Among growing privacy fears with security being called mere an “illusion”, Google has marched up to come clean when it comes to shielding its users’ data. Last week, Google published a paper, called the Infrastructure Security Design Overview, enlightens how the company preserves the cloud secure. Both for itself and for the public cloud services it offers in the shape of Google Drive. Google Drive, its cloud storage, is where every imperative piece of information about you is stored, your e-mails, your passes, authorizations, your account data etc.
Custom Hardware Security Chips
It exposed a lot of thought-provoking information about Google’s safekeeping practices. One of them being custom hardware security chips that they utilize in both, the servers and the peripherals. According to the document,
“These chips allow us (Google) to securely identify and authenticate legitimate Google devices at the hardware level.”
These silicon chips functions with cryptographic signatures, used over “components like the BIOS, bootloader, kernel, and base operating system image.” These signatures are legalized each time the system boots or updates. Google attempts to upgrade its safekeeping with each novel generation of hardware, the document endures,
“For example, depending on the generation of server design, we root the trust of the boot chain in either a lockable firmware chip, a micro-controller running Google-written security code, or the above mentioned Google-designed security chip.”
Data Written On to Their Servers’ Disks is Also Encrypted
Applications and services of Google encode data before it is inscribed onto a disk, so that it is quite difficult for malicious disk firmware to have an access of user data and corrupt it in any way. The disks (HDDs and SSDs) support hardware encoding, and they are continually tracked throughout their whole life-cycle. By using a multi-step process, the disks are also cleaned/cleared, which comprises of two independent verification. The disks that do not license these security steps are devastated right away. Hardware based safekeeping is always superior to choose to software based encryption. This is so because, encoding keys for software based encoding can be bluffed. Though it is still very difficult to do so particularly with 128 bit or 256-bit encryption.
Google Reads Through Your Browser History
The Alphabet secondary uses systems which scan the users’ apps, their downloads, browser extensions and browser history. Google claims that it is for suitability on corporate clients. The firm utilizes an application-level access management managing system, which is used to expose internal applications. This allows it to recognize whether handlers are coming from a appropriately organized device or not, or from projected networks and geographic locations.
What about Software Bugs?
To add more, the published paper also expose how Google utilizes a team of specialists to sense bugs in its software. This team typically consists of experts from web security, cryptography and operating system security. Along with confirming a bug-free practice, they also create new discoveries which can be beneficial in construction of future devices better.
Most probably we all are well aware of the thing that the security problems have been an ongoing apprehension for Google for a while now. Several third party apps and secret back-doors in android devices were revealed last year, but it looks like Google is trying to sustain trust by means of transparency. This paper, detailing their security details, is Google’s attempt at just that. Last year, Google also permitted its users the choice to monitor and even erase all the data Google gathers from its users. Though Google has taken decision about to be transparent regarding its security details, but is our data any safer in the hands of Google? It says us how the data is protected in its servers, but who has the right to snoop on that data and what about the communication of this data? These questions are needed to be answered as well. The efforts by the company do looks like to be in the right direction for that stuff. We hope other firms follow Google’s specimen to win their users’ trust.
To Read More: Top 10 Tech Startups In Asia That Can Change The World