Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    The State of Google Security in 2016

    Written by

    Sean Michael Kerner
    Published May 25, 2016
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Google’s corporate mission statement has long included the phrase “Do No Evil,” which refers to Google as a company, but it could easily also be extended to the broader Internet as well. Google is working on multiple fronts to make sure “no evil”—be it a hack or malware attack—goes on against its users and the Internet at large.

      Last week at the Google I/O conference (read Chris Preimesberger’s roundup of I/O 2016 news here), the company made a number of product and services announcements. Integrated with some of those announcements and in stand-alone sessions at the conference was the theme of security.

      The upcoming Android N mobile operating system will be getting a number of important new security capabilities. Among them is a new mediaserver library approach that aims to eliminate the risks of the existing Android media server technology. In July 2015, the first Android Stagefright mediaserver library flaws were announced, and ever since, Google has been updating Android incrementally as new media server flaws are discovered by researchers. In the Google Android May 2016 update alone, Google patched seven mediaserver vulnerabilities.

      A consequence of the Stagefright mediaserver flaws is that in August of 2015, Google moved to a monthly update cycle for Android. It’s a cycle that with Android N will accelerate further thanks to the introduction of automatic patching in a manner similar to how Chromebooks are updated today.

      Stephan Somogyi, product manager of security and privacy at Google, delivered at I/O what he referred to as the “3rd Annual Google Security Update,” providing an overall update on security, with “updating” being a key theme.

      “The charter of Google’s security and privacy engineering team is to protect users and their data,” Somogyi said during his session.

      He emphasized that auto-updates are a best practice for security, and they have been an integrated part of the Chrome browser since 2008. The promise with Android N is to provide the same type of seamless experience for auto-updates.

      Google Puts Encryption to Use

      The widespread use of encryption at Google, for updates and everything else, was also a key theme of Somogyi’s talk. In February, Google began to show Gmail users whether email was received over an insecure connection by way of a small unlocked, red padlock icon, he said. When the icon first started to appear, Somogyi said that approximately 58 percent of all incoming mail to Gmail was making use of Transport Layer Security (TLS) encryption. After 45 days of use, he said there was a measurable improvement in the use of encryption for email. On May 13, Google found that 78 percent of incoming mail to Gmail used TLS.

      The State of Google Security in 2016

      While Google has vast resources of its own to find security vulnerabilities, the company has long embraced the idea of paying security researchers for finding flaws. In 2015 alone, Google paid out $2 million in bug bounties to more than 300 security researchers.

      “Last year we gave out a lot of money to a lot of people for a lot of bugs,” Somogyi said.

      And in 2016, Google is on track to give out even more money, he said. In March, Google increased the top reward it pays out for a Chrome OS vulnerability from $50,000 to $100,000 for the persistent compromise of a Chromebook in guest mode.

      “With great research comes great rewards,” Somogyi said.

      Safe Browsing Protections Extended

      Google also isexpanding and improving the efficacy of its Safe Browsing technology. Safe Browsing warns both desktop and mobile browser users of potentially malicious sites. Somogyi noted that this year, Google is extending even more Safe Browsing protections, for malware and social engineering in Chrome on Android.

      “Safe browsing today protects well over 2 billion devices,” he said.

      In terms of best practices, Somogyi suggests that users don’t reuse passwords across services. This is something Google’s Project Abacus aims to help with. Abacus is an approach for password-less access that was first discussed at Google I/O in 2015. Google plans to roll out Abacus-based log-ins to Android by the end of the year.

      Even before Abacus becomes available, though, Google has other approaches, including the use of two-factor authentication, using the FIDO U2F protocol to help enable stronger authentication than just a simple password.

      While using stronger passwords (or a password replacement technology), safe browsing and paying security researchers to find bugs are all good things, Somogyi said installing updates is one of the best ways to keep users safe.

      Security is a complex challenge with many unknowns, but there are many known bad items, too. While zero-day risks are a concern, good password practices and keeping users updated are likely two of the best tools to help Google achieve its mission of Do No Evil—and the broader mission of not letting evil happen to its users either.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and writer for several leading IT business web sites.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.