Taken over by aliens? Don't worry; Google has it covered
- 22 August, 2011 16:41
Google Enterprise director of security, Eran Feigenbaum
Imagine what would happen if all the Google engineers turned rogue and held the world’s Gmail accounts to ransom. Or if aliens attacked earth and wiped California off the map.
It sounds more like something from a Hollywood movie script than real life, but that’s the nature of disaster recovery — you rarely see it coming.
It may come as a surprise, however, to learn that the folks at Google Enterprise have considered just these scenarios.
“We play a lot of games here,” admits Google Enterprise director of security, Eran Feigenbaum. “Part of our disaster recovery plan is to assume the worst has happened. In last year’s scenario, Google was attacked by aliens and California was off the map. We asked: What do we do? How do we run our infrastructure?”
Read the full interview
Feigenbaum holds some serious security credentials; before joining Google in 2007, he held the post of US chief information security officer (CISO) for PricewaterhouseCoopers. He also spent several years designing and implementing cryptosystems for electronic commerce solutions for Fortune 1000 clients and government agencies.
But the links to Hollywood run deeper than war gaming and role play. When he is not defining and implementing the security strategy for Google's enterprise product suite, you are likely to find him practising the more arcane pursuits of magic and mentalism.
Indeed, you may know him better as Eran Raven, the contestant from NBC television show, Phenomenon.
“On a personal basis, I think the mentalism and profiling makes you curious,” he says. “It makes you want to attack problems, break them down and not accept the status quo. As a good security professional, I take those same types of skills. That’s really the way we do things a Google; let’s not accept things just because that’s the way it has been done in past. Let’s really attack it, break it down and ask: How can we do this better and change the way computing is done.”
It’s one of the reasons Google operates its own infrastructure, and custom-builds firewalls at the front end. But Feigenbaum maintains the real measure of a good security organisation is not just about security itself, but about how it reacts to an incident. For its part, Google employs more than 250 dedicated security professionals, as well as internal audit and compliance teams, physical security teams and those within the product teams.
“People don’t like to talk about it — we never want to think about getting into a car accident,” he says. “But the reality is security incidents happen for various reasons. It’s about how you react to that. Having a 24/7 security team is part of that and having our major security operations in California and Zurich so we can work through time zones.
"When there is a security incident, we assign an incident coordinator whose job is to triage that incident. And I think a big misnomer about this is if there is a security incident that affects customer data, we believe and contractually commit that it is our responsibility to notify those customers. There’s an idea that if something happens to your data, you won’t know. For sure – we will tell you.”
He says for all the hand wringing about Cloud security, it’s important to maintain perspective, even though he admits it is no panacea.
“We make headlines because we are Google,” he says. “But the reality is worse stuff is happening in the traditional environment every day.
“Is Cloud computing perfect security? No. It’s not. I’ll be the first one to say that. I was in an intelligence community where we proved we could find out information about a computer that was not connected to a network and was in a secure room, using various technologies. But I think Cloud computing is as secure, if not more secure, than what most organisations are doing today.”
Follow CIO Australia on Twitter: @CIO_Australia
Follow Georgina Swan on Twitter: @swandives
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
CIOs need to get their house in order, CFO panel says
Is Data Complexity Blinding Your IT Decision-Making?
Why IT projects really fail
CIOs say cost, complexity impede true mobile gains in enterprise
The enlightened CIO’s guide to running projects
Meeting Business Data Protection
When it comes to data back-up and recovery, the rules have changed. Virtualization has enabled IT organisations to become more efficient, but also more complex. This whitepaper addresses these new realities, and provides a comprehensive solution for virtual and physical environments, backup of applications and data, disaster recovery and replication of complete systems or applications, and for ensuring high availability of mission-critical services.
Data Centre Physical Infrastructure: Optimising Business Value
To stay competitive in today’s rapidly changing business world, companies must update the way they view the value of their investment in data centre physical infrastructure (DCPI). This whitepaper discusses how companies can succeed in a changing global market. Read now.
Case Study: The True Value of Conference Calling
In a study by the University of Bradford study, we look at the benefits of a strong telepresence and how organisations can become faster, more focused and environmentally responsible. Click to download!