From the earliest days of cloud computing, there has been no greater priority for its users than the safety and security of their data, and cloud providers have responded accordingly.
For Google specifically, we view security as a core competency based on multiple years of experience in securing external services like Gmail and Search, with all internal and external products utilizing the same security infrastructure and practices. In fact, for some customers, security (not cost savings) was the main motivation for moving to the cloud.
How is data secured in the cloud?
Security is a multidimensional issue, spanning physical (data center) security, platform and network security, proactive threat detection, auditing, and compliance with industry-specific certifications such as HIPAA and PCI. For that reason, it requires deep expertise, as well as plentiful dedicated resources, to achieve.
For example, when evaluating a cloud provider, consider asking the following questions (at a minimum):
- Do you have a dedicated team focused on information security, and if so, how many people?
- Is data encrypted by default?
- How is data in transit across the public internet secured?
- How are data centers physically secured?
- What is the process for preventing, detecting, and countering network intrusions?
- How are users authenticated?
- Which security certifications have been done, if any?
How does security differ from trust and privacy?
Because cloud customers entrust the personal data of their own clients to their cloud provider, trust and privacy have to be a similarly top priority for vendors. For example, Google has strict privacy controls, policies, and training distinct from those involving security, has a dedicated team focusing specifically on trust and privacy issues, and is regularly evaluated by independent third-party audits.