Google Apps security director on data security within the cloud

Google Apps security director Eran Feigenbaum discusses data security in the cloud in this exclusive RSA Conference 2011 interview.

Read the full text transcript from this video below. Please note the full transcript is for reference only and may include limited inaccuracies. To suggest a transcript correction, contact [email protected].  

Google Apps security director on data security within the cloud

Marcia Savage: This is Marcia Savage, with
We are here today with Eran Feigenbaum; he is the Director of Security
at Google Apps. Thank you for joining us today, Eran Feigenbaum.

Eran Feigenbaum: Thank you for having me.

Marcia Savage: I was wondering if you could start by providing some
insight into what Google does to ensure data security for its customers.

Eran Feigenbaum: Security and privacy of our customers' data is
paramount for our success, as it should be for any cloud provider.
When we look at security and privacy of our customers' data, we
really look at people, process, and technology. From a people
perspective, I think Google is unique in a sense that we have
probably, one of the world's largest security groups. We have
over 200 people in our security group protecting our customers'
data, some of the world's experts and information security,
people that have issued innovative thought leadership around
drive-by malware, about web security, etc., that is one aspect.
The other is the process. We are unique in a sense that we
were created for the internet, by the internet in a different era,
so we are able to bake in a lot of security into our processes
and have things automated from the way we develop code to
the way we react to incidents. We process several billion e-mails
every day, and with that comes a tremendous amount of knowledge,
knowledge of how to protect users from new types of attack, for

From a technology perspective, according to Gartner,
Google is the fourth largest server manufacturer in the world,
which is unique. If you think about it, we do not sell servers, we
sell a service and building your own server allows you to do some
unique security and ovations, things like hardening a machine.
We all talk in the security industry about hardening servers,
but what that usually means is turning off services, process,
and protocol that you are not using, but if you truly built your
own machines, you can harden it also, from a physical aspect,
in the sense that you do not have the components on those
servers that you do not run. You don't have things like video
cards or serial ports, etc., which lower the attack surface.

One of the first things that are very unique about Google is
the way we store our customers' data. I will use mail as an
example, but this is true for all the products in the Google
Apps Suite. If you look at a typical mail environment, a
traditional on- premise mail solution, all of my mail would be
sitting on a single mail server, and probably, if we work in the
same organization, your mail would be sitting on that same
mail server, so would Alice's and so would Bob's, going on
with the RSA theme. If I compromise that single mail server,
I got all of my mail, all of your mail, all of Alice's, and Bob's.
We have taken a very different approach, we have taken all
of my mail and we have chunked it up into small pieces and
we spread those pieces across our environment, we do the
same with yours, Alice's, and Bob's, now they are probably
not going to be sitting on that same server, Alice's may not
be with Bob's. That is one of the benefits of multi-tenancy;
we spread our enterprise customers, our consumers, and
even Google's own.

In the typical on-premise solution, it would also be very easy
to find which mail file belonged to what user. It would be
something like Eranmail.db, you would say, 'That is Eran's
mail file.' We have given those little chunks that we have
chunked up and spread across the environment, a random
filename, now it is not associated back with a specific user.
On top of that, we have stored it in officescade manner,
most enterprises store mail on the server, in the clear;
we have done some encoding to it so it is not humanly
readable. It turns out that this does not only do wonderful
things for security, but it also does great things for
availability, because each one of those chunks we store
multiple times within a single data center and multiple times
within a secondary data center. If one server goes down,
we have another, it is not a backup, and it is a real live
replicated copy of that data in that same data center.
Even if an entire data center goes down, we have another
data center that is live, real time running. This allows us to
have zero scheduled downtime; in fact, we announced that
Gmail achieved 99.984% uptime in 2010, that is less than
7 minutes of downtime per month, that is pretty remarkable.
This manner of storing information has security benefits, as
well as availability benefits.

From an authentication perspective, still one of the largest
manners that data is compromised on the internet,
unfortunately, is still passwords. People choose bad
passwords, reuse passwords, or write their passwords down.
Passwords are easy to guess, snoop, etc. Because of that,
we just announced and released last week, for all of our
customers, both our free and paying Enterprise customers,
as well as consumers is our Two- Step Verification, as it is
called. It is a one-time password token that uses a number
that is generated on your cell phone. Now I need your user
name, your password, and this one time number generated,
that changes every minute. If somebody just guesses your
password, they guessed it because they guessed your dog's
name, that would not be enough to break into your account
because we also need the number that is actually displayed
on your phone. This is a great example of how the cloud
allows you new innovations. By releasing this, customers
incurred no additional cost, there was no down time with it,
and no additional software to install on their browsers for this.

Marcia Savage: Have a lot of your enterprise customers
taken advantage of that authentication?

Eran Feigenbaum: I think it is a lot more popular in the
small and medium businesses. The large enterprise customers
already have their own single sign-on solutions and two-factor,
whether it is RSA or certificates, or biometrics, that we support
through Samal, but I think this really makes a lot of sense for
small and medium businesses that cannot afford that solution or
just do not have the overhead. One-time passwords are not new,
but what is new is making this technology available at no cost to
hundreds of millions of users.

Marcia Savage: Can you elaborate a little more on what you
do, in terms of data security?

Eran Feigenbaum: The biggest issue that cloud providers have
in this generation of moving to the cloud is providing customers
transparency and providing customers enough information to make
informed risk decisions about where they are sending their data.
Part of that is not just us doing a great job in securing it, which I
think we do, but also making sure that customers understand
what we are doing to secure their data. That comes, really, in two
forms, one in us being transparent about what we do and things
like our security whitepaper, where we disclose, in fair amount
of detail, all the backend process from the different ISO 27.01
disciplines, from a physical security, policy security, access
control, etc., how we are securing that. That is all us talking
about it.

The next level is having an independent assessor take a look at it.
So far, what Cloud providers seem to be using the most is the SaaS
70. SaaS 70, while it is not truly a certification, it is an audit and it
does let an independent third party come in on a regular basis,
take a look at all the confidentiality, integrity, and availability
controls that we say that we have and let them test and confirm
that those are in place and operating effectively. We provide those
reports to our customers. I think customers, once they get the
understanding of what we are doing, and then getting a third party
validator of that, is a real step forward to providing that security
for our customers.

Marcia Savage: Sometimes the Enterprise customers say they
want to be able to evaluate themselves, the service provider.
Do you ever allow that?

Eran Feigenbaum: It is tough, because we have over 3,000
customers signing up every day, if you just took 1% of those,
just a small fraction wanting to come and do an audit that
would be 30 audits every day. That is hard to control, hard to
scale, and probably does have negative consequences for
your security, because know you are exposing a lot of details
to what may be a customer today may be an attacker in the
future. We cannot provide that ability to audit, but we can
provide the results of the audit reports, of the SaaS 70, also
our FISMA certification. We are the first major messaging
uncolaboration vendor to receive a FISMA Moderate Certification
from the Federal Government, which is a very detailed set of
controls based on NIST 853. One, just by saying that we have
that, a customer can get a good idea what controls we had to
meet because the NIST 853 controls are public. Two, coming
to us, reviewing that documentation, and seeing how we meet
those controls.

Marcia Savage: Thank you for joining us today,
Eran Feigenbaum.

Eran Feigenbaum: Thank you for having me.

Marcia Savage: For more information on this topic and others,
please visit

View All Videos