La nostra priorità è garantire la massima sicurezza e riservatezza dei vostri dati. Ecco perché abbiamo scelto di diventare Google Cloud Partner ed utilizzare la best in class infrascture Google per i vostri servizi.
La sicurezza del dato è fra le considerazioni primarie nel design dell’infrastruttura, dei prodotti e delle operazioni del personale.
Il design delle policy di sicurezza Google avviene a stretto contatto con le istituzioni di ricerca scientifica che permettono a Google di scoprire velocemente eventuali vulnerabilità e bloccarle prima che diventino di dominio pubblico.
La sicurezza dell’infrastruttura Google Cloud viene raggiunta tramite l’impiego di una architettura a 6 layer (Google Infrastructure Security Layers) sempre applicata per tutti i servizi Enterprise e Consumer, sia per Google Workspace che per Google Cloud Platform.
Portale della sicurezza: https://cloud.google.com/security?hl=it
Infrastruttura: https://cloud.google.com/security/infrastructure?hl=it
Google Infrastructure Security Design Overview: https://cloud.google.com/security/infrastructure/design
Google Security Whitepaper: https://cloud.google.com/security/overview/whitepaper?hl=it
Località e disponibilità: https://cloud.google.com/about/locations?hl=it#network-tab
Privacy: https://cloud.google.com/security/privacy?hl=it
Data security governance: https://cloud.google.com/data-security-governance?hl=IT#tab2
COMPLIANCE
Il passaggio al cloud presuppone la protezione dei carichi di lavoro sensibili, nonché il raggiungimento e il mantenimento della conformità con linee guida, requisiti e quadri normativi di natura complessa. A supporto delle tue esigenze di conformità, SocialCities e Google Cloud ti offrono la sicurezza leader di settore, audit e certificazioni di terze parti, documentazione e impegni giuridici.
Compliance portal: https://cloud.google.com/security/compliance?hl=it
Compliance reports manager: https://cloud.google.com/security/compliance/compliance-reports-manager?hl=it
INFRASTRUCTURE LAYERS
Security of Physical Premises
Google uses multiple physical security layers to protect data center floors and use technologies like biometric identification, metal detection, cameras, vehicle barriers, and laser-based intrusion detection systems.
Hardware Design and Provenance
A data center for Google consists of many server machines connected to a local network. Google custom-designs the server boards and the networking equipment.
Secure Boot Stack and Machine Identity
Google server machines use various technologies like BIOS, bootloader, kernel, and base operating system image to ensure the correct software stack booting.
Service Identity, Integrity, and Isolation
For inter-service communication, google uses cryptographic authentication and authorization at the application layer. This provides robust and abstraction-level access control and granularity that administrators and services naturally understand.
Inter-Service Access Management
The owner of a service can use the infrastructure’s access management features to specify precisely which other services can communicate with it. And the Inter-Service Communication is Encrypted.
Encryption at Rest
Google’s infrastructure provides a wide range of storage services, including Bigtable and Spanner, as well as an essential management service.
Deletion of Data
Deleting Google data most often starts with marking specific data as “deletion scheduled” rather than deleting the data.
Secure Internet Communication
Google isolates infrastructure from the Internet into a private IP space. Additional security such as the denial of service defenses (DoS) threats can be enforced more effectively by directly exposing a subset of machines specifically to external internet traffic.
Google Front End Service
If a service intends to be made available on the Internet, it can register itself with the Google Front End (GFE) infrastructure service.
Denial of Service (DoS) Protection
Google’s overwhelming scale of infrastructure allows Google to handle loads of DoS threats easily. That being said, Google has multi-tier, multi-layer DoS safeguards that further reduce the risk of any DoS effect on a GFE operation.
User Authentication
The next layer of defense after DoS protection comes from google’s central identity service. This service usually manifests to end users as the Google login page.
Operational Security
Last but not least, google operates the infrastructure securely from their employees’ machines and credentials. Google defends against threats to the infrastructure from both insiders and external actors.
Safe Software Development
Google has a high emphasis on the secure environment for development; thus, it uses manual security reviews and in-depth design and implementation reviews for the riskiest features. Read more about Application Security here.
Keeping Employee Devices and Credentials Safe
Google makes a considerable investment to protect their employees’ equipment and credentials from compromise and monitor activities to identify potential compromises or illicit insider activity.
COMPUTE ENGINE SECURITY
The Compute Engine control plane exposes its API via the GFE, leveraging infrastructure security features such as Denial of Service (DoS) protection and centrally managed support for SSL / TLS.
End-user authentication to the Compute Engine control plane API is performed through Google’s centralized identity service, providing security features such as hijacking detection. Authorization is done using the central IAM service in the cloud.
The network traffic for the control plane, from the GFEs to the first service behind it and from other control plane networks, is properly authenticated and protected by the system. It passes from one data center to another.
Compute Engine persistent disks are encrypted at-rest using keys protected by the central infrastructure’s key management system.
The isolation provided to the VMs is based on hardware virtualization using the open-source Kernel-based Virtual Machine Stack.
Compute Engine’s use of customer data obey the GCP use of customer data policy. Google does not access or use customer data, except when required to provide services to customers.