Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

New Google Security Chief Looks for Balance with Privacy

Google has a new sheriff keeping watch over the wilds of the Internet. Austrian-born Gerhard Eschelbeck has ranged the British city of Oxford; cavorted at notorious Def Con hacker conclaves, wrangled a herd of startups, and camped out in Silicon Valley.

He now holds the reins of security and privacy for all-things Google.

Google has a new sheriff keeping watch over the wilds of the Internet. Austrian-born Gerhard Eschelbeck has ranged the British city of Oxford; cavorted at notorious Def Con hacker conclaves, wrangled a herd of startups, and camped out in Silicon Valley.

He now holds the reins of security and privacy for all-things Google.

In an exclusive interview with AFP, Eschelbeck spoke of using Google’s massive scope to protect users from cyber villains such as spammers and state-sponsored spies.

“The size of our computing infrastructure allows us to process, analyze, and research the changing threat landscape and look ahead to predict what is coming,” Eschelbeck said during his first one-on-one press interview in his new post.

“Security is obviously a constant race; the key is how far can you look ahead.”

Eschelbeck took charge of Google’s 500-strong security and privacy team early this year, returning to Silicon Valley after running engineering for a computer security company in Oxford for two years.

“It was a very natural move for me to join Google,” Eschelbeck said. “What really excited me was doing security at large scale.”

Google’s range of global services and products means there are many fronts for a security expert to defend. Google’s size also means there are arsenals of powerful computer servers for defenders to employ and large-scale data from which to discern cyber dangers.

Advertisement. Scroll to continue reading.

Eschelbeck’s career in security stretches back two decades to a startup he built while a university student in Austria that was acquired by security company McAfee.

What started out as a six-month work stint in California where McAfee is based turned into a 15-year stay by Eschelbeck.

He created and advised an array of computer security startups before heading off to Oxford. Eschelbeck, has worked at computer technology titans such as Sophos and Qualys, and holds patents for network security technologies.

Constant attack

He was confident his team was up to the challenge of fending off cyber attacks, even from onslaughts of sophisticated operations run by the likes of the US National Security Agency or the Chinese military.

Eschelbeck vowed that he would “absolutely” find any hacker that came after his network.

“As a security guy, I am never comfortable,” he said. “But, I do have a very strong team…I have confidence we have the right reactive and proactive defense mechanisms as well.”

State-sponsored cyber attacks making news in the past year come on top of well-known trends of hacking expressly for fun or profit.

The sheer numbers of attack “vectors” has rocketed exponentially over time, with weapons targeting smartphones, applications, datacenters, operating systems and more.

“You can safely assume that every property on the Internet is continuously under attack,” Eschelbeck said.

“I feel really strong about our ability to identify them before they become a threat and the ability to block and prevent them from entering our environment.”

Scrambling data

Eschelbeck is a backer of encrypting data, whether it be an email to a friend or photos stored in the cloud.

“I hope for a time when all the traffic on the Internet is encrypted,” he said.

“You’re not sending a letter to your friend in a transparent envelop, and that is why encryption in transport is so critical.”

He believes that within five years, accessing accounts with no more than passwords will be a thing of the past.

Google lets people require code numbers sent to phones be used along with passwords to access accounts in what is referred to as “two-factor” authentication.

The Internet titan also provides “safe browsing” technology that warns people when they are heading to websites rigged to attack visitors.

Google identifies about 50,000 malicious websites monthly, and another 90,000 phishing websites designed to trick people into giving up their passwords or other valuable personal information, Eschelbeck said.

“We have some really great visibility into the Web, as you can imagine,” he said.

“The time for us to recognize a bad site is incredibly short.”

Doubling-down on privacy

Eschelbeck saw the world of online security as fairly black and white, while the privacy side of his job required subjective interpretations.

Google works closely with data protection authorities in Europe and elsewhere to try and harmonize privacy protections with the standards in various countries.

“I really believe that with security and privacy, there is more overlap than there are differences,” he said.

“We have made a tremendous effort to focus and double-down on privacy issues.”

As have other large Internet companies, Google has routinely made public requests by government agencies for information about users.

Requests are carefully reviewed, and only about 65 percent of them satisfied, according to Google.

“Privacy, to me, is protecting and securing my activities; that they are personal to myself and not visible to the whole wide world,” Eschelbeck said.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.