rvlsoft - Fotolia

Google scolds businesses for citing security as a reason not to use cloud

Search giant reckons on-premise data is more likely to be breached than information stored in the cloud

Google has hit out at users that continue to cite security as a major barrier to public cloud adoption, claiming their data will be safer there than on-premise.

The search giant made the claim at its Google Next conference in east London on 23 June, while talking up the business benefits of using its Compute Engine infrastructure-as-a-service (IaaS) offering.

During the event’s opening keynote, Greg DeMichillie, director of product management for Google’s Cloud Platform, said companies are mistaken if they think storing their data on-premise will keep it safe.

“There was a time when security was the reason not to move to the cloud, but with the Home Depot, Target, Sony Pictures and the latest United States government's Office of Personnel Management breaches, quickly customers are realising you are more secure in the cloud with Google than you are by yourself,” he said.

One of the reasons for that is because Google has the scope and scale to invest large sums in security personnel, and far more so than your average enterprise.

“We have more than 500 professional security researchers at Google," said DeMichillie. "These are people doing penetration testing, fuzzing our software with random bad API [application programming interface] calls, and doing in-depth security readings. Very few of you could afford 500 security researchers.”

To emphasise this point, he explained that Google researchers are regularly the first to uncover high-profile security vulnerabilities, such as the Heartbleed OpenSSL fault that came to light in spring 2014.

“It was a pretty bad vulnerability that prompted everybody to massively patch their systems, but what you may not know is that Heartbleed was found by a Google researcher, and that means Google systems were among the first to be patched. Most of them were fully patched before the first full public disclosure was made about the vulnerability,” said DeMichillie.

Google also builds all of the infrastructure that underpins its cloud services, which provides it with an extra layer of protection against hackers, he said.

“We are a full stack creator. If we were an independent server manufacturer, we’d be in the top five list of server manufacturers globally because we build all our own infrastructure,” said DeMichillie.

“We build our own machines, we design our own hardware specifications, our own software specifications, and this minimises the attack surface because you can’t go and buy a Google server, set it up at home and probe it for vulnerabilities.

“All of that is our way of saying, if you thought you couldn’t use a cloud platform because of security, you actually have it backwards. Being on a cloud platform will actually make you more secure,” he concluded

Read more about Google in the cloud

Read more on Cloud storage

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Security isn't only about the technical protection but also about trust.
Can I trust the cloud provider not to release my data to external parties or government agencies.
What this ignores is the risk of being a target in the first place - I have no doubt that Google will have better security resources but it will also be one of the top companies in the world on the target list.....
....and due to scale will presumably have a lot more moving parts to secure and potential areas of weakness than certainly a typical SME would have, almost requiring 500 security people to keep it all secure !
Who protects customers data from Google?
What a load of BS. This was at the Next Conference. I have to believe there was a collective guffaw as DeMichillie made these comments. What a joke.
I agree that "All of that is our way of saying, if you thought you couldn’t use a cloud platform because of security, you actually have it backwards," since you can secure the sensitive data that you own before sending it to the cloud.

The recent Forrester report "Market Overview: Cloud Data Protection Solutions," concluded that "Sensitive data is moving to the cloud, beyond the protection of your perimeter controls" and "You cannot solely rely on the cloud provider’s security."

Gartner recently published a report, “Simplify Operations and Compliance in the Cloud by Protecting Sensitive Data,” concluding that "CIOs and CISOs must also understand the limitations of using encryption or tokenization in the cloud before proceeding," and "Storing and/or processing data in the cloud increases the risks of noncompliance through unapproved access and data breach," and "on-premise appliances" will allow fields or columns to "be encrypted or tokenized, and keys are managed by the appliance."

Ulf Mattsson, CTO Protegrity
Some very interesting points raised below. We're planning to do a follow-up, if any of you would be interested in expanding further on what you've already said about this. Feel free to fire me an email by clicking on the link below my profile picture.

Best wishes,

Caroline Donnelly, CW Datacentre editor
Well another one is if the data is on my property then a warrant is needed by the authorities to see it, as soon as it leaves my property both NSA & GCHQ have a copy, and probably several other non politically neutral intelligence organisations.

If my UK company competes against companies in the US what stops the NSA leaking that data to my competitors ?

And finally we have Googles promise not to read the data we store with them.

Remind me, how does Google make it's money again ?

And those targeted adverts how are they generated ?