Google Finally Reveals What It Does with User Data
Posted by AASIL AHMED
Amidst growing privacy concerns with security being called a mere “illusion”, Google has stepped up to come clean when it comes to protecting its users’ data.
A document published last week by Google, called the Infrastructure Security Design Overview, explains how the company keeps the cloud secure. Both for itself and for the public cloud services it offers in the shape of Google Drive.
Google Drive, its cloud storage, is where every important piece of information about you is stored, your e-mails, your credentials your account data etc.
Custom Hardware Security Chips
It revealed a lot of interesting information about Google’s security practices. One of them being custom hardware security chips that they use in both, the servers and the peripherals.
According to the document,
These chips allow us (Google) to securely identify and authenticate legitimate Google devices at the hardware level.
These silicon chips work with cryptographic signatures, used over “components like the BIOS, bootloader, kernel, and base operating system image.”
These signatures are validated each time the device boots or updates.
Google tries to upgrade its security with each new generation of hardware, the document continues,
For example, depending on the generation of server design, we root the trust of the boot chain in either a lockable firmware chip, a micro-controller running Google-written security code, or the above mentioned Google-designed security chip.
Data Written Onto Their Servers’ Disks is Also Encrypted
Google’s applications and services encrypt data before it is written onto a disk, so that its hard for malicious disk firmware to access user data and corrupt it in any way.
The disks (HDDs and SSDs) support hardware encryption, and they are constantly tracked throughout their entire life-cycle. The disks are also cleaned using a multi-step process which includes two independent verifications. The disks that do not pass these security steps are destroyed right away.
Hardware based security is always preferable to software based encryption. This is because encryption keys for software based encryption can be spoofed. Though it is still very hard to do so especially with 128 bit or 256 bit encryption.
Google Reads Through Your Browser History (!)
The Alphabet subsidiary uses systems which scan the users’ apps, their downloads, browser extensions and browser history. Google claims its for “suitability on corporate clients”.
The company uses an application-level access management control system, which is used to reveal internal applications. This enables it to identify whether users are coming from a correctly managed device or not, or from expected networks and geographic locations.
What about Software Bugs?
Moreover, the published document also revealed how Google uses a team of experts to detect bugs in its software. This team usually consists of experts from web security, cryptography and operating system security. Along with ensuring a bug-free experience, they also make new discoveries which can be helped in making future devices better.
Final Words
As we all know, Security issues have been an ongoing concern for Google for a while now. Various third party apps and secret backdoors in android devices were discovered last year, but it seems that Google is trying to maintain trust through transparency. This document, detailing their security practices, is Google’s attempt at just that.
Last year, Google also allowed its users the option to monitor and even delete all the data Google collects from its users.
Read more: New ‘My Activity’ Page Shows Everything Google Knows About You
Though Google has decided to be transparent regarding its security details, but is our data any more safer in the hands of Google? It tells us how the data is secure in its servers, but who has the authority to snoop on that data and what about the transmission of this data? These questions need to be answered as well.
The attempts by the company do seem to be in the right direction for that matter. We hope other companies follow Google’s example to gain their users’ trust.
Via TheRegister
The post Google Finally Reveals What It Does with User Data appeared first on .
