Google Offers Rare Glimpse at Its Data Center Security Measures
Laser beam intrusion detection systems, iris scanners and customized access cards are just some of the controls that Google uses to protect its data centers.
A laser beam intrusion detection system, customized electronic access cards and biometric iris scans are just some of the multilevel security measures that Google has implemented to control access to its data centers. Other measures include dual authentication systems, vehicle-access barriers, high-resolution cameras, metal detectors, perimeter fencing and so-called circle-lock portals to prevent tailgaters from entering protected areas by following too closely behind someone with a valid access card. Access to the actual data center floors itself is often only possible through a security corridor featuring multifactor authentication systems. Less than 1 percent of Google's more than 60,000 employees are authorized to set foot in any of the company's data centers. The measures are designed to ensure only that online data center personnel have access to it and no one else, Google's Vice President of Data Center Operations Joe Kava said in a blog post that offered a rare glimpse at Google's elaborate data center security measures. In addition to the physical security measures, Google also employs what Kava described as a "strict end-to-end chain of custody" for data storage. From the time a hard disk goes into a machine until the time all data on it is completely expunged or the disk itself is destroyed, everything that happens to data on it is tracked and monitored, he said.
To minimize vulnerabilities, Google ensures that its data center servers do not include any unnecessary features or components such as peripheral connectors, video cards and chipsets. For the same reason, too, all of the production servers at Google run a stripped-down and hardened version of Linux and server resources are all dynamically allocated with minimal human interaction.