Most of the organizations are either started using cloud services or migrating to the cloud. First and the most important decision-making point before migrating the applications to the cloud is, how this transformation will impact the data security and compliance to the applicable regulatory requirements to my business?
Most of the prominent cloud service providers like Google (GCP), Amazon (AWS) and Microsoft (Azure), understand the importance of providing the compliance and assuring the data security for the clients. These cloud providers provide security solutions either as a part of a package or available in the market place for clients to pick and choose the technologies that assures the integration with other infrastructure components of the cloud.
In this article, we will look into the security features and compliances provided by Google Cloud Platform (GCP).
Googles uses the same security infrastructure to host their own applications like a search engine, G-mail, and photos as well as enterprise products like G-suite and cloud platform. And hence the security, privacy requirements and compliances are the inbuilt into the Google cloud platform.
The ancient approach defense in depth with the addition to risk based approach, continuous monitoring, and regular testing is the best way to protect your data.
Following diagram explains Goggles layer approach to define the security into the technical infrastructure.
Let look at these layers more closely
- Hardware Infrastructure
The first level of security is a physical security of the environment where your applications and data is hosted. This includes the data center premise security, the access to googles Data Centers (DCs) is very limited to google employee. The physical security includes biometric based access control, CCTV cameras, metal detectors and laser based intrusion detection.
Googles server and network hardware is custom designed. Google works with vendors to audit and validate the security properties provided by the components before selecting the vendors. Google has developed hardware security chips, these chips deployed at the server as well as peripheral allows google to securely identify and authenticate legitimate devices at the hardware level.
Google does not depends on Firewalls or network zones as a primary security mechanism, however, they still use this layer to avoid IP spoofing.
Google uses cryptographic signatures over low-level components like the BIOS, bootloader, kernel, and base operating system image. These signatures are validated at each boot or update.
- Service Deployment
The Googles hosting infrastructure is fundamentally designed for the multi-tenant environment. In The service deployment in googles terminology means the application binary uploaded on this infrastructure and used to run the services like G-mail SMTP server, YouTube, etc. Thousands of these servers running a service on the infrastructure are controlled by a cluster orchestration service called Borg.
Google uses cryptographic authentication and authorization at the application layer for inter-service communication. This provides strong access control at an abstraction level and granularity that administrators and services can naturally understand.
Variety of isolation and sandboxing techniques like normal Linux user separation, language, and kernel-based sandboxes, and hardware virtualization are used for protecting a service from other services running on the same machine.
For the client’s highly security sensitive applications, an extra security boundary, such as the cluster orchestration service and key management services is provided and these applications are hosted on exclusively on dedicated machines.
To provide the additional layer of security, the communication between the application services can be defined using proper access control mechanism.
- User Identity
The Google engineers who need to access services are provided with individual identities and role based, need to know basis access is provided. The infrastructure provides a rich identity management workflow system for these internal identities including approval chains, logging, and notification.
The owner of a service can use access management features provided by the infrastructure to specify exactly which other services can communicate with it. Apart from this automatic API-level access control mechanism, the infrastructure also provides services the ability to read from central ACL and group databases so that they can implement their own custom, fine-grained access control where necessary.
Service Identity and Access Management: The infrastructure provides service identity, automatic mutual authentication, encrypted inter-service communication and enforcement of access policies defined by the service owner.
- Storage Services
Google’s infrastructure provides a variety of storage services, such as BigTable and Spanner, and a central key management service. Most applications at Google access physical storage indirectly via these storage services. The storage services can be configured to use keys from the central key management service to encrypt data before it is written to physical storage. This key management service supports automatic key rotation, provides extensive audit logs.
Before deleting the data google marks the data as “scheduled for deletion”, this allows clients to recover the data if the deletion is accidental or unintentional.
- Secure Internet communication
Google exposes only minimum number of servers to the internet and all other infrastructure is separated in private network, this helps to easily implement security solutions to prevent the DDoS kind of attacks.
When service wants to connect to the internet, it needs to register to Google Front End (GFE) service, GFE ensures that all TLS connections are terminated using correct certificates and following best practices such as supporting perfect forward secrecy.
Once a connection lands into Google’s data center it goes through the multiple load balancers, that it self-provides the protection from Denial of Services (DoS) attacks. The load balancers keep on monitoring the traffic and the moment DoS traffic is identified all load balancers drop the DoS packets.
The user authentication plays a major role in accessing the services securely. When the user wants to access google service, the login page is provided to the user once authenticated depends on the login device (same registered device or different device, location) the user is challenged with further information to grant access.
- Operational Security
To maintain the secure infrastructure, technology components play a part however how securely the day to day operations are managed protects the data.
The underlying software or applications used to provide services and manage them are developed in Secure SDLC. Also, these applications are tested for code vulnerabilities.
Google also spends several millions of dollars in ‘Vulnerability Reward’ program, whoever identifies the bug, vulnerability in Google platform or services and inform google are rewarded.
Google also invests a large amount of effort in finding 0-day exploits and other security issues in all the open source software they use.
Google has invested heavily on grading the user credentials from compromising and monitoring to identify the threats before they get materialized.
To guard employees against the phishing kind of persistent attacks google has replaced phishable OTP second factors with mandatory use of U2F-compatible Security Keys for Google employee accounts.
Google ensures that the operating system images for the client devices are up-to-date with security patches and they also have systems to scan the user installed applications, downloads, browser extensions.
Google uses application-level access management controls which allow them to expose internal applications to only specific users when they are coming from a correctly managed device and from expected networks and geographic locations.
The access to the infrastructure and service to google employees is provided with minimum privilege and need to know basis. Google also has minimized the privileged access to devices is by automation.
Host based and network based intrusion detection systems are deployed to identify the intrusion.
Google’s GCP security architecture is a result of Googles experience of using the GCP platform to provide their own services. The security in the infrastructure is designed in layers starting from the physical components and data center, to hardware provenance, and then on to secure boot, secure inter-service communication, secured data at rest, protected access to services from the internet and finally, the technologies and people processes we deploy for operational security.