How does Google Handle Data Security?
Google deploys progressive layers of security around its physical locations, hardware and software, processes and data for enterprise and consumer computing. Approximately 550 security professionals review security plans for all elements of the network, detect and manage vulnerabilities – including those in third party software – and scan for malware sites, among their other activities. Its internal audit team monitors security regulations globally to ensure compliance.
Physical access to Google’s data centers is severely limited, so only a tiny fraction of employees ever set foot on the premises. Layered protection includes biometric identification, metal detection, vehicle barriers and laser-based intrusion detection systems. Within the data center, Google deploys its own custom-designed security chips to identify and authenticate Google servers and peripherals to minimize the chance that unauthorized hardware can go online without detection.
Data on Google’s internal network is encrypted. Application layer protocols are encapsulated within the remote procedure calls (RPC) mechanisms, effectively isolating the application layer so data is secure even if the network is breached. Additionally, all infrastructure RPC traffic sent over the WAN between data centers is encrypted automatically. The deployment of hardware cryptographic accelerators is extending encryption to all infrastructure RPC traffic.
Google also takes pains to encrypt data before writing it to physical storage. Important elements of this strategy include automatic key rotation and audit logs. Encrypting data at the application layer helps the infrastructure isolate itself from such possible threats as malicious disk firmware. Hardware encryption also is enabled for hard drives and solid state devices. For end-users, permission tickets are used, linking encrypted data to users.
Google says its use of bare-bones servers and self-designed software reduces vulnerabilities, along with its process of replicating and distributing data across multiple servers and locations to eliminate single points of failure. Before storage devices are decommissioned, they are wiped in a multi-step process that includes two independent verifications. Devices that don’t meet those requirements are shredded on site.
These practices that protect Google’s infrastructure also secure Google’s cloud platform. An additional safeguard (among many others) includes virtual machine isolation provided by using the KVM stack to virtualize hardware. Google’s implementation of KVM is furthered hardened by moving part of the control and hardware emulation stack outside the kernel and into an unprivileged process.
Does Google Have a Floating Data Center?
Rumors of Google’s floating data center were rampant, starting in 2013. A barge docked near Treasure Island in San Francisco Bay led to wild speculation as to its uses – one version being that it was a data center. In the end, the barge turned out to be an interactive learning center.
That doesn’t mean floating data centers won’t feature in Google’s future, though. The company received a patent in 2008 for a wave-powered data center that would use the ocean to provide cooling and, through waves’ kinetic action, power. The patent describes potential data center locations as areas 3 to 7 miles from shore in 50 and 70 meters of water. So far, however, Google doesn’t appear to have plans to actually build a floating data center.
Where are Google’s Cloud data centers?
Google has several cloud data centers throughout the world and is bringing more online in 2017. In addition to data centers in the Western US, Central US, Eastern US, Western Europe, and Eastern Asia, the company announced that new “cloud regions” will come online in 2017 in Frankfurt, London, Mumbai, Singapore, Sydney, and Sao Paulo, and in undisclosed areas in Finland, California, The Netherlands, and Northern Virginia.
The proliferation of new cloud data centers reduces latency for Google customers and enables customers to address data sovereignty issues, as different countries have different laws governing storage and transfer of citizens’ personal data.
Here's a March 2017 map of the global infrastructure that supports Google's enterprise cloud services, including existing and future company-owned data centers, leased edge sites in colocation facilities (there are more than 100 of those), and leased and owned fiber routes (click image to enlarge map):
Source: Google VP of data centers Joe Kava's presentation at Google Cloud Next 2017 in San Francisco
What does a Google Data Center Look Like Inside?
Few people are allowed inside Google data centers, so Google produced some videos to ease your curiosity. Have a look:
Here are some Google data center pictures:
How Many Google Data Centers are There?
Few outside Google know exactly how many data centers Google operates. There are the massive Google data center campuses, of which it says it has 15. Some of its enterprise cloud regions are on those campuses, and some are elsewhere. As of March 2017, the company had six enterprise cloud regions online and 11 in the works (see map above). Most if not all of these locations have or will have multiple data centers each. Google has not shared publicly exactly how many there are in each location.
Also unclear is the amount of caching sites, also referred to as edge Points of Presence, Google has around the world. These are small-capacity deployments in leased spaces inside colocation facilities operated by data center providers like Equinix, Interxion, or NTT. The company says there are more than 100 such sites but doesn't share the exact number.
Here's a March 2017 overview of Google's data center strategy by the man who owns it, Google VP of data centers, Joe Kava:
How Much Do Google Data Centers Cost to Build?
Google’s newest data center at The Dalles in Oregon, a 164,000-square foot building that opened in 2016, brought its total investment in that site to $1.2 billion. The overall size totals 352,000 square feet of data center divided among three buildings. The site first opened in 2006 and currently employs 175 people. Google has announced plans to add another $600,000 data center about a mile away, bringing the investment to $1.8 billion. That center is expected to employ about 50 people.
Likewise, the Pryor Creek, Oklahoma, data center also is continuing to expand. It first went online in 2011 with a 130,000 square foot, $600,000 facility and soon after built another building for staff offices. When the expansion announced in 2016 is completed, Google’s Pryor Creek data center will represent a $2 billion investment.
The new data center under construction in 2016 in Eemshaven, Netherlands, is expected to cost $773 million. In typical Google fashion, there’s no word on size.
Overall, Google's capital expenditures for 2016 were just under $10.2 billion. Most of that can be accounted for by its data centers and land acquisitions.