Cloud & GovIT
Cloud Computing Solves Traditional IT's Security Problems: Google
Security is core to the work that Google performs and is not an afterthought
Feb. 23, 2010 09:15 PM
Google Session at Cloud Expo
In what he called "traditional" IT, the security model - according to Eran Feigenbaum - is broken.
Feigenbaum, who is Director of Security at Google Enterprise, gave a talk in Washington this morning offering the hope that, because of Cloud Computing, some of the existing challenges may now be surmounted.
How do we build our systems to allow for fast recovery times, for zero or very limited loss of data...
"Not all cloud providers are created equal," Feigenbaum explained. Google has one of the biggest security teams anywhere in the world of the Internet, he added. Furthermore physical security is tip-top: Google's datacenters are very low profile, at undisclosed locations - most often unmarked for added protection. They have 24/7 armed guards. He explained how Google "chunks up" users' data into small, obfuscated pieces, Gmail's email data for example, and thereby makes the attack service much harder to understand. There are also six live replications of each email.
Because Google builds its own machines and writes its own OS, it has a very homogenous environment - making it easy to issue patches to the entire system, for example. It doesn't use virtualization; it uses cheap x86 drives in vast numbers. It has a barcode on every hard drive that tracks how it is being used, who has accessed it, and what they did.
Who outside Google gets to see and appraise all these internal checks and balances? The company does a yearly thirdparty "security penetration test."
Moreover it has a rigorous code development process.
About Jeremy GeelanJeremy Geelan is President of Cloud Expo, Inc. He is Conference Chair of the worldwide
Cloud Expo series, of the
Virtualization Conference series, and of the upcoming
UlitzerLIVE! event. During his tenure with SYS-CON Media, he launched
Cloud Computing Journal,
Web 2.0 Journal,
AJAX & RIA Journal and other leading SYS-CON titles. From 2000-6, as first editorial director and then group publisher of SYS-CON Media, he was responsible for the development of all new titles and i-technology portals for the firm. From 2006 to 2010, as Sr. VP of Editorial & Events, he had complete responsibility for the content of SYS-CON's events portfolio. He regularly represents SYS-CON Media & Events at conferences and trade shows, speaking to technology audiences both in North America and overseas. He is executive producer and presenter of "Power Panels with Jeremy Geelan" on SYS-CON.TV.
About Newsfeeds / Video Feeds
.gif)
