Google Cloud Platform Security

F. A. Author
Your name, University etc.

Abstract— This research paper will examine Google Cloud Platform security
infrastructure. It will be analyzed how Google Cloud Platform security is designed,
as well as the infrastructure features. The paper will investigate how Google
Cloud protect its data, including the organizational and technical controls,
followed by Google compliance regulatory requirements.

1. INTRODUCTION multi-national businesses and corporations,

In today’s digitalized era, organizations are
utilizing IT operations in order to develop
applications quicker and sustain innovations
to preserve their competitive position in the
modern digital world. As indicated by many
prestigious specialists from the IT industry,
cloud computing is the third huge wave in the
Information Technology business, which
became a vital aspect in different sectors and
areas [1].
The integration of cloud computing today is
generating a change in the way organizations
operate and in general the way people live.
The Cloud can offer convenient, ubiquitous
and on demand network access and
application to resources like: storage services,
networks, computing services, infrastructure
etc. without the need of any funds or
expenditures. From an individual user to
can simply use any type of service from the
Cloud [2].
Currently, there are many Cloud providers,
but only few are the biggest players on the
market. One of the cloud pioneers and
revolutionizers is Google, which today offers
90 products that belong to Google Cloud.
Therefore, Google provides these wide range
of services for numerous organizations and
individuals globally. Google Cloud Platform is
a part of Google Cloud, which provides
Infrastructure as a Service, Platform as a
Service and serverless computing
environments. Google Cloud Platform delivers
cost efficient architectures that support the
transmission, storage and intensive
computing of data [3].
Nevertheless, the main question is, all the
data, private information, confidential
possessions of organizations or personal

Your name*
University* Year*
property of individuals are safe and secure? In
today’s modern society, information has
become the most expensive commodity.
This research paper will examine Google
Cloud Platform security infrastructure. It will
be analyzed how Google Cloud Platform
security is designed, as well as the
infrastructure features. The paper will
investigate how Google Cloud protect its data,
including the organizational and technical
controls, followed by Google compliance
regulatory requirements.

2. LITERATURE REVIEW
Figure 1: Cloud security

As previously stated, Cloud Security is very

important aspect when it comes to
organizations and individuals. Security is the GOOGLE INFRASTRUCTURE SECURITY LAYERS
main retrain that is holding back the growth
of cloud computing in the long run.
Nowadays, cloud providers main worry is From the picture bellow it can be seen that
forfeiting customer information or data to Google Infrastructure is consistent of 6 layers,
cyber attackers. Google’s global network of which start from physical security data
users reaches billions of customers. centers lifting to hardware and software
Therefore, one of the main challenges the structure. Therefore, all the six layers are
company faces is persistent protection of its properly situated in place in order to define all
global network against cyber threats, which the processes involved in sequence to support
are continuously growing. For the same operational security [5].
reason, Google invests profoundly in securing
its infrastructure from the possible dangers.
Consequently, Google Cloud Platform has
become one of the most secure Cloud
providers and preferred platforms globally.
This chapter will elaborate how GCP plays a
vital role in the Cloud industry and how it
became the most secure platform [4].

Figure 2: Google Infrastructure Security Layer

2
Hardware Infrastructure
Hardware infrastructure or the lowest level
infrastructure is basically consistent of three
components:
1. Security of Physical Premises: Include data
centers, which have numerous coatings of
physical security fortification. These data
centers are secured with technologies as:
biometric identification, cameras, laser-based
detection systems. Also, only limited
specialized personnel can access these data
centers [5].
2. Hardware Design and Provenance: Google
custom designed networking equipment that
is consistent of thousands of server machines.
(Google custom chips, deployed on servers
and peripherals, used for security
identification of Google devices at the
hardware level) [5].
3. Secure Boot Stack and Machine Identity:
Google server machines with specific
identification that are ensuring the security of
hardware and software machine boots [5].
Service Deployment
This layer of security confirms that a service
is properly deployed on Google’s
infrastructure from the base hardware and
software. The listed points below are briefly
examining the Service Deployment [6].
1. Service Identity, Integrity and Isolation:
Through cryptographic verification and
authorization, this layer provides strong
control and security.
2. Inter-Service Access Management: With
assistance of Google engineers, this
infrastructure operates in a way that detects
individual identities, so that services can
accept or deny the following access. Strong
management systems are operating to
provide approval of identities, notifications
and chains [6].
3. Encryption of Inter-Service Communication:
With cryptographic authorization and
authentication the infrastructure is proficient
to secure inter-service communication. This
ensures that any third party do not have
access to the private network [6].
4. Access management of End User Data: The
infrastructure is designed in a way to run
central user identity service that verifies the
end user login. After the verification provides
users authorizations to the client’s device [6].
Secure Data Storage
The numerous Google storage services are
designed to use keys from a central key
management service to encrypt the data in
advance. In order to avoid possible threats,
such as malicious disk firmware, the
infrastructure at the application layer is
premeditated to preform encryption. Also, for
further protection, encryption is done at other
layers, such as at the hardware layer [6].
Furthermore, deletion of data is performed.
Most frequently Google develops specific data
as “Scheduled for Deletion” instead of
completely eliminating the data. The data
deletion permits easy recovery from
accidental deletions, whether its customer
originated or just a bug [7].
Secure Internet Communication
3
 This layer covers the secure communication
between Google and the internet. This is
conducted through private IP space which
exposes subset of machines straight to
outside internet traffic and attacks. Google
Front End (GFE) services guarantee that all
the transportation layer security connections
are completed and in coordination with the
accurate certificates [6].
The Google Front End ensures proper
protection counter to DDoS attacks.
Furthermore, the central identity service, that
consumers view as Google log in page which
request username and password, and
evaluates risk factors, which may include
whether the individual logged in from same
device or location [7].
Operational Security
This layer includes various technologies for
measuring and improving security recognition
and response. Manual security reviews, as
well as automated tools are included for
security formation. Google creates important
outlays, specifically created for protection of
user’s devices and credentials, with usage of
different technologies and regulations for
physical, data, computers, access
management, network security etc. [8].
The operational security consists of four
sections:
1. Intrusion Detection
2. Safe Software Development
3. Keeping Employee Devices and Credentials
Safe
4. Reducing Insider Risk
GOOGLE CLOUD PLATFORM COMPLIANCE AND
TRUST
Google Cloud Security – Trust Principles
4
Google Cloud Platform trust principles are
constructed for thorough protection of
customers privacy. Consequently, GCP
practice six different trust principles, which
are going to be listed below:
1. The first and main principle Google use is
customer safety. The platform is designed to
provide instant notification to users if a safety
breach is crossed and customer data is in
danger.
2. GCP security provides comprehensive
control over customer’s data.
3. One of the trust principles include strict
advertising principle. Google maintains
rigorous differentiation between the user’s
Cloud data and the one used for business
advertising.
4. Google’s data centers have the most
advanced security systems, which locations
are publicly accessible. This allows users to
have knowledge regarding their data storage
and constant availability.
5. Independent auditors evaluate, validate
and certify GCP security practices.
Accordingly, international security and privacy
regulations assure GCP security.
6. Last and most important, Google does not
provide “backdoor” access to customer data
to any governmental agencies or units [9].
Independent Third-Party Certifications
Google Cloud Platform implements various
security controls in order to ensure its
customers with high protection and security.
Therefore, GCP is implementing independent
third-party audits and regulations, which not
only comply with data security, but they have
been certified. Google Cloud Platform has
certifications such as: ISO 27001, ISO 27017,
ISO 27018, AICPA, SOC 2 and 3, PCI DSS, CSA
Star and FedRAMP [10].
Privacy and Compliance Standards
Google Cloud Platform follows European
Union’s General Data Protection
Regulations (GDPR). These laws and
regulations stand for fortification of
European user’s data privacy and
protection. Moreover, Google Cloud
Platform follows Australian Privacy
Principles (APPs), Australian Prudential
Regulations Authority (APRA), Multi-Tier
Cloud Security (MTCS), Singapore
Standard (SS), Japan Center for Financial
Industry Information Systems (FISC) and
UK NCSC Cloud Security Principles [11].
Nevertheless, Google Cloud Platform for
having the most secure payment services
follows ISO/IEC 27001 and Payment Card
Industry Data Security Standards (PCI
DSS). With pioneering encryption credit
card details, storage and personal
information of clients, Google has achieved
radical security [11].
3. CONCLUSION
Google’s cloud platform is considered as a
major secrecy cloud provider and more
secured and safer than the other Cloud
companies on the market. They are a go to
shop for cloud computing work and they have
proven track record on anything they touched
turned to gold. Consequently, companies can
rest assured and continue with Google Cloud
Platforms as their preferred cloud service
providers.
Google Cloud Platform main objective is
protection of customers data and its security,
this became a part of the company’s
initiatives and vital focus. Google Cloud
Platform is a major leader on the market for
data protection and innovation of security and
encryption systems. The company considers
that data protection is more than security, for
the same reasons, with all possible efforts and
innovation investments, Google earns trust
with today’s most valuable asset –
information.
REFERENCES
M. Ali and
M. H. Miraz, "Cloud Computing Applications," in Proceedings of
the International Conference on Cloud Computing and
eGovernance, Wales, 2013.
P. Srivastava and R. Khan, "A Review Paper on Cloud
Computing," International Journals of Advanced Research in
Computer Science and Software Engineering , vol. 8, no. 6,
2018.
Google, "Google Cloud," 2019. [Online]. Available:
https://cloud.google.com/security/. [Accessed 2 4 2020].
I. Shabani and A. Dika, "The Benefits of Using Google Cloud
Computing for Developing Distributed Applications," Journal of
Mathematics and System Science, vol. 5, pp. 156-164, 2015.
N. . J. Mitchell and K. Zunnurhain, "Google cloud platform
security," in the 4th ACM/IEEE Symposium, 2019.
Google, "Google Infrastructure Security Design Overview,"
Google Cloud, 2017.
G. C. P. Whitepaper, "Screenleap," 26 5 2015. [Online]. Available:
https://www.screenleap.com/doc/Google_Cloud_Platform_Sec
urity_Whitepaper.pdf. [Accessed 2 4 2020].
Google, "Google’s Approach to IT Security. A Google White
Paper," Google , 2012.
K. Fritchen, "Managed Methods," 2019. [Online]. Available:
https://managedmethods.com/blog/google-cloud-platform-
security-features/. [Accessed 3 4 2020].
S. V. Tuan , . K. Heydemann, A. d. Grandmaison and A. Cohen,
"Secure Delivery of Program Properties Through Optimizing
Compilation," in ACM International Conference on Compiler
Construction, 2020.
Google, "Google Cloud’s Approach to Security," Google Cloud .
5
Google, "Security, compliance and GDPR Google Cloud,"
[Online]. Available: file:///C:/Users/Ena/Downloads/Security,
%20compliance%20and%20GDPR%20and%20Google
%20Cloud%20(2).pdf. [Accessed 2 4 2020].