1
Security in the Cloud
“I’ve not seen, in my career, anything bigger than the cloud,” said Diane Greene, chief executive officer of Google Cloud, in the first of two plenary presentations at the 2018 annual meeting of the National Academy of Engineering. Though the transition to cloud computing is still in its early stages, the cloud offers fast networks, real-time data warehousing, flexible capacity, worldwide access, and specialized technologies. Companies are “looking at the cloud as a way to digitally transform themselves,” said Greene.
In addition to its other benefits, the cloud is more secure, although “it wasn’t always that way,” said Greene. When she started in the information technology industry three decades ago, companies were very reluctant to let other organizations run their computer technologies. “There was this notion that ‘I wouldn’t put all my eggs in that person’s basket,’ and there wasn’t trust.” Now, analysts predict that services running in the cloud will have substantially fewer security breaches than other computer systems. Keeping data on your own device “is akin to putting your money under the mattress,” she said. “We put our money in the bank, and that’s what the cloud has become.”
Google has a front row to the attacks on its cloud-based systems. It has eight applications with more than one billion users—these include Google Search and Gmail—and it checks more than 400 million Android devices daily for problems. Every minute it filters out 10 million spam and malicious emails, scans about 700,000 webpages for malintent, and stops 7,000 URLs, executables, browser extensions with viruses, or phishing attempts. It also stymies distributed denial of service (DDoS) attacks, which seek to shut down a service by inundating it with requests. Such attacks have grown exponentially in recent
years, Greene noted, both to try to force people to pay ransom and to eliminate access to content. “We’ve protected billions of page views in 70 countries around the world.”
One result of the continuing battle between good guys and bad guys in cyberspace has been a steady hardening of computer security, Greene explained. Google employs its own team of hacking experts to identify issues and help to strengthen Google’s security, major open source projects, and other companies. This group looks full time for vulnerabilities and has found some of the most dangerous security flaws discovered in recent years. And, as Greene pointed out in response to a question, the security community shares information about attacks among companies, so that solutions to problems spread rapidly.
But attackers keep coming up with new ways to breach systems, such as using fraudulent email accounts to gain access to computers for bitcoin mining or combining vulnerabilities in clever ways to hack into systems. Building a highly complex system that has to withstand the full force of human intelligence is different from building a bridge or a building, Greene said. And the attacks will continue to diversify, she predicted. As an example, she cited recent efforts to fool surveillance cameras by wearing glasses that cause surveillance algorithms to identify someone as a different person.
NEW PROTECTIONS
Google has continually adopted new security procedures that make its systems more secure. After a 2009 attack in which a hacker got access to an employee’s chat account and then installed malware on Google computers, the company went through a rethinking of what it needed to keep its systems safe. Rather than assuming that everything within a perimeter security system was safe, it adopted the assumption that even data within the company are not to be trusted. It therefore encrypted all data both stored and in transit. It adopted contextual-aware access, in which the security system considers such factors as who is making a call, what type of call is being made, where the call is coming from, and what kind of device is being used. If the information being exchanged is extra-confidential, an extra layer of hardware-based authentication
is automatically enforced. Since 2016 Google has had no successful account takeovers using password phishing, thanks to the use of security keys.
Google built security in layers all the way through its systems, so if one layer gets hacked the others are still secure. The company’s data centers have biometric scanners, laser-based intruder detection, and metal-shredding machines for disks that cannot be erased. It also built and installed in its systems what it calls the Titan chip, which establishes a hardware root of trust for machines and peripherals in the cloud. It automatically verifies the integrity of the machine before joining the network. If a hacker gets through enough layers to reach the system infrastructure, the chip alerts that the system has been altered. This system exists in all of Google’s servers and in Chromebooks, prohibiting them from rejoining the network if the system has been infiltrated.
The scale of the cloud has advantages for security, Greene observed. New forms of protection can be deployed quickly to large numbers of customers, and highly automated processes can monitor and update systems in real time.
Finally, new hardware is being developed that allows data to be encrypted as they are processed. Such systems cannot yet handle heavy workloads, “but it’s definitely coming,” she said.
PROVIDING SECURITY AUTOMATICALLY
Google employs a large group of people to analyze its systems and detect anomalies. The next step will be to detect and repel threats and repair systems automatically, Greene said.
Google uses artificial intelligence to build models, automate detection, and counter threats. And because cloud computing centralizes the data, the cloud enables companies to learn faster. “We can prevent attacks that we see happening in one place from happening in another.” For example, Safe Browsing is a Google system to detect websites created by hackers that mimic legitimate websites and try to get people to give away their credentials. Google has been using artificial intelligence to learn what a malicious website looks like and to warn users with a red screen, which is now protecting more than 3 billion devices.
These machine learning models depend on the quality of the data used to train the models, presenting a potential new target for attackers. For example, hackers could misrepresent training data to attempt to bias the algorithms. But this problem is easier to solve in a centralized computing model like the cloud, Greene observed, since data can be curated internally to mitigate the risk of external manipulation.
REGULATING SECURITY
The regulations governing data privacy are highly related to security in the cloud, Greene noted. A public cloud provider legally cannot use the data it stores and processes in the cloud. It can only perform whatever operations a business requests using those data, and it can provide data to other organizations only when it is legally bound to do so. In this way, users can retain control over what happens with their data. Some even bring and manage their own encryption keys to further limit who has access to their data, which can have the additional benefit of reducing the regulatory burden on companies.
A number of countries around the world have proposed or enacted data localization laws, which require that data be held within a country’s borders. Sometimes these laws arise from legitimate concerns about privacy, cybersecurity, or economic development. However, forced data localization does not solve these problems and often makes them worse, Greene explained: It can hurt reliability—multiple copies in different locations can handle a single point of failure or a localized event like an earthquake. It can hurt security, because it inhibits the breaking of data into pieces and storing them in multiple places. And it can hurt performance, because getting data from a single place can slow down systems. Finally, global cloud providers are often more secure because of their resources and expertise.
“There’s significant cost to the customer of having the only copy of the data within the border of a country,” Greene concluded. For global providers to operate locally with data held exclusively in one country requires substantial investment.
RISING TO THE CHALLENGE
Computer security is a scary topic, said Greene, because people depend so heavily on computer systems, and clearly these systems can be hacked. But moving to the cloud has improved the situation significantly: The cloud provides for distributed data, it can be defended in depth, one layer can be exploited while the other layers are protected, it is redundant, its scale is so large that resources can be devoted to security, and it does not have a single point of failure.
Many problems remain to be solved, Greene acknowledged. Given the inevitable trade-offs between ease of use and security, how can security be increased without making computers much more inconvenient to use? How can the data for machine learning be made secure? How can security systems be automated so that problems can be detected and fixed?
“We have a long way to go, but I’m optimistic,” Greene said. “We’re making huge progress.”
