YetiTech’s Guide to Data Security

in G Suite
Introduction
This guide collates and summarises information about data security in relation to G Suite.
Most of this information can be found first-hand in Google’s security documentation (see
Resources), but is summarised here to help clarify how modern cloud solutions protect and
process customer data.

G Suite was initially launched in 2006 and has been built from the ground up to mitigate the
unique threats to cloud systems. Google's standards for performance and reliability apply to
businesses, schools, universities and government institutions around the world. G Suite is
used by more than five million organizations worldwide, from large banks and retailers with
hundreds of thousands of people to fast-growing startups.

As a cloud pioneer, Google fully understands the security implications of the cloud model.
Google’s cloud services are designed to deliver better security than many traditional
on-premises solutions. Google make security a priority to protect their own operations, and
because Google runs on the same infrastructure that they make available to
customers, customers directly benefit from these protections. Security, and protection of
data is among Google’s primary design criteria. It’s prioritised in the way they handle
customer data.

The technology, scale and agility of Google’s infrastructure brings unique security benefits to
G Suite users. Google’s vast network of data centres are built with custom-designed
servers that run Google’s own operating system for security and performance. Because
Google controls its entire hardware stack, they are able to quickly respond to any threats
that may emerge.

Google employs dedicated security professionals to work on protecting customers’ data,

including some of the world's foremost experts in computer security. Just like all teams at
Google, this team is constantly innovating and making the future more secure, not just for
Google's billion users, but for business organisations as well. Google has an outstanding
track record of protecting user data and it is this unique combination of people, technology
and agility that ensure customer data is secure at Google.

This guide consists of sections about specific information on security areas affecting cloud
data storage, but first covers some of the limitations of traditional on-site data storage.
Limitations of Traditional Data Storage

Theft
Hard drives, USBs, and other on-site storage devices are almost always vulnerable to data
theft. Unless your site is protected by layers of physical security, physical theft of data is a
major risk. On-site backups on external drives or USBs are obvious targets for theft with the
data onboard potentially very valuable and exploitable. State-of-the-art data centres mitigate
the threat of physical data theft.

Known Exploits
Publicly available commercial hardware and software are particularly vulnerable to attack
through known exploits. Attackers can exploit publicly detailed weaknesses in current or old
versions of software to gain remote access to data. It is very important to make sure all
devices on-site are up-to-date with the very latest security releases, else connected devices
may also be vulvernable. There is also the risk that older hardware and software may
become retired and no longer receive vital security updates. Custom server hardware and
software greatly reduces the risk of known exploits.

Natural Disaster
Many people store their backups in the same physical location as their active data; the
assumption being that the backup is there to restore data in case of corruption. However, on-
site data storage and backups are vulnerable to natural disasters, for example fire and flood.
Duplication of data in various physical locations and properly stored backup media provides
a solution for disaster risk. Google’s global network and encrypted data storage implement
exactly this.

Google’s Security Culture

Google employs more than 550 full-time security and privacy professionals, this includes
some of the world’s foremost experts in information, application and network security. This
team is tasked with maintaining Google’s defense systems, developing security review
processes, building security infrastructure and implementing Google’s security policies.
Google’s dedicated security team actively scans for security threats using commercial
and custom tools, penetration tests, quality assurance (QA) measures and software security
reviews.

Within Google, members of the information security team review security plans for all
networks, systems and services. They provide project-specific consulting services to
Google’s product and engineering teams. They monitor for suspicious activity on Google’s
networks, address information security threats, perform routine security evaluations and
audits, and engage outside experts to conduct regular security assessments.
Google Technology with Security at Its Core
G Suite runs on a technology platform that is conceived, designed and built to operate
securely. Google is an innovator in hardware, software, network and system management
technologies.

State-of-the-art data centres

Google’s focus on security and protection of data is among their primary design criteria.
Google data centre physical security features a layered security model, including safeguards
like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter
fencing, metal detectors, and biometrics, and the data centre floor features laser beam
intrusion detection. Their data centres are monitored 24/7 by high-resolution interior
and exterior cameras that can detect and track intruders.

Custom server hardware and software

Google’s data centres house energy-efficient custom, purpose-built servers and network
equipment that they design and manufacture themselves. Unlike much commercially
available hardware, Google servers don’t include unnecessary components such as
video cards, chipsets, or peripheral connectors, which can introduce vulnerabilities.
Google’s production servers run a custom-designed operating system (OS) based on a
stripped-down and hardened version of Linux. Google’s servers and their OS are
designed for the sole purpose of providing Google services. This homogeneous
environment is maintained by proprietary software that continually monitors systems for
binary modifications. If a modification is found that differs from the standard Google image,
the system is automatically returned to its official state. These automated, self-healing
mechanisms are designed to enable Google to monitor and remediate destabilising events,
receive notifications about incidents, and slow down potential compromise on the network.

Hardware tracking and disposal

Google meticulously tracks the location and status of all equipment within their data centres
from acquisition to installation to retirement to destruction, via bar codes and asset tags.
Metal detectors and video surveillance are implemented to help make sure no equipment
leaves the data centre floor without authorization. If a component fails to pass a performance
test at any point during its lifecycle, it is removed from inventory and retired. When a hard
drive is retired, authorized individuals verify that the disk is erased by writing zeros to the
drive and performing a multiple-step verification process to ensure the drive contains no
data. If the drive cannot be erased for any reason, it is stored securely until it can be
physically destroyed. Physical destruction of disks is a multistage process beginning with a
crusher that deforms the drive, followed by a shredder that breaks the drive into small
pieces, which are then recycled at a secure facility.
A global network with unique security benefits
Google’s IP data network consists of their own fiber, public fiber, and undersea cables. This
allows Google to deliver highly available and low latency services across the globe.

In other cloud services and on-premises solutions, customer data must make several
journeys between devices, known as “hops,” across the public Internet. The number of hops
depends on the distance between the customer’s ISP and the solution’s data centre. Each
additional hop introduces a new opportunity for data to be attacked or intercepted. Because
it’s linked to most ISPs in the world, Google’s global network improves the security of
data in transit by limiting hops across the public Internet. Defense in depth describes
the multiple layers of defense that protect Google’s network from external attacks. Only
authorized services and protocols that meet our security requirements are allowed to
traverse it; anything else is automatically dropped. Industry-standard firewalls and access
control lists (ACLs) are used to enforce network segregation. All traffic is routed through
custom GFE (Google Front End) servers to detect and stop malicious requests and
Distributed Denial of Service (DDoS) attacks. Additionally, GFE servers are only allowed to
communicate with a controlled list of servers internally; this “default deny” configuration
prevents GFE servers from accessing unintended resources. Logs are routinely examined
to reveal any exploitation of programming errors. Access to networked devices is restricted
to authorized personnel.

Encrypting data in transit, at rest and backup media

G Suite customers’ data is encrypted when it’s on a disk, stored on backup media, moving
over the Internet, or traveling between data centres. Providing cryptographic solutions that
address customers’ data security concerns is Google’s commitment. Encryption is an
important piece of the G Suite security strategy, helping to protect your emails, chats,
Google Drive files, and other data.

How Google Approaches Encryption

Encryption works by replacing data with unreadable code known as ciphertext. To decrypt
the ciphertext back into its original form, you need to employ the key used in the encryption
algorithm.

Encryption is an important piece of the G Suite security strategy, helping to protect emails,
chats, Google Drive files and other data. First, Google encrypts data while it is stored “at
rest” — stored on a disk (including solid-state drives) or backup media. Even if an attacker or
someone with physical access obtains the storage equipment containing your data, they
won’t be able to read it because they don’t have the necessary encryption keys.
Second, Google encrypt all data while it is “in transit” — traveling over the Internet and
across the Google network between data centres. Should an attacker intercept such
transmissions, they will only be able to capture encrypted data.
Encryption of Data Stored at Rest
Data belonging to G Suite customers is stored at rest in two types of systems: disks and
backup media. Disks are used to write new data as well as store and retrieve data in
multiple replicated copies. Google also stores data on offline backup media to help
ensure recovery from any catastrophic error or natural disaster at a data centre. Data
stored at rest is encrypted on both disks and backup media.

Key management and the decryption process

Managing keys safely and reliably, while allowing access to the keys only to authorized
services and individuals, is central to encrypted data security. Google has built a robust
proprietary service for the distribution, generation, rotation and management of
cryptographic keys using industry standard cryptographic algorithms that are in alignment
with stronger industry practices.

Data Usage
G Suite customers own their data, not Google. The data that customers put into Google
systems is theirs, and they do not scan it for advertisements nor sell it to third parties.
Furthermore, if customers delete their data, Google commit to deleting it from their systems
within 180 days.

Data Access and Restrictions

To keep data private and secure, Google logically isolates each customer’s G Suite data
from that of other customers and users, even when it’s stored on the same physical server.
Within customer organizations, administrative roles and privileges for G Suite are configured
and controlled by the customer. This means that individual team members can manage
certain services or perform specific administrative functions without gaining access to all
settings and data.

Empowering Users and Administrators to Improve

Security and Compliance
Google builds security into its structure, technology, operations and approach to customer
data. Google’s robust security infrastructure and systems become the default for each and
every G Suite customer. But beyond these levels, users are actively empowered to
enhance and customize their individual security settings. G Suite also offers
administrators full control to configure infrastructure, applications and system integrations.
Administrators have many powerful tools at their disposal, such as authentication features
like 2-step verification and physical security keys, and email security policies like secure
transport (TLS) enforcement, which can be configured by organizations to meet security and
system integration requirements.
2-step verification
2-step verification adds an extra layer of security to G Suite accounts by requiring users to
enter a verification code in addition to their username and password when they sign in. This
can greatly reduce the risk of unauthorized access if a user’s password is compromised.
Verification codes are delivered on a one-time basis to a user’s Android, BlackBerry, iPhone,
or other mobile phone.

Security Key
Security Key is an enhancement for 2-step verification. Google, working with the FIDO
Alliance standards organization, developed the Security Key — an actual physical key used
to access your Google Account. It sends an encrypted signature rather than a code, and
helps ensure that your login cannot be phished. IT admins can see where and when
employees last used their keys with usage tracking and reports. If Security Keys are lost,
admins can easily revoke access to those keys and provide backup codes so employees
can still sign-in and get work done.

Data management features

Information Rights Management (IRM)

With Information Rights Management (“IRM”) you can disable downloading, printing and
copying from the advanced sharing menu — perfect for when the file you’re sharing is only
meant for a few select people. This new option is available for any file stored in Google
Drive.

Driver audit log

The Driver Audit Log lists every time your domain’s users view, create, update, delete, or
share Drive content. This includes content you create in Google Docs, Sheets, Slides and
other G Suite products, as well as content created elsewhere that you upload to Drive, such
as PDFs and Word files.

Drive content compliance / alerting

G Suite has an additional feature that allows Administrators to keep track of when specific
actions are taken in Drive and can set up custom Drive alerts. So if you want to know when a
file containing the word “confidential” in the title is shared outside the company, now you’ll
know. And there are more events coming to Drive audit, including download, print and
preview alerts.

Independent Third-Party Certifications

Google undergoes several independent third-party audits on a regular basis. For each one,
an independent auditor examines their data centres, infrastructure, and operations. Regular
audits are conducted to certify our compliance with the auditing standards ISO 27001, ISO
27017, ISO 27018, SOC 2 and SOC 3, as well as with the US Federal Risk and
authorization Management Program (FedRAMP).

These certifications confirm that G Suite meets the absolute best in security and
compliance.

ISO 27001
ISO 27001 is one of the most widely recognized and accepted independent security
standards. Google has earned it for the systems, technology, processes, and data centres
that run G Suite.

Google’s compliance with the international standard was certified by Ernst & Young
CertifyPoint, an ISO certification body accredited by the Dutch Accreditation Council (a
member of the International Accreditation Forum, or IAF).

ISO 27017
ISO 27017 is an international standard of practice for information security controls based
on ISO 27002 specifically for cloud services.

Google’s compliance with the international standard was certified by Ernst & Young
CertifyPoint, an ISO certification body accredited by the Dutch Accreditation Council (a
member of the International Accreditation Forum, or IAF).

ISO 27018
ISO 27018 is an international standard of practice for protection of personally identifiable
information (PII) in public clouds services.

Google’s compliance with the international standard was certified by Ernst & Young
CertifyPoint, an ISO certification body accredited by the Dutch Accreditation Council (a
member of the International Accreditation Forum, or IAF)

SOC 2/3
In 2014, the American Institute of Certified Public Accountants (AICPA) Assurance Services
Executive Committee (ASEC) released the revised version of the Trust Services Principles
and Criteria (TSP). SOC (Service Organization Controls) is an audit framework for non-
privacy principles that include security, availability, processing integrity, and
confidentiality. Google has both SOC 2 and SOC 3 reports.

FedRAMP
The Federal Risk and Authorization Management Program, or FedRAMP, is a government-
wide program that provides a standardized approach to security assessment,
authorization, and continuous monitoring for cloud products and services. This
approach uses a “do once, use many times” framework that is intended to expedite U.S.
government agency security assessments and help agencies move to secure cloud
solutions. Google maintains a FedRAMP Authorization to Operate (ATO) for G Suite.

Conclusion
The protection of user data is a primary design consideration for all of Google’s
infrastructure, applications and personnel operations. Protection of user data is far from
being an afterthought or the focus of occasional initiatives, it’s an integral part of what
Google do. Google can offer a level of protection that very few can match. Because
protecting your data is part of Google’s core business, Google can develop security
innovations such as 2-step authentication and stronger encryption methods. Google are able
to make extensive investments in security, resources and expertise at a scale that few can
afford. Google’s scale of operations and collaboration with the security research community
enable Google to address vulnerabilities quickly or prevent them entirely. Google’s security
and operational procedures are verified by independent third-party auditors.

Data protection is more than just security, Google offers strong contractual commitments in
their Data Processing Amendment to make sure their customers maintain control over the
data and how it is processed, including the assurance that your data in the G Suite Core
Services is used for the purposes specified in your agreement, and not used for advertising.

For these reasons and more over 5 million organizations across the globe, including 64
percent of the Fortune 500, trust Google with their most valuable asset: their information.

Resources
1. Google’s official G Suite security FAQ
2. G Suite Security Whitepaper.
3. G Suite Encryption Whitepaper