Google lifts the lid on its data centre security, revealing laser beam security and biometric verification for employees
In the age of cyber warfare, it’s easy to forget shutting down your enemies electronically can simply involve walking into a data centre and pulling the plug.
But, as the threat of hacking rises, most companies that own and operate data centres, including Google, aren’t forgetting the need for physical security also.
Last week at Google’s NEXT cloud conference, Google gave us a glimpse at the physical security it operates for its own giant data centres. This is what an attacker would be up against if they wanted access to the juicy Google Cloud Platform infrastructure hidden inside:
First up, security guards. Google said that its data centres are routinely patrolled by experiences security guards who undergo extensive background checks and training. You can even see a couple of them in this 360-degree data centre tour. These patrols guard the data centre’s perimeter fencing, and vehicle entry points are blocked by vehicle barriers. Of course, there’s also 24/7 high-definition CCTV monitoring.
But if you manage to evade the patrols, getting inside is the next problem. The closer you get to the servers, the higher the security increases. Joe Kava, VP of data centre operations and Niels Provos, distinguished engineer for security and privacy, said that access to the data centre floor is only possible via a security corridor that uses multi-factor access using security badges and biometrics (that could be eye scanners or fingerprint readers).
“Only approved employees with specific roles may enter. Less than one percent of Google employees will ever set foot in one of our data centres,” said Kava and Provos.
The electronic access cards an employee needs are custom-designed, making them near impossible to fake, said Google.
Next, if you’re clever enough to work past these safeguards, is the plethora of alarms and security systems designed to stop even the most determined of infiltrators.
The data centre floor in a Google data centre features laser beam intrusion detection. It would take the skill of a professional movie star to navigate the maze of invisible laser beams as to not set off the alarms.
Even the data going inside of a Google data centre is subject to rigorous security checks, just in case an attacker wanted a little electronic help from the inside.
“We employ a very strict end-to-end chain of custody for storage, tracking everything from cradle to grave, from the first time a HD goes into a machine until it’s verified clean/erased or destroyed,” said Kava and Provos.
“Information security and physical security go hand-in-hand. Data is most vulnerable to unauthorized access as it travels across the Internet or within networks. For this reason, securing data in transit is a high priority for Google. Data traveling between a customer’s device and Google is encrypted using HTTPS/TLS (Transport Layer Security).”
Kavos said that most of this is possible because Google runs its own data centres, rather than getting a third-party or building contractor to look after the facility.
“The norm in the industry is for the design and building contractor to drop off a set of owners manuals and drawings along with the keys to the front door and wish the operator of the data center good luck!,” said Kavos.
“All too often these operations teams aren’t employed by the owner, but rather an outsourced low-bidder. This is not the case at Google.”
Main image © Google, Mayes County, Oklahoma