Google's vice president of engineering has described how the company protects customer data, saying that it bakes security into its products and employs the best and brightest in Web security.
Douglas Merrill Credit: Google
On the Official Google Blog, Douglas Merrill, a vice president of engineering, spelled out the company's philosophy, processes, and technology that the it employs for security.
"We automate the way we test our software for possible security vulnerabilities and the way we monitor for possible security attacks," Merrill explained.
"Our network and facilities (the house) are protected in both high- and low-tech ways: encryption, alarms, and other technology for our systems, and strong physical security at our facilities... We've learned that when security is done right, it's done best as a community."
He said that the company is developing its own security software, particularly to address areas such as large-scale computing and automation.
Google's processes are set up so that sensitive personal information can only be viewed by exception, Merrill said.
"We carefully manage access to confidential information of any sort, and very few Googlers have access to what we consider very sensitive data. This is in no small part because there's very little reason for us to provide that access--most of our processes are automated, and don't require much human intervention. Of course, the limited number of people who are granted access to sensitive data must have special approval," he wrote.
Liam Tung from ZDNet.com.au contributed to this story.
