How to do security like Google
Google started in the cloud and runs on the cloud, so it’s no surprise that we fully understand the security implications of powering your business in the cloud.
It’s not an understatement to say that security is literally at the core of every discussion, product development and platform we have. It could not be more critical to Google’s reputation and preservation of the high level of trust we have with everyone who uses our products.
Australian and New Zealand companies are facing the same challenge, but most don’t have the benefit of 20 years of intense security R&D or the engineering resources that Google has globally.
Cyber attacks are big business: during the 2020-21 financial year, the Australian Government received 67,500 cybercrime reports with self reported losses totalling a staggering $33 billion. Most of us now know someone at a company that’s suffered an intrusion of some sort.
Cyber attacks will often bring a company’s operations to its knees for weeks at a time while high cost consultants are parachuted in to forensically determine what has happened.
When you use Google Workspace, the data and applications are on Google Cloud, the same infrastructure that runs all of Google’s products. So we protect our Google Workspace customers in the process of protecting ourselves.
For example, although Google’s login process feels very simple to the user, behind the scenes, we have very sophisticated machine learning monitoring it. There are many data points associated with a login that can be evaluated in real time to detect suspicious activity, take immediate action to deny access and alert a system administrator to secure the account.
One of the biggest risks to Australian businesses is inbound social engineering attacks – where a user is tricked into giving away password credentials through phishing emails, for example. Google Workspace uses machine learning to protect users against these attacks. It can detect new previously unreported phishing URLs using Google’s ability to analyse web content. As Google can automatically detect new patterns, Gmail adapts more quickly than manual systems ever could.
Security: it’s not an optional extra.
The security conversation at Google doesn’t start and finish with traditional methodologies. We build security into our infrastructure stack from silicon upwards – from custom hardware, through user identity, storage, operations – it’s layered through everything. Unlike some other cloud providers, you don’t have to licence up to get full security capabilities.
Our custom silicon – the Titan chip – ensures that our Google-designed servers boot from a known-good state using verifiable code, and this establishes the hardware root of trust for cryptographic operations in our data centers.
The same chip is available in Chromebooks or as a small USB device for other PCs. With our zero trust BeyondCorp service, our customers can make completely encrypted connections into their Google Cloud resources without a VPN, avoiding an annoying bottleneck that corporate users struggle with every day.
Importantly, where a hardware security key is used, even if a user is tricked into giving away their credentials through social engineering, the attacker with the stolen credentials still won’t be able to log in successfully because they don’t have that hardware key.
Google Cloud Identity provides a fast and simple way to provision network identities for users, with single sign-on integration for third party apps, multi-factor authentication and endpoint management.
Of course, if you already have an existing Identity Access Management solution, Google Workspace can be easily integrated to it with single sign on.
Data is encrypted at rest by default in Google Cloud, as well whenever it exits Google infrastructure, and it’s carried across Google’s global fibre backbone network – one of the largest privately owned fibre networks in the world.
Google Workspace also has one of the industry’s leading built-in Data Loss Prevention (DLP) systems, allowing sensitive information stored within Gmail and Drive to be detected and protected. It comes with a large library of predefined content detectors to make setup easy – for example it can automatically detect Australian drivers licence numbers or Medicare numbers stored in data as just one example.
Once the DLP policy is in place Gmail can automatically check all outgoing emails for sensitive information and automatically take action to prevent data leakage. It can either quarantine the email for review by an administrator, tell users to modify the information or block the email from being sent and notify the sender. It even automatically OCRs content stored in images.
Google’s security is one of the key reasons Canva chooses to run its business on Google Workspace. Having everything on Google infrastructure helps enhance digital security as business grows in size and profile across offices in the United States, China, the Philippines and Australia.
Likewise, Australian medical research company Linear.org.au uses Google Workspace Enterprise. It made this choice because of the powerful security tools included, which give the firm confidence in handling sensitive patient data, including data loss prevention across Gmail and Drive. The advanced identity management features in Google Workspace Enterprise also helped the company put in place a robust “bring your own device” policy.
The Google culture difference
A lot of what Google does with security is baked into the Google culture. Many of our Google Cloud clients say their engagement with Google has helped them uplift the security culture in their own organisations.
