May 10, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« Cisco and RSA Parter to Protect Data | Main | IBM Deepens Their Data Protection »

April 09, 2008
How Does Google Do Security?

With the biggest online presence of pretty much any company anywhere (I just read somewhere that Google's search percentage is at it's highest ever), and with a well honed sense of reputation management -- does anyone remember the day when you first started using Google, and thought, Damn, how did they find that Michael Bolton bio so fast -- Google clearly has the most to lose if word suddenly got out that all those emails in gmail and spreadsheets in Google docs weren't being properly secured.

So what's Google's security culture like? According to Search Security, if you can't code, you can't do security at Google (let's hope that if you're lousy at security you can't do security at Google as well).

"Google has a decidedly go-at-it-alone conventional approach to solving problems," security director Scott Petry said Tuesday during an interview at RSA Conference 2008. "This is most evident in the value of security inside engineering."

In essence, Google has integrated security throughout their development lifecycle. Nooglers (which are new developers at Google), have to attend multi-day security training seminars before they're even assigned to a team or project. At the seminars the Nooglers learn everything from policy to process development to code hacking.

And before a project goes live, the production code has to pass peer-review with Google security teams along with any member of the engineering community. "No one person is authorized to write code into production," Petry said. And that's just from the inside.

In terms of outside attacks, Google keeps a database of attacks against the company which is then tested against any future Google code. The idea at, instead of looking at an attack as something only criminals do, Google looks at attacks as a lesson to be learned.

This pretty much squares with what's becoming standard operating procedure when developing web applications (or at least should be): think about security early and think about it often. And if you do that, then maybe you too can be a Moogle (that's my term for an old person at Google, you know, someone about to be put out to pasture).

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/3347

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
ebizQ Web 2.0 and the Enterprise
Your E-mail Address:
BAM for BPM Survey Results Are In! Learn What’s Driving New BAM Investments
Date: May 13, 2008
Time: 12:00 PM ET
(16:00 GMT)
REGISTER TODAY!
Avoid the SOA Pitfalls that Prevent ROI
Date: May 15, 2008
Time: 14:00 PM ET
(18:00 GMT)
REGISTER TODAY!
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map