bit-tech.net

Google: Cloud data location isn't important

Google: Cloud data location isn't important

Unsurprising, Google is defending the security of data stored in the cloud.

Google claims that security professionals don't need to worry about where cloud-based data is stored, and says they should instead focus on the security of their data.

Chief security officer for Google Apps, Eran Feignbaum, explained that security and privacy are priorities over geographical location. In relation to where the data is stored, he told SC Magazine that 'it is an old way of thinking.'

He also claimed that inappropriate access to client data isn't an issue, as less than 2 per cent of Google staff had entered its top secret data centres.

According to Feignbaum, customer data is separated into chunks, each of which is replicated around worldwide redundant data centres. In addition to this, Google also says that each of its hard drives features a unique barcode, which enables it to keep a record of all the data that's been stored on each disk.

Are you concerned about data being stored in an unknown location when using cloud computing? Let us know your thoughts in the forums.

29 Comments

Discuss in the forums Reply
Mentai 10th June 2011, 14:51 Quote
I don't see why the location would matter.
yakyb 10th June 2011, 14:59 Quote
frankly i wouldnt want my data held in Libya or pakistan / afganistan

but realistically its likely to be held in about 5 places so i dont suppose it matters
Phalanx 10th June 2011, 15:05 Quote
Quote:
Originally Posted by yakyb
frankly i wouldnt want my data held in Libya or pakistan / afganistan

I think you're safe...
Xir 10th June 2011, 15:19 Quote
Quote:
inappropriate access to client data isn't an issue, as less than 2 per cent of Google staff had entered its top secret data centres
less than two percent, great rethoric.

If it'd be less than one percent, he'd have said that. But he didn't.
So between one and two percent of google employees have entered their top-secret data centeres.
Google has ~26000 employees, so between 260-520 employees have physical access to....:D

Not as little as you thought, ey?
atlas 10th June 2011, 15:30 Quote
I don't see how the location matters. In fact the only time it does is when there are laws (specific to countries) at play that effect your data.
TheLegendJoe 10th June 2011, 15:41 Quote
"so between 260-520 employees have physical access to..."

Well, thats over many many data centers and they will have had to have certain clearances to ensure that they are suitable to even be in the room that contains that data, I doubt very many google employees have ever seen the real data ;)

& I saw in one of their videos (lol) that they use fragmentation and encryption, so even if they saw the data I doubt they would know what it means :P
faugusztin 10th June 2011, 15:55 Quote
Quote:
Originally Posted by Xir
less than two percent, great rethoric.

If it'd be less than one percent, he'd have said that. But he didn't.
So between one and two percent of google employees have entered their top-secret data centeres.
Google has ~26000 employees, so between 260-520 employees have physical access to....:D

Not as little as you thought, ey?

Considering they have few hundred thousand servers (wiki page says 200-450k servers), even 500 employees is rather low number. Just think of it, 1000 servers per person, doesn't look that low as you thought, right ?
dyzophoria 10th June 2011, 17:37 Quote
Quote:
Originally Posted by faugusztin
Quote:
Originally Posted by Xir
less than two percent, great rethoric.

If it'd be less than one percent, he'd have said that. But he didn't.
So between one and two percent of google employees have entered their top-secret data centeres.
Google has ~26000 employees, so between 260-520 employees have physical access to....:D

Not as little as you thought, ey?

Considering they have few hundred thousand servers (wiki page says 200-450k servers), even 500 employees is rather low number. Just think of it, 1000 servers per person, doesn't look that low as you thought, right ?

^ , I like cloud computing, but I always tell paranoid friends that if you are really that scared about your uber duper super private data, just get off the cloud,lol
Fizzban 10th June 2011, 18:24 Quote
My guess is it will be in China.
Autti 10th June 2011, 20:03 Quote
The fact is, storing information in a "secure" cloud is far safer, as finding your piece of data amongst the TB's is nigh on impossible.

People would have more chance stealing data directly from your computer, than A finding it and B extracting it from a cloud network as large as Googles.
faugusztin 10th June 2011, 20:57 Quote
But you know Autti, Google is evil, Google will steal your trade secrets, Google will steal your love letters, Google will steal your pants if you don't watch . That is pretty much the logic of cloud-haters.

My biggest issue with clouds is actually the example of what happened to Amazon Cloud a month ago, aka "whoops, we lost some data" ( http://www.businessinsider.com/amazon-lost-data-2011-4 ).
blackcell1 10th June 2011, 21:02 Quote
but now they've told us that its not important... i would like to know now
Sloth 11th June 2011, 00:51 Quote
Quote:
Originally Posted by faugusztin
But you know Autti, Google is evil, Google will steal your trade secrets, Google will steal your love letters, Google will steal your pants if you don't watch . That is pretty much the logic of cloud-haters.

My biggest issue with clouds is actually the example of what happened to Amazon Cloud a month ago, aka "whoops, we lost some data" ( http://www.businessinsider.com/amazon-lost-data-2011-4 ).
My concern with Google, not so much with clouds, is the way they seem to love stockpiling as much personal information as possible. Call me paranoid but a lot of their services are excellent at sucking up new little bits of information, the most troubling one to me was being prompted to give up a cell phone number for email account recovery. I don't think they have some great evil plot or anything, just that it's not the best practice to let your information out when you don't need to. To be honest I'd feel quite safe leaving things with Google because I know they'd keep their little paws wrapped tight around it.
faugusztin 11th June 2011, 00:55 Quote
Guess what do you need to enter when you register for Apple ID ? Yes, phone number :). And full address.
Sloth 11th June 2011, 01:00 Quote
Quote:
Originally Posted by faugusztin
Guess what do you need to enter when you register for Apple ID ? Yes, phone number :). And full address.
Haven't got an Apple ID either!

I'm not a fan of giving away phone numbers or addresses. For things related to billing that isn't always possible but certainly no cell phone number (a personal number, not even a home phone!) for an email account. Additionally I've declined multiple times and it keeps on prompting me, it gets a little suspicious after awhile.
John_T 11th June 2011, 14:08 Quote
Quote:
Originally Posted by Mentai
I don't see why the location would matter.

It matters in terms of legal jurisdiction. For the vast majority of private individuals and small businesses it's probably entirely irrelevant, in terms of certain businesses, I suspect it matters an awful lot.

I also agree with Sloth, in that I simply don't agree on principal to handing over great swathes of private data to companies - not when the data they are asking for is irrelevant to my relationship with them. It's not that I particularly expect them to do anything nefarious with it - I expect them in most cases to do nothing with it at all - it's just that I don't see it as any of their business in having it if they don't explicitly need it.

Some might see that as a paranoid stance, and maybe it is, but given the choice of paranoia or complacency, I'll err on the side of paranoia thanks. Just because you haven't figured out how someone can purposely screw you over / accidentally and incompetently expose you to risk, it doesn't mean that they won't do it.
John_T 11th June 2011, 14:10 Quote
.
John_T 11th June 2011, 14:11 Quote
(sorry for the multiple posts, seem to have had a brain-melting moment...)
rickysio 11th June 2011, 18:57 Quote
Quote:
Originally Posted by Autti
The fact is, storing information in a "secure" cloud is far safer, as finding your piece of data amongst the TB's is nigh on impossible.

People would have more chance stealing data directly from your computer, than A finding it and B extracting it from a cloud network as large as Googles.

Not as secure as a system that's not connected to the internet.
The_Beast 11th June 2011, 19:35 Quote
Hey, this just confirms how much I don't like cloud storage
faugusztin 11th June 2011, 23:11 Quote
"customer data is separated into chunks, each of which is replicated around worldwide redundant data centres."

I hope everyone understands the word replicated and redundant :).
2bdetermine 12th June 2011, 03:44 Quote
Hackers are going to love this cloud based system. Data mining all you can in one place.
DarkLord7854 12th June 2011, 08:05 Quote
Quote:
Originally Posted by 2bdetermine
Hackers are going to love this cloud based system. Data mining all you can in one place.

Google's services have been cloud-based for a while now, I've yet to see anything really go down.

Google pride themselves on their infrastructure, they practically only have engineers on their payroll who get to do nothing but overengineer everything. I wouldn't doubt that they have one of the most secure networks in the commercial world currently just because of how overly complex and convoluted their stuff is.
Nexxo 12th June 2011, 12:35 Quote
Quote:
Originally Posted by Autti
The fact is, storing information in a "secure" cloud is far safer, as finding your piece of data amongst the TB's is nigh on impossible.

People would have more chance stealing data directly from your computer, than A finding it and B extracting it from a cloud network as large as Googles.

+1.

The NHS does nor allow any form of cloud storage on its PCs. Tricky when, like NHS employees increasingly do, you work across different Trusts, each with their own network. So you are forced to use memory sticks to carry your data around. But that can transmit viruses, see, and you can lose your memory stick with important patient data on it (even though no NHS employee has ever stored any patient data on a memory stick, because they actually have a brain). So the NHS allows only encrypted, passworded sticks. Which it then has to order, and then re-order because they ordered the wrong type, and then finds that each Trust uses a different type not allowed by other Trusts... And then there's the Trust laptops, some of which have been stolen in the past.

I tried to argue with various NHS IT departments that allowing cloud storage would be more logical. Nobody can lose something that is virtual on the Internet. It can still be encrypted. It can still be virus-scanned. It is free. But no, they don't like it because they can't be sure the data is stored in the UK, and that's how the government wants it. I mean, WTF? We're dealing with some research papers, service protocols, anonymous audit data, patient information leaflets etc. Not state secrets.

The technology is there, and it's sound. The only obstacle is people unable to shift their paradigms.
tcool93 12th June 2011, 18:49 Quote
One thing I have learned, is that just because any company (including Google) makes any kind of security claim, doesn't mean it true. It seems to happen a lot anymore that these companies get caught lieing.

Dropbox is just a recent example of it. Claiming their employees didn't have, or couldn't access user data, which later was proven a lie, and they are being sued over it.

I also disagree with the persons comment here that someone would have a higher risk having their data stored on their own computer. Well that is nonsense also. Fact is most hackers would target the biggest storage place they can, not single out some john doe.
Nexxo 12th June 2011, 18:56 Quote
Human error causes 75% of all data loss/leaks. Most data loss/leaks is because of stolen laptops or lost/stolen mobile devices and memory sticks and users flaunting simple security rules.
proxess 12th June 2011, 19:05 Quote
Google store their data in my basement.

OH NO! O_o I said it! You must all die now!
Valinor 12th June 2011, 19:19 Quote
Quote:
Originally Posted by tcool93

I also disagree with the persons comment here that someone would have a higher risk having their data stored on their own computer. Well that is nonsense also. Fact is most hackers would target the biggest storage place they can, not single out some john doe.

Agreed, as the cloud storage stuff is designed to be accessed (with security checks, username, password etc), whereas peoples home computer's are (presumably) not set up to allow external access, and so need far more work to break in to.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums