This week, Google released an Infrastructure Security Design Overview where it explained Google’s six layers of security and facts about its operations.
Google revealed that its servers are fitted with custom security chips, as measures to secure its public and private cloud infrastructure. The company said that alongside physical security and encryption, it also creates its own custom silicon for use in its servers.
These chips allow us to securely identify and authenticate legitimate Google devices at the hardware level.
We use cryptographic signatures over low-level components like the BIOS, bootloader, kernel, and base operating system image. These signatures can be validated during each boot or update.
Google explained that its components are all Google-controlled, built, and hardened. With each new generation of hardware, the company says it strives to improve security. Any devices used by employees to operate the company’s infrastructure are scanned to ensure that they are fully patched and up-to-date, and downloads, apps and browser history are monitored to make sure the system is safe.
Google says that it tries to limit the insider threat by keeping close tabs on workers with administrative privileges for its infrastructure, and by replacing these roles with automation wherever possible. These measures are used both on Google’s public cloud servers, as well as the machines that the company uses to operate its own services, such as Search and Gmail.