Data Centres & Research
Google are investing serious money in data centres. They’ve got 13 world-wide currently and they’re currently building the 14th. Its in Holland and it’s estimated to cost 600 million Euros. They have a team of over 500 security professionals who, amongst other things, run several outreach programmes with the international security community. One of these, the Vulnerability Reward programme actually rewards people who manage to unearth security issues. So far they’ve paid out more than $2million in bounties – and enjoy a far more secure cloud system as a result.
User Focussed Security
If you believe the movies, all you need to do to hack into a system is to look like a nerd and type really fast. The reality is a bit different. Thanks to the investment Google’s made in nailing down its data centres and world wide network the weak spot isn’t the back door – its the front door. Or to put it another way, the vulnerability is you and your username/password.
Google recognise this and have come up with some genuinely effective security features. You won’t see these in the hacker movies but they’ll protect you from the bad guys.
- Two Factor Security – When you (or a hacker) try to access your account from a computer that Google hasn’t seen before, it will ask you for a security key in addition to your username/password. This key is generated by your mobile phone, either by an app or by a text message. The key is a six digit number and works in the same way that the dongle the bank gives you to access your online account.
- USB Security Key – As an alternative to the phone you can elect to use a USB key. When you (or the hacker) tries to log in from an unrecognised computer, Google will prompt you to insert the key into the USB slot. Your key – and only YOUR key – will unlock your account and let you in.
- Anti-phishing – A strategy that hackers use is to direct you to a bogus site which looks like a Google sign in page. If you’re not on your guard you may be fooled into disclosing your Google username and password. Google automatically detects this and alerts you, prompting you to change your password.
- “Data Protection” means that UK companies can’t use services that might store their data outside the UK.
This is complete rubbish, just take a look at the UK companies that are already using Google including government