Google Data Center Security: 6 Layers Deep - YouTube

[upbeat music]

Wong: Hi, I'm Stephanie Wong, and I work for Google Cloud.

While I could talk all day about cloud security,

physical security at a Google data center

is still pretty new to me,

so today I'm on a mission to learn all about it

by taking an inside look at the systems in place

that protect customer data

at a typical Google data center. Let's go.

[upbeat music]

Now, I've been told there are six layers of security here.

Security layer one refers to the property boundaries,

and that includes signage and fencing.

But things really start to get interesting

when it comes to layer two, also known as the secure perimeter,

and that includes the main entrance gate which I am pulling up to right now.

[upbeat music]

Hey, how's it going? person: Good morning.

[upbeat music]

Wong: So layer two has a lot of security features

ranging from smart fencing to overlapping cameras

to 24/7 guard patrols and more.

I'm on my way to meet some experts

who are going to show me how it all works.

Hi, Joe.

Kava: Hi, Stephanie, how are you?

Wong: So I just passed the main gate and I saw guards and cameras,

but what are some things that I didn't see?

Kava: Yeah there's actually a lot of technology

and operations going on behind the scene.

So from the time that you're on site,

we know that you're here,

and we're able to do correlation analysis

of where you've been.

We have guards in vehicles, we have some guards on foot.

There's also the vehicle crash barrier.

That's designed to stop a fully loaded truck

from crashing through the front entrance.

Wong: Ricky, Tarik, can you tell me more about what's unique about the fencing?

Gordon: This particular fence is an anti-climb fence.

It's also equipped with fiber. The technology tells us

if someone's near the fence or touches the fence.

Billingsley: So we use thermal cameras and standard cameras.

So we're able to see video footage at night

just as clearly as we can during the day.

[light electronic music]

Wong: Welcome to layer three, building access.

But just so you know, I am still nowhere near

the data center floor.

That's a few more layers deep. Let's head inside.

O'Brien: Stephanie. Wong: Hello.

O'Brien: So you've gotten through the gate, you've come in,

you've come in to our secure lobby.

You have your card, and we know that that's you,

but if someone happened to lose their card,

what we want to make sure is that it's actually Stephanie

who has shown up.

scanner: Please center your eye.

O'Brien: And with iris scan, we can authenticate

that it's actually you along with your ID.

Wong: Okay, I think it's good.

One thing that's a little hard to get used to

when you visit a data center is,

for secure areas, only one person

is allowed to badge through a door at a time.

[light electronic music]

Layer four includes the security operations center,

or SOC, a hive of activity that is monitoring the data center

24/7, 365 days a year.

[light electronic music]

So it sounds like we've been keeping them very busy today.

Davis: Yes, yes you have.

So the doors, the cameras, the badge readers,

the iris scan-- everything is connected here.

This is the brains of the security system.

So if there's anything out of the ordinary happening,

they have to be able to pick that up.

[upbeat music]

Wong: Interesting fact about layer five,

the data center floor:

less than 1% of Googlers ever get to set foot in here.

So right now, I'm feeling kinda special.

[upbeat music]

Kava: This is truly a as-needed only access area,

meaning that only the technicians

and engineers that have to be there

to maintain, upgrade, or repair the equipment

are ever allowed there.

Wong: And do Googlers or anyone have access to the data?

Kava: We have access to the devices, but the data at rest

is encrypted, and our customers can issue

and keep their own encryption keys,

and we do this because protecting the privacy

and the security of our users' data is our highest priority.

Wong: The mysterious layer six, where disks

are erased and destroyed and the fewest number of people

are allowed to enter.

Drives that need to be retired from the data center floor

come into this room through a secure two-way locker system

which means that only technicians assigned to this room

can pull them from that locker to either erase

or destroy them.

Henley: All right, welcome to the crusher room.

Wong: Wow.

Henley: So at this point, we have scanned the hard drive,

and the software has told us that we need to destroy it.

Wong: Can we see it in action?

Henley: Back up. Wong: All right.

I'll stay back here. [both laugh]

[mechanical whirring]

That disk is definitely destroyed.

Henley: Yes it is.

[upbeat music]

Wong: If you didn't think these six layers of security

were enough, Google Cloud actually has

two security testing programs in place.

One hires companies to try to break in

to data center sites from the outside,

and the other tasks Googlers with trying to break

security protocols from the inside.

And getting out of a data center is arguably even harder

than getting in, as everybody has to go through full metal detection

each time they leave the data center floor.

[upbeat music]

person: Thank you, ma'am, for your cooperation.

Wong: Thank you.

Google Cloud supports compliance

with over 40 global standards, regulations, and certifications,

and the commitment to constantly test, optimize, and improve systems

makes it a leader in data center security.

Now, how do I get out of here?

[upbeat music]