WASHINGTON – Amidst the growing concerns about privacy breaches, Google has finally revealed what it does with the users’ data.
The tech giant published a document last week, called the “Infrastructure Security Design Overview.”
The document explained how the company keeps the cloud secure. Both for itself and for the public cloud services it offers in the shape of Google Drive.
Pakistan’s leading tech blog ProPakistani, quoted The Register, which reported as, Google Drive, its cloud storage, is where every important piece of information about you is stored, your e-mails, your credentials your account data etc.
It revealed a lot of interesting information about Google’s security practices. One of them being custom hardware security chips that they use in both, the servers and the peripherals.
According to the document, these chips allow us (Google) to securely identify and authenticate legitimate Google devices at the hardware level.
These silicon chips work with cryptographic signatures, used over “components like the BIOS, bootloader, kernel, and base operating system image.”
These signatures are validated each time the device boots or updates.
Google tries to upgrade its security with each new generation of hardware, the document continues,
For example, depending on the generation of server design, we root the trust of the boot chain in either a lockable firmware chip, a micro-controller running Google-written security code, or the above mentioned Google-designed security chip.
Google’s applications and services encrypt data before it is written onto a disk, so that its hard for malicious disk firmware to access user data and corrupt it in any way.
The disks (HDDs and SSDs) support hardware encryption, and they are constantly tracked throughout their entire life-cycle. The disks are also cleaned using a multi-step process which includes two independent verifications. The disks that do not pass these security steps are destroyed right away.
Hardware based security is always preferable to software based encryption. This is because encryption keys for software based encryption can be spoofed. Though it is still very hard to do so especially with 128 bit or 256 bit encryption.
The Alphabet subsidiary uses systems which scan the users’ apps, their downloads, browser extensions and browser history. Google claims its for “suitability on corporate clients”.
The company uses an application-level access management control system, which is used to reveal internal applications. This enables it to identify whether users are coming from a correctly managed device or not, or from expected networks and geographic locations.
What about Software Bugs?
Moreover, the published document also revealed how Google uses a team of experts to detect bugs in its software. This team usually consists of experts from web security, cryptography and operating system security. Along with ensuring a bug-free experience, they also make new discoveries which can be helped in making future devices better.