Google Apps security-based collaboration platform from Google

Monitoring

Google s security monitoring program is focused on information gathered from internal network

trac, employee actions on systems, and outside knowledge of vulnerabilities.

At many points across our global network, internal trac is inspected for suspicious behavior, such

as the presence of trac that might indicate botnet connections. This analysis is performed using

a combination of open source and commercial tools for trac capture and parsing. A proprietary

correlation system built on top of Google technology also supports this analysis. Network analysis is

supplemented by examining system logs to identify unusual behavior, such as unexpected activity in

former employees accounts or attempted access of customer data.

Google Security engineers place standing search alerts on public data repositories to look for security

incidents that might aect the company s infrastructure. They actively review inbound security

reports and monitor public mailing lists, blog posts, and web bulletin board systems. Automated

network analysis helps determine when an unknown threat may exist and escalates to Google

Security sta, and network analysis is supplemented by automated analysis of system logs.

Vulnerability Management

Google employs a full-time team that is dedicated to helping ensure that vulnerabilities are managed

in a timely manner. The Google Security Team actively scans for security threats using commercial

tools, intensive automated and manual penetration eorts, quality assurance (QA) processes,

software security reviews, and external audits. The vulnerability management team is responsible

for tracking and following up on vulnerabilities.

Once a legitimate vulnerability requiring remediation has been identi ed by the Security Team, it is

logged, prioritised according to severity, and assigned an owner. The vulnerability management team

tracks such issues and follows up frequently until they can verify that they have been remediated.

Google also maintains relationships and interfaces with members of the security research community

to track reported issues in Google services and open source tools. More information about reporting

security issues can be found at http://www.google.com/intl/en/corporate/security.html

Incident Management

Google has an incident management process for security events that may aect the con dentiality,

integrity, or availability of its systems or data. This process speci es courses of action, procedures

for noti cation, escalation, mitigation, and documentation. Google s security incident management

program is structured around the NIST guidance on handling incidents (NIST SP 800-61).

Key sta are trained in forensics and handling evidence in preparation for an event, including the use

of third party and proprietary tools. Testing of incident response plans is performed for key areas, such

as systems that store sensitive customer information. These tests take into consideration a variety of

scenarios, including insider threats and software vulnerabilities.

To help ensure the swift resolution of security incidents, the Google Security Team is available 24x7

to all employees. When an information security incident occurs, Google s Security sta responds by

logging and prioritising the incident according to its severity. Events that directly impact customers

are treated with the highest priority. An individual or team is dedicated to remediating the problem

and enlisting the help of product and subject experts as appropriate. Other responsibilities are

deferred until the issue is resolved.

Google Security engineers conduct post-mortem investigations when necessary to determine the

root cause for single events, trends spanning multiple events over time, and to develop new strategies

to help prevent recurrence of similar incidents.

Network Security

Google employs multiple layers of defense to help protect the network perimeter from external

attacks. Only authorised services and protocols that meet Google s security requirements are

permitted to traverse the company s network. Unauthorised packets are automatically dropped.

Google s network security strategy is composed of the following elements:

Control of the size and make-up of the network perimeter. Enforcement of network segregation

using industry standard rewall and ACL technology.