Google has made it official that all its cloud services used for its business operations are enriched with specially designed customized security chips that are deployed at the server and peripheral levels. Google says that these hardware security chips help in identifying and authenticating legitimate Google Devices at the hardware level.
Furthermore, Google also backs this hardware with a cryptographic security signature employed at components involved at the low level. This includes the BIOS, Bootloader, Kernel, and Base Operating System image.
So, every single boot and update are being validated by these security signatures in server environments of Google which helps in building trust among its users.
As per the Infrastructure Security Design Overview document released by the Alphabet’s subsidiary the components are all Google Controlled, built and hardened. So, with every new generation server design, the internet juggernaut weaves a trust of the boot chain in either a micro-controller running on Google written algorithm or at a lockable firmware chip.
Now, the company has disseminated all these functions into its specially designed security chips which are being operated on Google servers hosted in third-party data centers. Hence, it adds an extra physical security layer to Google’s fleet of operations as the services related data gets encrypted before it is written to a disk, making it harder for malicious disk firmware to access data.
Google has specified in its security document that all its storage media which includes Hard Drives, SSDs and Blu-Ray are encrypted with hardware technology. So, each drive remains highly secure through its life cycle.
And after decommissioning the encrypted storage devices, Google security operations staff clean the drives on an individual note with a multi-step process that includes two independent verifications.
Devices which do not pass through the wiping procedure are destroyed on a physical note with the process of shredding.
The web giant has mentioned in the document that it also scans employee devices to ensure that the operating system images for client devices are up-to-date with security patches. Therefore, all systems are scanned for user installed apps, downloads, browser extensions and content browsed from the web to secure the services for the corporate clients.
There’s also a lot more in the document which says that the public cloud of Google runs virtual machines in customized version of the KVM Hypervisor.
Finally, Google wants to say to the world that its cloud relies on the same security services as the rest of its offerings.
