Google Data Center Security: 6 Layers Deep

Google Cloud Tech
18 Jun 202006:09

Summary

TLDRStephanie Wong from Google Cloud explores the six layers of physical security at a Google data center. The tour includes property boundaries, secure perimeters with advanced surveillance, anti-climb fencing, iris scans for access, and a security operations center monitoring 24/7. Data is encrypted, with strict access control, and retired drives are securely destroyed. Google Cloud's commitment to security testing and compliance with global standards ensures data protection and privacy.

Takeaways

  • 🏢 Stephanie Wong from Google Cloud is exploring the physical security measures at a Google data center.
  • 🛡️ There are six layers of security at Google data centers to protect customer data.
  • 🚧 Security Layer One involves property boundaries, including signage and fencing.
  • 🚨 Layer Two, the secure perimeter, features smart fencing, cameras, and 24/7 guard patrols.
  • 👮‍♂️ Behind the scenes, Google uses technology for correlation analysis and vehicle crash barriers to enhance security.
  • 🔍 Anti-climb fencing with fiber technology and thermal cameras provide additional security layers.
  • 👁️ Iris scan authentication is used to verify identity along with ID cards for building access.
  • 🔒 The Security Operations Center (SOC) monitors the data center continuously, acting as the 'brains' of the security system.
  • 🚫 Access to the data center floor is highly restricted, with less than 1% of Googlers ever entering.
  • 🔒 Data at rest is encrypted, and customers maintain control over their encryption keys, emphasizing data privacy and security.
  • 🗑️ Disks are securely erased and destroyed in the final security layer, with a two-way locker system ensuring only authorized technicians handle them.
  • 🛠️ Google Cloud employs security testing programs, including external and internal breach attempts, to constantly improve security measures.
  • 🛂 Strict metal detection is required when leaving the data center, making exit as challenging as entry.

Q & A

  • What is Stephanie Wong's role at Google Cloud?

    -Stephanie Wong works for Google Cloud, and while her specific role is not detailed in the script, she is knowledgeable about cloud security and is exploring the physical security measures at Google data centers.

  • How many layers of security are there at a Google data center according to the script?

    -There are six layers of security at a Google data center.

  • What does the first security layer refer to in the context of the script?

    -The first security layer refers to the property boundaries, which includes signage and fencing.

  • What features are included in the second security layer, also known as the secure perimeter?

    -The second security layer includes smart fencing, overlapping cameras, 24/7 guard patrols, and the main entrance gate.

  • What technology and operations are mentioned to be working behind the scenes at the data center?

    -The technology and operations include correlation analysis of visitor movements, guards in vehicles and on foot, and a vehicle crash barrier designed to stop a fully loaded truck from crashing through the entrance.

  • What is unique about the fencing mentioned in the script?

    -The fencing is an anti-climb fence equipped with fiber technology that can detect when someone is near or touching the fence.

  • How do the thermal and standard cameras contribute to security at the data center?

    -Thermal and standard cameras allow for clear video footage at night, just as during the day, enhancing surveillance capabilities.

  • What is the purpose of the iris scan authentication mentioned in layer three?

    -The iris scan authentication is used to verify the identity of individuals, ensuring that only authorized personnel gain access to the secure areas.

  • What is the role of the security operations center (SOC) in the data center's security?

    -The SOC is the central hub that monitors the data center 24/7, 365 days a year, connecting all security systems and ensuring any unusual activity is detected and addressed.

  • Why is access to the data center floor restricted to less than 1% of Googlers?

    -Access to the data center floor is restricted to only technicians and engineers who need to maintain, upgrade, or repair the equipment, ensuring the security and integrity of the data.

  • What measures are in place to protect the data at rest within the data center?

    -The data at rest is encrypted, and customers can issue and keep their own encryption keys, emphasizing the protection of user data privacy and security.

  • What happens to the hard drives that need to be retired from the data center?

    -Retired hard drives are securely transferred to a designated room through a two-way locker system, where technicians either erase or destroy them.

  • What are the two security testing programs mentioned in the script, and how do they work?

    -One program hires external companies to attempt to break into data center sites from the outside, while the other involves Google employees trying to breach security protocols from within, ensuring the robustness of the security measures.

  • How does Google Cloud demonstrate its commitment to data center security?

    -Google Cloud supports compliance with over 40 global standards, regulations, and certifications, and is committed to continuously testing, optimizing, and improving its security systems.

Outlines

00:00

🏢 Data Center Security Layers Overview

Stephanie Wong from Google Cloud embarks on a journey to explore the physical security measures at a Google data center. She introduces the concept of six layers of security, starting with property boundaries and signage, and moving on to the secure perimeter which includes smart fencing, cameras, and guard patrols. Stephanie meets experts who explain the advanced technology and operations that monitor and analyze the movements within the data center premises.

05:00

👀 Advanced Surveillance and Access Control

In this segment, Stephanie learns about the unique features of the data center's security system, such as anti-climb fences with fiber technology that detects touch, thermal and standard cameras for 24-hour surveillance, and a vehicle crash barrier designed to prevent unauthorized entry. She also experiences the building access layer, which includes iris scans for identity verification, and discusses the security operations center (SOC) that monitors the data center continuously. The SOC is equipped to detect any unusual activity and is the central hub of the security system.

🔒 Restricted Data Center Floor Access

Stephanie gains insight into the stringent access controls of the data center floor, where only technicians and engineers with a legitimate need are allowed. She highlights Google's commitment to data privacy and security, with encryption of data at rest and customer control over their encryption keys. The segment also touches on the mysterious sixth layer, where retired disks are securely erased or destroyed through a two-way locker system, accessible only to designated technicians.

🛡️ Security Testing and Compliance

The final part of the script reveals Google Cloud's proactive approach to security through two testing programs—one that challenges external companies to breach the data center's defenses, and another that encourages internal employees to test security protocols. The script concludes with the rigorous exit process involving full metal detection, emphasizing the difficulty of leaving the data center with unauthorized items. Google Cloud's dedication to compliance with over 40 global standards and continuous system improvement solidifies its position as a leader in data center security.

Mindmap

Keywords

💡Google Cloud

Google Cloud is a suite of cloud computing services offered by Google. It provides a variety of hosting services and allows users to consume computing resources on demand. In the video, Google Cloud is the context in which the discussion of data center security takes place, emphasizing the company's commitment to protecting customer data.

💡Physical Security

Physical security refers to the measures taken to protect physical assets and infrastructure from theft, damage, or unauthorized access. In the video, Stephanie Wong explores the physical security measures at a Google data center, highlighting the importance of safeguarding the physical premises where data is stored.

💡Security Layers

Security layers are multiple levels of security controls that work together to protect a system or facility. The video script describes six layers of security at a Google data center, each providing a different aspect of protection, such as property boundaries, secure perimeter, building access, and more.

💡Data Center

A data center is a facility used to house computer systems and associated components, such as servers, storage systems, and networking equipment. In the context of the video, the data center is the primary location where Google Cloud's customer data is stored and protected.

💡Iris Scan

Iris scan is a biometric identification method that uses patterns in the iris of the eye to verify an individual's identity. In the video, Stephanie Wong undergoes an iris scan to authenticate her identity as part of the building access security layer.

💡Security Operations Center (SOC)

A Security Operations Center is a centralized location where an organization's security policies are monitored and analyzed. In the video, the SOC is described as the 'brains of the security system' for the data center, constantly monitoring for any unusual activity.

💡Encryption

Encryption is the process of encoding data to ensure its security and privacy. In the video, it is mentioned that Google encrypts data at rest and allows customers to manage their own encryption keys, emphasizing the protection of user data privacy and security.

💡Two-Way Locker System

A two-way locker system is a secure method of transferring items between two parties without direct contact. In the video, the two-way locker system is used to securely transfer hard drives from the data center floor to a room for erasure or destruction.

💡Crusher Room

The crusher room is a specific area within a data center where hard drives are physically destroyed to ensure that data cannot be recovered. In the video, Stephanie Wong visits the crusher room to witness a hard drive being destroyed.

💡Compliance

Compliance refers to the adherence to established standards, regulations, and certifications. Google Cloud is mentioned as supporting compliance with over 40 global standards, indicating its commitment to meeting various security and operational requirements.

💡Security Testing Programs

Security testing programs are initiatives designed to evaluate the effectiveness of security measures by simulating attacks. The video describes two such programs at Google Cloud: one that hires external companies to attempt breaches from the outside, and another that challenges Google employees to test security protocols from within.

Highlights

Stephanie Wong from Google Cloud explores the physical security measures at a Google data center.

Google data centers have six layers of security to protect customer data.

Security layer one includes property boundaries with signage and fencing.

Layer two, the secure perimeter, features smart fencing, cameras, and 24/7 guard patrols.

Behind-the-scenes technology performs correlation analysis of visitor movements within the site.

A vehicle crash barrier is designed to stop a fully loaded truck from entering the premises.

The anti-climb fence is equipped with fiber technology to detect proximity or contact.

Thermal and standard cameras provide clear video footage day and night.

Building access in layer three is controlled by iris scan authentication.

Only one person is allowed to badge through a door at a time for secure areas.

The security operations center (SOC) monitors the data center 24/7, 365 days a year.

Less than 1% of Googlers have access to the data center floor.

Access to the data center floor is restricted to technicians and engineers on an as-needed basis.

Google encrypts data at rest, and customers can manage their own encryption keys.

Layer six involves the secure erasure and destruction of retired disks.

Disks are destroyed in a crusher room after being scanned and deemed necessary for destruction.

Google Cloud has two security testing programs to ensure data center security.

Exiting a data center involves full metal detection for all personnel.

Google Cloud supports compliance with over 40 global standards, regulations, and certifications.

Transcripts

play00:00

[upbeat music]

play00:07

Wong: Hi, I'm Stephanie Wong, and I work for Google Cloud.

play00:10

While I could talk all day about cloud security,

play00:13

physical security at a Google data center

play00:15

is still pretty new to me,

play00:16

so today I'm on a mission to learn all about it

play00:19

by taking an inside look at the systems in place

play00:22

that protect customer data

play00:23

at a typical Google data center. Let's go.

play00:25

[upbeat music]

play00:28

Now, I've been told there are six layers of security here.

play00:31

Security layer one refers to the property boundaries,

play00:34

and that includes signage and fencing.

play00:37

But things really start to get interesting

play00:38

when it comes to layer two, also known as the secure perimeter,

play00:42

and that includes the main entrance gate which I am pulling up to right now.

play00:46

[upbeat music]

play00:49

Hey, how's it going? person: Good morning.

play00:51

[upbeat music]

play00:58

Wong: So layer two has a lot of security features

play01:01

ranging from smart fencing to overlapping cameras

play01:04

to 24/7 guard patrols and more.

play01:07

I'm on my way to meet some experts

play01:09

who are going to show me how it all works.

play01:13

Hi, Joe.

play01:13

Kava: Hi, Stephanie, how are you?

play01:15

Wong: So I just passed the main gate and I saw guards and cameras,

play01:18

but what are some things that I didn't see?

play01:20

Kava: Yeah there's actually a lot of technology

play01:22

and operations going on behind the scene.

play01:24

So from the time that you're on site,

play01:26

we know that you're here,

play01:27

and we're able to do correlation analysis

play01:30

of where you've been.

play01:31

We have guards in vehicles, we have some guards on foot.

play01:34

There's also the vehicle crash barrier.

play01:37

That's designed to stop a fully loaded truck

play01:39

from crashing through the front entrance.

play01:42

Wong: Ricky, Tarik, can you tell me more about what's unique about the fencing?

play01:45

Gordon: This particular fence is an anti-climb fence.

play01:48

It's also equipped with fiber. The technology tells us

play01:52

if someone's near the fence or touches the fence.

play01:55

Billingsley: So we use thermal cameras and standard cameras.

play01:57

So we're able to see video footage at night

play02:00

just as clearly as we can during the day.

play02:03

[light electronic music]

play02:07

Wong: Welcome to layer three, building access.

play02:10

But just so you know, I am still nowhere near

play02:12

the data center floor.

play02:14

That's a few more layers deep. Let's head inside.

play02:17

O'Brien: Stephanie. Wong: Hello.

play02:18

O'Brien: So you've gotten through the gate, you've come in,

play02:20

you've come in to our secure lobby.

play02:21

You have your card, and we know that that's you,

play02:24

but if someone happened to lose their card,

play02:26

what we want to make sure is that it's actually Stephanie

play02:29

who has shown up.

play02:30

scanner: Please center your eye.

play02:32

O'Brien: And with iris scan, we can authenticate

play02:34

that it's actually you along with your ID.

play02:37

Wong: Okay, I think it's good.

play02:41

One thing that's a little hard to get used to

play02:43

when you visit a data center is,

play02:45

for secure areas, only one person

play02:47

is allowed to badge through a door at a time.

play02:51

[light electronic music]

play03:02

Layer four includes the security operations center,

play03:05

or SOC, a hive of activity that is monitoring the data center

play03:09

24/7, 365 days a year.

play03:12

[light electronic music]

play03:14

So it sounds like we've been keeping them very busy today.

play03:17

Davis: Yes, yes you have.

play03:19

So the doors, the cameras, the badge readers,

play03:22

the iris scan-- everything is connected here.

play03:24

This is the brains of the security system.

play03:27

So if there's anything out of the ordinary happening,

play03:30

they have to be able to pick that up.

play03:32

[upbeat music]

play03:40

Wong: Interesting fact about layer five,

play03:41

the data center floor:

play03:43

less than 1% of Googlers ever get to set foot in here.

play03:47

So right now, I'm feeling kinda special.

play03:48

[upbeat music]

play03:58

Kava: This is truly a as-needed only access area,

play04:02

meaning that only the technicians

play04:04

and engineers that have to be there

play04:06

to maintain, upgrade, or repair the equipment

play04:09

are ever allowed there.

play04:12

Wong: And do Googlers or anyone have access to the data?

play04:15

Kava: We have access to the devices, but the data at rest

play04:18

is encrypted, and our customers can issue

play04:21

and keep their own encryption keys,

play04:23

and we do this because protecting the privacy

play04:26

and the security of our users' data is our highest priority.

play04:31

Wong: The mysterious layer six, where disks

play04:34

are erased and destroyed and the fewest number of people

play04:37

are allowed to enter.

play04:39

Drives that need to be retired from the data center floor

play04:41

come into this room through a secure two-way locker system

play04:45

which means that only technicians assigned to this room

play04:48

can pull them from that locker to either erase

play04:50

or destroy them.

play04:52

Henley: All right, welcome to the crusher room.

play04:54

Wong: Wow.

play04:55

Henley: So at this point, we have scanned the hard drive,

play04:57

and the software has told us that we need to destroy it.

play05:00

Wong: Can we see it in action?

play05:01

Henley: Back up. Wong: All right.

play05:02

I'll stay back here. [both laugh]

play05:05

[mechanical whirring]

play05:07

That disk is definitely destroyed.

play05:09

Henley: Yes it is.

play05:11

[upbeat music]

play05:15

Wong: If you didn't think these six layers of security

play05:17

were enough, Google Cloud actually has

play05:20

two security testing programs in place.

play05:22

One hires companies to try to break in

play05:24

to data center sites from the outside,

play05:27

and the other tasks Googlers with trying to break

play05:29

security protocols from the inside.

play05:33

And getting out of a data center is arguably even harder

play05:37

than getting in, as everybody has to go through full metal detection

play05:41

each time they leave the data center floor.

play05:43

[upbeat music]

play05:46

person: Thank you, ma'am, for your cooperation.

play05:47

Wong: Thank you.

play05:49

Google Cloud supports compliance

play05:51

with over 40 global standards, regulations, and certifications,

play05:55

and the commitment to constantly test, optimize, and improve systems

play05:59

makes it a leader in data center security.

play06:02

Now, how do I get out of here?

play06:04

[upbeat music]

Weitere ähnliche Videos ansehen

安全

Security’s on Us|Wix Website Security

GOOGLE DATA-CENTER के अंदर क्या होता है? | What Happens Inside a Google Data Center

What is Access Control?

What are the core principles behind Google data centers?

Google Cloud infrastructure

Rate This

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Ähnliche Tags
Data SecurityGoogle CloudPhysical SecurityInsider TourEncryption KeysSecurity LayersData CenterAccess ControlThreat TestingCompliance Standards
Benötigen Sie eine Zusammenfassung auf Englisch?