Google: The Limits Of Security

Access to information

Some people don’t trust Google not to access their data, but Feigenbaum assured us: “The data does not belong to Google, it belongs to the customer. We will only hold the data for as long as a customer requests it. If they leave, they should be able to take their data with them.”

“Google practices role-based security, and least-privilege access, said Feigenbaum. “We limit the number of staff who have access, and that’s normally on a customer request.” Customers can have an audit – under the US SAS 70 Type II rules – by an independent auditor, he said.

Google’s data is stored or duplicated in the US, under the Safe Harbor Principles, which are intended to allow Europeans to keep data in US data centres, despite the laxer privacy laws in the US, so companies that are happy with Safe Harbor should be OK with keeping data in Google’s cloud, said Feigenbaum.

He goes further, suggesting that the Safe Harbor principles and laws about moving data are based on old-world thinking from “before the Internet” – but the company still has to stick to the law, he concedes, even if the law doesn’t agree with his assessment of cloud security.

Companies that don’t want their data hosted or backed up in the US can go elsewhere he seems to say – except the problem apparently doesn’t arise: “Most companies are delighted that we are not dependent on a single data centre.”

In March, Google was criticised for not taking seriously enough a flaw in Google Docs that let users view other people’s documents even after their privileges had been removed.

Feigenbaum sees it as a case where Google did well: “It affected 0.05 percent of the users, and we worked with them very fast.”

Page: 1 2

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

Recent Posts

Hong Kong Research Group Trains AI Model With Huawei Chips

Hong Kong-based AI research institute uses Huawei Ascend 910B chips to train latest model, as…

7 hours ago

Investors Shocked As Temu Parent Misses Estimates

Temu and Pinduoduo parent company PDD Holdings misses analysts' estimates as economic slowdown in China…

8 hours ago

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

3 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

3 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

3 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

4 days ago