It is the same innovation model used in self driving cars and the novel project loon internet access network suspended from balloons applied to privacy and security.Īn example of the innovation commitment is Project Zero. Finally the last step was to notify the Linux community of the risk of the glibc exploit and the availability of a patch.Įschelbeck said that his greatest responsibility is to continue to conduct research and innovate to build better security and privacy into products. In parallel Google engineers worked with engineers at Redhat to create a patch and test it. Researchers proved the flaw could be exploited while other researchers sought yet undetected variants. Google’s signal team monitored the infrastructure for an attack. Multiple teams were scrambled and worked in parallel streams. Always mindful of the next exploit they ask the question: what are the new techniques used by the bad actors to which they must respond?Įschelbeck cited as an example of Google security team’s speed and agility the discovery of a serious buffer overflow condition in the widely used Linux glibc library. Others study the threat landscape, the constantly evolving threats to constantly evolving technologies used by consumers and in data centers. Some members of the Google security team work on building tools to protect the data. Today’s environment – Google’s source code repository has 2 billion lines adding up to 85 terabyte that 85,000 engineers interact with every day. Like most security pros, Eschelbeck kept details close to the vest however he did offer as an example of scale Google’s source code base that he guards both from theft and from intrusion and infection with malicious code. He confessed that when he was asked to estimate the size of Google’s data centers and networks during interviews for his CSO position his estimates were two to three orders of magnitude too low. He said that when he interviewed for his job two years ago he had no idea of the extremes of the responsibility or the scale of the operation. Scale at Google according to Eschelbeck is like everything else at Google, it is intense. It’s a benchmark establishing best security practices.Įschelbeck’s stark mission statement “to protect users’ data” speaks of the alignment of his security group with the company’s cloud services and advertising business model. Given this scrutiny and gigantic computing scale makes Google intriguing. Google operates in a fishbowl because its business model depends on both consumers, enterprise users and privacy regulators trusting it to store vast amounts of data in its data centers. Google’s Vice President Security and Privacy Engineering Gerhard Eschelbeck spoke yesterday to a packed house at the RSA Security Conference about his professional life.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |