“Every data incident is unique, and the goal of the data incident response process is to protect customers’ data”
Google Cloud has published new guidance on data incident response and security for its users, noting that while it employs advanced detection tools and alert mechanisms that provide early indication of potential incidents, along data encryption at rest, virtual private clouds and more, it takes two to tango in terms of security.
In the white paper Google continually emphasis the customer’s role in the security process: “While Google secures the underlying cloud infrastructure and services, the customer secures their applications, devices, and systems when building on top of Google’s Cloud infrastructure.”
The company adds: “Customers must properly configure security features to meet their own needs, install software updates, set up networking security zones and firewalls, and ensure that end users secure their account credentials and are not exposing sensitive data to unauthorized parties.”
The paper comes amid a rise in data breaches caused by security researchers finding unsecured public cloud buckets hosting confidential material.
Google define a data incident as a breach of Google’s security that leads to an unlawful or accidental loss, access, alteration or unauthorised disclosure of data controlled by Google.
The security white paper released by Google is part of the company’s efforts to be more transparent with its Google Cloud Platform users. Earlier this week it also launched a tool called the Access Transparency Logs, which allows enterprises to see when and why a Google administrator has accessed a customer’s account.
Joseph Valente Product Manager at Google Cloud commented in a blog that: “These logs provide visibility into access at every layer of the stack—not just when access happens through public APIs or high-level endpoints.”
All this follows an incident last July when Google Cloud nearly deleted a customer account over suspicious activity.
In highlighting the customer’s role, Google lists the security features it has in place for its Google Cloud Platform offering, such as identity access management which allows administrative users to control who has authorisation and can interact with specific resources. Access to accounts is done through a multi-factor authentication process and data is encrypted while being transferred and at rest by default.
Google White Paper
The company gives a breakdown of how a high-level data incident is treated. The process happens in four phases, Identification, coordination, resolution and then continuous improvement.
Identification of an incident occurs through the automated security process which scan for anomalies, these are then reported to the incident response team. From there they try to contain the issues and fix the underlying problem to restore affected systems.