Google provides the world’s most advanced security that keeps more people safe online than anyone else. Our approach, developed over decades operating at a global scale, comprehensively protects your data. With our shared fate model, we work together with you as a team toward a common security and risk management goal. As a result, you can operate with confidence that threats and advanced attacks are minimized, detectable, and recoverable.
Securing and protecting your data rests on three key pillars: security by design, security by default, and security in deployment.
Security by design
Our cloud services are designed to deliver better security than many on-premises approaches. The security of our infrastructure is designed in progressive layers to provide defense-in-depth and security capabilities are continuously engineered into our trusted cloud platform.
Some examples of security by design are:
- Google’s own global, private, encrypted network
- Data that is stored and distributed in encrypted form
- Data centers that offer multiple levels of security and isolation
- Google-built hardware that is optimized for security including our Titan security chips which power our secure boot process
- Rigorous controls regarding our software supply chain
Security by default
Our security defaults provide multiple levels of complementary defenses designed to reduce your risk from configuration errors, as well as attacks.
Our built-in automatic protections include:
- Default security services that are part of our secure by design infrastructure such as default encryption for data at rest and in transit and DDoS protection
- Default configurations for services such as compute and storage that limit public access
- Advanced features like external and customer key management available across our products
- Hard points and guardrails that help mitigate risk from configuration errors
Security in deployment
Google Cloud provides tooling and opinionated guidance so you can achieve and maintain your desired security, risk, and compliance posture.
Capabilities to assist with secure cloud deployments include:
- Blueprints and landing zones: resources, including code and templates, that can be used to deploy cloud resources in recommended configurations such as our security foundations blueprint
- Assured Workloads: Create and enforce a controlled environment for your regulated workloads (including data residency, personnel controls, and service restrictions) with just a few clicks
- Security Command Center: our native security and risk management platform to identify and resolve security misconfigurations and compliance violations in your Google Cloud assets
- Embedded controls to enhance the security of key Google Cloud services (for example, Confidential Computing and automatic DLP)
