Google shares its security secrets

By

Google is offering security professionals a look into its security systems..

Google shares its security secrets
Scott Petry, director of Google's Enterprise and founder of security firm Postini, explained to attendees at the RSA conference how the company handles constant pressure and scrutiny from attackers.

"Google is a very very high-value target," Petry noted.

"If you have bad intentions and want to get a reputation, hacking Google is the best way to get credibility on the streets."

In order to keep its products safe, Google has adopted a philosophy of 'security as a cultural value'. The programme includes mandatory security training for developers, a set of in-house security libraries, and code reviews both by Google developers and outside security researchers.

"The most important thing that our security team does is educate," Petry explained.

"Educating people is the most important thing a security professional can do. "

Petry contended that in an age where both users and companies are increasingly relying on outside services and applications, it is becoming nearly impossible to fully lock-down a company.

"IT is largely fighting yesterday's battle," he said, in reference to the policy of trying to restrict all user access.

"Start saying okay, if these things are going to happen, do an assessment to try and bound the risk."

Petry noted that in addition to educating its employees, the company also implements software 'guard rails', which warn users when potentially risky actions are taken and later logs them for administrators to archive.

For software developers, Petry also suggested taking a 'neighbourhood watch', approach to vulnerability disclosure. For Google, this means sharing more information with researchers and trusting them to do the right thing with their discoveries.

"If you find a vulnerability, we ask that you share it with us. If you share it with us, we will respond to you with a time we will fix that hole," explained Petry.

"If we do so, that is our responsible response, please don't disclose [the vulnerability]."

That philosophy, combined with a policy of crediting all researchers who report flaws, has been very successful for Google, said Petry.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
googleitssecretssecurityshares

Sponsored Whitepapers

What 4 wholesale distribution challenges aren’t going away anytime soon?
What 4 wholesale distribution challenges aren’t going away anytime soon?
State of the SOC: Building Resilience in a Shifting Threat Landscape
State of the SOC: Building Resilience in a Shifting Threat Landscape
Transform IT Service Delivery with Freshworks ITSM
Transform IT Service Delivery with Freshworks ITSM
Digital Transformation That Works in the Real World
Digital Transformation That Works in the Real World
Beyond the Breach: Logicalis Delivers Scalable, Business-Aligned MXDR Security
Beyond the Breach: Logicalis Delivers Scalable, Business-Aligned MXDR Security

Events

Most Read Articles

"Widespread data theft" hits Salesforce customers via third party

"Widespread data theft" hits Salesforce customers via third party
Home Affairs adds SecOps to new cyber risk overhaul

Home Affairs adds SecOps to new cyber risk overhaul
Exetel fined $694k over system 'vulnerability' for mobile number porting

Exetel fined $694k over system 'vulnerability' for mobile number porting
Attackers weaponise Linux file names as malware vectors

Attackers weaponise Linux file names as malware vectors
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?