News

Google Cloud Security

• By Kurt Mackie
• 04/22/2011

Don't even think about breaking into Google's data centers to steal information.  The company revealed a little about how it physically secures one of its data centers within its global cloud network. The security measures are described in both a Google blog and in a YouTube video that shows the interior of a Google data center. The video offers a rare glimpse because Google doesn't permit public tours.

The physical security measures the video shows include restricted access via fencing and checkpoints, difficult-to-forge badges, and iris scans. In addition to humans scanning the perimeter using cameras located on the data center's grounds, there are automated systems to help weed out the unwanted. Google uses other security methods that it doesn't disclose.

Forget about dumpster diving to snag data, something that Paul Allen and Bill Gates used to do to DEC's trash in their early Microsoft days. Data stored on hard drives in Google's data center are wiped and then the hard drive is physically crushed before disposal. Google also uses a drive shredder that spits out chunks of mashed up hard drives, which then are sent out as scrap for recycling.

In honor of Earth Day, there was the usual discussion about power-saving issues associated with running data centers. Google claims in the video that in 2009 it achieved the most stringent standards for data center power efficiency that was set by the U.S. Environmental Protection Agency. Google taps wind energy to power its data center in Oklahoma and has invested $350 million in other renewable energy projects, according to this Google blog.

Not to be outdone on Earth Day, Microsoft continues its messaging that cloud computing use will actually save the planet's use of energy resources. A Microsoft blog includes the statistic that IT constitutes two percent of energy use worldwide. Cloud computing can help reduce the other 98 percent of energy use, Microsoft's blog contends. The blog does admit that cloud computing "comes with a serious energy and carbon cost," but it suggests that running applications through the cloud will save overall power consumption in the long run.

The environmental organization Greenpeace contends that most cloud computing companies, such as Google and Microsoft, simply use dirty energy derived from coal and nuclear sources. Greenpeace recently published a report, "How Dirty Is Your Data" (PDF), and called on data center companies to be more transparent about their energy use and carbon footprint. The report gives Google an "F" and Microsoft a "C" on transparency.

Matt Rosoff at the Business Insider has noted that Facebook rolled out a new energy-efficient data center, but Facebook has been far more open than Google about the details. Facebook went open with its practices by establishing an Open Compute Project.

Certainly, Google and Microsoft aren't the only two cloud service providers on the planet, but they have been in the spotlight lately as they battle to win contracts at the federal level. Those battles -- which could open up massive customer-scale scenarios limited only by the size of government itself -- also involve security concerns. However, the security is wrapped around the Federal Information Security Management Act (FISMA). FISMA is a kind of blueprint indicating what government agencies should do to ensure security on their systems.

After a public spat over FISMA certification and accreditation approvals, both Google and Microsoft are now entering a phase in which they will start providing cloud-based services to U.S. government agencies on a broad scale. Microsoft's data centers, and now some of its cloud-based apps, have already received authorization to operate based on FISMA criteria.

Google's cloud-based apps, called "Google Apps for Government," are getting reviewed for additional security controls. However, the government has basically indicated that they pass the FISMA test.