Google Opens Up on Its Security Practices
New security white paper details Google's security practices for its cloud-based apps.
Google continues to make gains in its push to win over business and enterprise customers to its cloud-based services and applications, but the search giant still only holds a tiny fraction of the enterprise market while Microsoft's Office suite dominates corporate desktops and the vast majority of companies are sticking primarily with traditional on-premise data centers.
To be fair to Google (NASDAQ: GOOG), the company is a relative newcomer in this area and the enterprise sales cycle is notoriously long. But one of the issues all cloud providers face, from Google to Salesforce (NYSE: CRM) to Zoho and others, is security. Companies want to know the files and information they're entrusting to a third-party are secure.
To that end, Google revealed more of the infrastructure and cloud security practices in a post at its enterprise blog site that acknowledges the security issues IT departments face on a regular basis.
"For most companies, trying to keep ahead of new security threats every day feels like gripping a handful of sand. No matter how hard you tighten and squeeze, some still manages to slip through your fingers," Eran Feigenbaum, director of security for Google's Enterprise group, said in the post.
Feigenbaum argues that in today's "ultra-connected, Web-capable world" it's more important to understand how data is protected than whether it's physically located in a particular datacenter. In other words, just having your data on-premise, doesn't guarantee security.
In terms of what Google is doing on the security side, Feigenbaum listed several advances the company employs.
For example, Google stores customer data in fragments across multiple servers and across multiple data centers. Feigenbaum said this both enhances reliability and is better than storing all data on a single server where a single breach could have major security consequences.
When Google needs to issue a patch, it does so across identical server stacks to keep users updated. "This significantly reduces the deployment workload for IT administrators," said Feigenbaum.
Google's cloud infrastructure also employs data replication across disparate data centers to ensure availability and facilitate disaster recovery.
The blog post also includes a link to a new, detailed white paper on Google's apps, messaging and collaboration products that's available here in PDF format.
Feigenbaum said the release of the white paper is the latest move by Google to be transparent to customers. He cited Google's surprising announcement earlier this year that its systems were hit by a cyber attack as another example of transparency.
Most companies generally loath to publicly disclose security breaches for fear it will leave a bad impression with customers. Google said at least twenty other companies were also part of the cyber attack it believed originated in China, but Google was the only one to fully acknowledge the scope of the attack.