google applications.
• Customer data is stored in fragments across multiple servers and across multiple data centers to both enhance reliability and provide greater security than can be achieved by storing all data on a single server. When only fragments are kept in any one place, the chance that a possible physical or computer-based compromise could result in the loss of meaningful information is greatly reduced.
• The company is able to provide software patching rapidly across identical server stacks to help keep systems updated with the latest patches.
• System redundancy involves data replication across disparate data centers for availability and disaster recovery.
The company also launched a Security & Privacy portal for its Google Apps for Education customers which has separate data and privacy policies and is also ad-free.
Google also recently added the ability for users to conduct encrypted searches utilizing SSL encryption when using the core Google.com search engine.
A blog post by Eran Feigenbaumm, Director of Security for Google Enterprise is available here and the full white paper can be viewed here in PDF format.