Categories: CloudDatacentre

How To Break Into A Google Data Centre

In the age of cyber warfare, it’s easy to forget shutting down your enemies electronically can simply involve walking into a data centre and pulling the plug.

But, as the threat of hacking rises, most companies that own and operate data centres, including Google, aren’t forgetting the need for physical security also.

Last week at Google’s NEXT cloud conference, Google gave us a glimpse at the physical security it operates for its own giant data centres. This is what an attacker would be up against if they wanted access to the juicy Google Cloud Platform infrastructure hidden inside:

Patrols

First up, security guards. Google said that its data centres are routinely patrolled by experiences security guards who undergo extensive background checks and training. You can even see a couple of them in this 360-degree data centre tour. These patrols guard the data centre’s perimeter fencing, and vehicle entry points are blocked by vehicle barriers. Of course, there’s also 24/7 high-definition CCTV monitoring.

Biometrics

But if you manage to evade the patrols, getting inside is the next problem. The closer you get to the servers, the higher the security increases. Joe Kava, VP of data centre operations and Niels Provos, distinguished engineer for security and privacy, said that access to the data centre floor is only possible via a security corridor that uses multi-factor access using security badges and biometrics (that could be eye scanners or fingerprint readers).

“Only approved employees with specific roles may enter. Less than one percent of Google employees will ever set foot in one of our data centres,” said Kava and Provos.

The electronic access cards an employee needs are custom-designed, making them near impossible to fake, said Google.

Lasers

Next, if you’re clever enough to work past these safeguards, is the plethora of alarms and security systems designed to stop even the most determined of infiltrators.

The data centre floor in a Google data centre features laser beam intrusion detection. It would take the skill of a professional movie star to navigate the maze of invisible laser beams as to not set off the alarms.

Even the data going inside of a Google data centre is subject to rigorous security checks, just in case an attacker wanted a little electronic help from the inside.

“We employ a very strict end-to-end chain of custody for storage, tracking everything from cradle to grave, from the first time a HD goes into a machine until it’s verified clean/erased or destroyed,” said Kava and Provos.

“Information security and physical security go hand-in-hand. Data is most vulnerable to unauthorized access as it travels across the Internet or within networks. For this reason, securing data in transit is a high priority for Google. Data traveling between a customer’s device and Google is encrypted using HTTPS/TLS (Transport Layer Security).”

Kavos said that most of this is possible because Google runs its own data centres, rather than getting a third-party or building contractor to look after the facility.

“The norm in the industry is for the design and building contractor to drop off a set of owners manuals and drawings along with the keys to the front door and wish the operator of the data center good luck!,” said Kavos.

“All too often these operations teams aren’t employed by the owner, but rather an outsourced low-bidder. This is not the case at Google.”

Main image © Google, Mayes County, Oklahoma

Take our data centre quiz here!

Ben Sullivan

Ben covers web and technology giants such as Google, Amazon, and Microsoft and their impact on the cloud computing industry, whilst also writing about data centre players and their increasing importance in Europe. He also covers future technologies such as drones, aerospace, science, and the effect of technology on the environment.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago