Four Questions On Google App Security

Two members of Google's application security team explain why the future belongs in the computing cloud -- and how Google Apps is dealing with the constant barrage of security threats

Need proof that the computing world is dominated by applications engineered by search giant Google? Just stare into your laptop.

The Web-wandering public has increasingly forsaken Microsoft Outlook and Lotus Notes in favor of Gmail as their e-mail program of choice. Companies that sell software to measure website performance have a tough competitor in Google Analytics. And the list goes on.

Naturally, this makes the Google universe a tempting target for those who would exploit application security holes to infect computers with malware, steal credit card and Social Security numbers and make off with a company's intellectual property.

In this Q&A, Eran Feigenbaum, senior security manager for Google Apps, and Adam Swidler, product marketing manager for Google Apps, explain the steps Google has taken to defend their users against online evil and how, as a result, the company has become a serious contender in the security industry.

There's been some debate over whether it's truly possible to have secure cloud computing. What's the Google argument in favor of it?

The reason we're doing cloud computing and we think it works is -- first of all, we see tremendous security issues with the traditional client-side server: misconfiguration, missing patches, having things turned on you didn't know you had turned on, and so on. Then there's the complexity of running multiple versions of different applications on the network. It all becomes very difficult to secure. Before joining Google in 2007, I lived that problem at my last job as CSO in a financial services organization.

Talk about what Google has done to learn from those problems.

With cloud computing and specifically Google apps, we've been able to learn from those lessons and design a relatively newer infrastructure that doesn't have those problems. For example, our millions and millions of servers all look identical. We manage all the physical and virtual components, the hardware, the operating system, and since everything is identical, it's easier to manage the technology. When you need to make a change it's much easier to do when everything is more uniform.

Chris Hoff (chief security architect for the systems and technology division at Unisys and an advisor on the Skybox Security customer advisory board) is one of the more vocal skeptics of cloud computing and virtualization security in general. He believes there's too little understanding of the technology to secure it properly.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Bill Brenner

Latest Videos

More videos

Blog Posts