Google: Cloud Apps Are MORE Secure, Not Less

When Twitter lost data from Google Docs, the idea of cloud apps took a knock. Google’s Eran Feigenbaum says we’re missing the point – the cloud is more secure than the data centre

This problem goes away in the cloud, he says, “because you have no more servers to patch,” a statement that seems to assume there is no need to patch PCs either. Google will patch servers better than you can, he said: “We built security in from the get-go.” Other companies have troubles because of the variety of their systems, he says, but “all our servers are alike. We can patch all our servers in a very rapid and uniform manner.”

Multiple data centres means the service is more reliable, he said, and Google has zero scheduled downtime.

With attacks becoming more serious and business-like, we’ve entered an age of “hacking as a service,” he says. The sheer scale is beyond smaller companies. “We’re processing about two billion email transactions a day,” he said. “We can block botnet attacks, viruses and spam, in the cloud, before they come to our clients’ networks, because of the sheer volume of traffic that we process.” Google finds and blocks viruses, hours before the anti-virus vendors know about them, he claimed.

Individuals who want to handle spam and malware themselves have to either have a lot of processing cycles spare, ready for big attack spikes, or operate at an efficient level, and then find they don’t have the capacity, he warned: “Going into the cloud, you are in a multi-tenant environment where there is lots of capacity you can trade.”

Changing the mindset

The majority of data centre managers wouldn’t agree with what Feigenbaum says, however. He agrees it’s a paradigm shift, and sees his task as changing their minds, so they accept their data isn’t as secure as they thought, and take it form their data centres and put it with “someone else who has the economy of scale and the expertise to make it secure.”

How easy is this? Well, he likens it to the change more than a hundred years ago, when people stopped keeping money themselves, and put it in the banks, where security is better. It’s not the best analogy at this moment, we pointed out to him.

“Most CISOs today have realised they don’t have as much control as they thought,” he said. “They don’t know what their email admins are doing. They don’t know which of their machines are susceptible to which security vulnerabilities, they don’t know who has access to the centre.” Security is simply too hard in a traditional environment, it seems.

Access to a Google Docs file can be altered and revoked at a later date, and is inherently more secure than sending someone an attachment, he argued. Businesses taking Google Apps pay $50 per user per year for the premium version, with an extra $12 per year, if they want email archiving and compliance support.

About 1.75 million businesses use Google Apps, said Feigenbaum, and around 3000 new ones start each week. But he refused to say how many of those are just trying it out. High profile companies such as the Daily Telegraph and the Guardian have thrown out Microsoft Exchange, but the majority are probably just testing the concept.

Next: Google and authentication