Privacy concerns – whether about the mobile phones or the personal computer internet – have been increasing rapidly. There have been many stories about how the big companies like Google or Facebook can access your data or use it for some other purposes.
To clear the air, Google has stepped up. A document published last week by Google, called the Infrastructure Security Design Overview, explains how the company keeps the cloud secure. Both for itself and for the public cloud services it offers in the shape of Google Drive.
Google Drive, its cloud storage, is where every important piece of information about you, is stored, your e-mails, your credentials your account data etc.
Hardware Security Chips
The documents revealed a lot of interesting information about Google’s security practices. One of them is the custom hardware security chips that they use in both, the servers and the peripherals.
According to the document:
These chips allow us (Google) to securely identify and authenticate legitimate Google devices at the hardware level.
Used over “components like the BIOS, boot-loader, kernel, and base operating system image”, these silicon chips work with cryptographic signatures and the signatures are validated each time the device boots or updates.
Google tries to upgrade its security with each new generation of hardware, the document continues:
For example, depending on the generation of server design, we root the trust of the boot chain in either a lockable firmware chip, a micro-controller running Google-written security code, or the above mentioned Google-designed security chip.
Encrypted Data onto the Servers
Google’s applications and services encrypt data before it is written onto a disk, so that its hard for malicious disk firmware to access user data and corrupt it in any way.
Constantly tracked throughout their entire life-cycle, the disks (HDDs and SSDs) support hardware encryption. The disks are also cleaned using a multi-step process which includes two independent verifications. The disks that do not pass these security steps are destroyed right away.
Wondering about how you can improve your data security online? Here are the few Security Basics every person should know.
Google reads through browser history
Google scans the users’ apps, their downloads, browser extensions and browser history. Google claims its for “suitability on corporate clients”.
The company uses an application-level access management control system, which enables it to identify whether users are coming from a correctly managed device or not, or from expected networks and geographic locations.
The documents also revealed that the Google uses a team of experts to detect bugs in its software. This team usually consists of experts from web security, cryptography and operating system security.
Security issues have been an ongoing concern for Google for a while now, and the company trying to come clean is the step towards right direction. Though there are still many questions unanswered, Google is trying to maintain trust through transparency.
You can ensure great data security using USB sticks, READ HERE.