Apps for Business | Trust Google Apps

Security

Google operates one of the largest data processing networks in the world; thus our clients’ data and intellectual property protection has the highest priority. Google’s data processing centres worldwide are protected around the clock. A security team specifically responsible for this concentrates exclusively on security at company sites. Google’s implemented controls, processes and guidelines conform to the requirements laid down by a SAS-70-Type II audit .

Why is Google Apps secure?

Our security procedures encompass the three following chief components:

  • Personnel

    Google employs a data security team comprising of the foremost international experts in the fields of information, application and network security. This team operates around the clock. It is responsible for the implemented on-site security systems, the assimilated security infrastructure of Google installations, the security of the company’s premises, as well as the development, documentation and implementation of Google security guidelines and standards.

  • Processes

    Security is at the heart of every Google application, from its very inception. Google applications undergo several complex security audits within the framework of the Secure Code development process. The development environment for applications is strictly screened and thoroughly monitored in order to guarantee maximum security. In addition, external service providers perform regular detailed security audits of the processes in order to be able to rule out the possibility of security risks. In this way the system’s running performance is not impaired and the clients’ data is not disclosed.

  • Technology

    Google Apps encrypts and distributes data in individual sequences to a multitude of servers and data storage media. This system guarantees that the individual data segments may not be stored contiguously, thereby preventing external parties or groups from assembling the data segments or decoding them. The system distributes file names randomly and this means that it is not possible to generate a file list of every client and that the individual data segments are not decipherable and can’t be reconstituted. The data is replicated over several data processing centres, whereby redundancy and constant availability are safeguarded. In order to minimise further security risks, each Google server is specially configured according to its individual function and exclusively equipped with the software components necessary for that purpose. The homogenous server architecture enables rapid updating and configuration changes over the entire network when the need arises.

How does Google guarantee the physical security of the data centre sites?

Google operates one of the largest networks of distributed datacenters in the world, and goes to great lengths to protect the data and intellectual property in these centers. Only select Google employees have access to the datacenter facilities and the servers contained therein, and this access is tightly controlled and audited. Security is monitored and controlled both locally at the site, and centrally at Google’s worldwide security operations centers. These buildings are guarded around the clock by trained personnel, and secured with protective measures such as heat-sensitive cameras. Strict authentication mechanisms, such as biometric verification, permit entry only to authorised personnel. Access to the data processing centres is restricted exclusively to designated Google personnel who have passed through a range of security clearances.

Third parties only have strictly restricted access to Google’s data processing centres. On each occasion a multistage, detailed registration and confirmation procedure must be followed. Google regularly tests access to its computer centres, in order to ensure that only authorised personnel are permitted access to dedicated areas.

How does Google protect the systems from computer outages and natural catastrophes?

The geographic locations of Google’s datacenters were chosen to give protection against catastrophic events. Multiple levels of redundancy ensure ongoing operation and service availability in even the harshest and most extreme of circumstances. This includes multiple levels of redundancy within a center, generator-powered backup for ongoing operations, and full redundancy across multiple dispersed centers. State of the art controls are used to monitor the centers both locally and remotely, and automated failover systems are present to safeguard systems. Each sub-system is not dependent on a particular physical or logical server, thus enabling continued operation in the event of an incident. Data is replicated amongst Google’s multiplex active servers, thus enabling access to it from another system in the event of computer malfunction and safeguarding against data processing centre outage.

How does Google protect the infrastructure from hackers and other threats?

Google prioritises the guarantee of an effective and persistent defence against external threats. Google’s data processing centres operate with specially configured hardware implemented on a complex operating and filing system. A specifically deployed Google security team co-operate with external monitoring companies in order to continually test and optimise the security infrastructure and so safeguard the systems from external attacks. Google’s data processing clusters are designed with flexibility and redundancy in mind, thus debugging individual malfunction instances and reducing the effects of a general equipment breakdown and environmental risks to a minimum.

How does Google prevent and resolve security flaws in applications?

Google products and services undergo a series of strict security audits. In the event that a security flaw is discovered in an application or infrastructure component, the risk is immediately evaluated, responded to correspondingly and countervailed. When the applications are hosted in Google’s own data processing centres, repairs to all systems may be undertaken immediately, without the client’s own intervention.

Which data processing centres are used?

In accordance with our security requirements, Google does not specify at which computer centres the data is being stored. In so doing, Google ensures that security, scalability, seasonal fluctuations, redundancy and recovery from system outages may be optimally administered. The comprehensive network of data processing centres guarantees that the company may access your data swiftly, securely, reliably and from anywhere at any time.

Is data actually safe when it is stored on the same servers as that of other companies?

The data is as protected in cyberspace as it would be on your own server. No enterprise may access the data of another’s. All user accounts are secured by a virtual lock-and-key mechanism. This technique guarantees that a user may not be privy to the data of another user. The data sets are detached from one another in such a way as each data segment would have been, had it had been stored on its own entirely isolated space. The system behind this is certainly familiar to you in the realm of online banking.

To view the configuration of a Google data processing centre, take a Video-Tour through a Google data processing centre

Contact Us

Google Apps Blog

Interested in Google Apps news?

Read the Google Apps Blog

Google Apps security whitepaper

More information on the security of Google Apps

Download PDF

©2011 Google