Google ready to keep your data safe, even from attack by aliens
In case the economy and wars and hurricanes and earthquakes where there aren't usually earthquakes have you feeling a little...insecure, Google has some good news for you.
If you're one of its Google Enterprise customers, it has you covered.
If all Google's engineers went rogue (a couple have) and threatened to destroy the world's supply of unused Gmail accounts, Google has you covered.
If aliens attacked the Earth in a rampage of hunger for Google+ accounts...Google has you covered.
But only in a kind of dull, disaster-recovery, business-continuity kind of way.
"Part of our disaster recovery plan is to assume the worst has happened," Google Enterprise director of security Eran Feigenbaum told CIO. "We play lots of games here."
So when it's time to test some portion of its overall disaster- and security-incident response plans, Feigenbaum doesn't just let the data center people assume a hurricane or a fire or a "Something" had gone wrong.
They have to identify a culprit, often an unusual one, cut the telco connections among data centers or put a couple of data centers out of action or destroyed all the data in the top-level systems in the storage hierarchy, or destroyed only the data related to one set of services or geographic region or that reflects a color in a shade of the spectrum beyond humans' ability to see, but that causes murderous rage in in reptilian humanoids hibernating underground for millenia.
"In last year's scenario, Google was attacked by aliens and California was off the map," he said. "We asked: What do we do? How do we run our infrastructure?"
Science fictiony stories put the drill in context for the techs doing backup-and-recovery work that would be tedious if they weren't in the middle of an enormous disaster – which they're not.
The stories also shake up the assumptions about what could go wrong in a disaster, to expose risks most sysadmins wouldn't believe could happen that don't require the involvement of aliens.
"I was in an intelligence community where we proved we could find out information about a computer that was not connected to a network and was in a secure room," Feigenbaum said.
He said it while comparing the security of the cloud to the expectations of most users, but the impulse is the same. Users expect "cloud" security and reliability to be perfect even when they don't expect anywhere near that level of performance in their own systems – for which they typically pay a lot more.
"Perfect" is impossible, but getting close means discovering, investigating and making contingency plans for things that may not necessarily be realistic risks right at the moment.
It's obviously far more likely that aliens would attack the Earth and destroy California than a lot of the other disasters that have happened during the past few years. We've seen it happen a dozen times in the movies, so it seems a lot more realistic an expectation than the theory that a volcano in Iceland with an unpronounceable name would ground every plane in Europe. Twice.
But making sure you have so many contingencies covered lets you say data in the cloud is safer than anywhere else and give you the chance to rattle off the list of stats that really make the case you're trying to sell in customer meetings, one CISO to another:
Like, the one about how much corporate data still lives only on laptops (60 percent), how often laptops are stolen within the first year (one out of every 12), how many people admit losing flash drives with corporate data on them (60 percent).
"By putting the data in the Cloud and making it available anytime, anywhere, you don’t have to worry about these issues and user behavior starts to change," Feigenbaum said.
Somehow, it's possible there's more than one purpose even to the story about the stories Feigenbaum tells when he's either trying to motivate IT people to make the data more secure or convince customers how effectively he's done it.