Operational and Device Security
We develop and deploy infrastructure software using rigorous security practices. Our operations teams detect and respond to threats to the infrastructure from both insiders and external actors, 24/7/365.
Communications over the Internet to our public cloud services are encrypted in transit. Our network and infrastructure have multiple layers of protection to defend our customers against Denial of Service attacks.
Identities, users, and services are strongly authenticated with multiple factors. Access to sensitive data is protected by advanced tools like phishing-resistant Security Keys.
Data stored on our infrastructure is automatically encrypted at rest and distributed for availability and reliability. This helps guard against unauthorized access and service interruptions.
Any application that runs on our infrastructure is deployed with security in mind. We don’t assume any trust between services, and we use multiple mechanisms to establish and maintain trust. Our infrastructure was designed to be multi-tenant from the start.
From the physical premises to the purpose-built servers, networking equipment, and custom security chips to the low-level software stack running on every machine, our entire hardware infrastructure is Google-controlled, -secured, -built, and -hardened.
Google owns and operates one of the largest backbone networks in the world connecting our data centers with hundreds of thousands of miles of fiber optic cable. We use advanced software-defined networking and edge caching services to deliver fast, scalable, and consistent performance. When your traffic is on our network, it no longer transits the public Internet, making it less likely to be attacked, intercepted, or manipulated.