Identity & Security

Trust through transparency: incident response in Google Cloud

Security

Cloud customers depend on us to have effective systems, teams, and processes in place to protect their data. Today, we’re publishing a white paper to give our Cloud customers a closer look at how we manage data incidents. We strongly believe that trust is created through transparency, and we want to be transparent about how we  protect customer data.

Effective incident response is not only key to managing and recovering from incidents but also preventing future ones. Google Cloud’s comprehensive incident response capabilities leverage the combination of dedicated experts, efficient processes, and sophisticated monitoring to proactively detect incidents, contain them, mitigate impact, inform customers, and reconstitute services in a trusted manner.

Every data incident is unique, and the goal of the data incident response process is to protect customers’ data, restore normal service as quickly as possible, and meet both regulatory and contractual compliance requirements. In this white paper, our privacy and security incident management team provides insight into Google Cloud’s approach to incident response for data incidents that may affect the confidentiality, integrity, or availability of customer data.

Here is a high-level view of the process broken down by phases:

  1. Identification. Early and accurate identification of incidents is key to strong and effective incident management. The focus of this phase is to monitor security events to detect and report on potential data incidents.

  2. Coordination. When an incident is reported, the oncall responder reviews and evaluates the nature of the incident report to determine if it represents a potential data incident, and initiates Google’s Incident Response Process.

  3. Resolution. At this stage we focus on investigating the root cause, limiting the impact of the incident, resolving immediate security risks (if any), implementing necessary fixes as part of remediation, and recovering affected systems, data, and services.

  4. Continuous improvement. We analyze each incident to gain new insights that help us enhance our tools, trainings and processes, as well as Google’s overall security and privacy data protection program.

To learn more, download the full white paper.

Protecting data is at the core of everything we do, and we continually make extensive investments in our overall security program, resources, and expertise to ensure that our customers can fully rely on us to respond effectively in the event of an incident. To learn more about our approach to transparency on Google Cloud, visit our website.