[upbeat music] Wong: Hi, I'm Stephanie Wong,
and I work for Google Cloud. While I could talk all day
about cloud security, physical security
at a Google data center is still pretty new to me, so today I'm on a mission
to learn all about it by taking an inside look
at the systems in place that protect customer data at a typical Google data center.
Let's go. [upbeat music] Now, I've been told there are six layers
of security here. Security layer one refers
to the property boundaries, and that includes signage and fencing. But things really start
to get interesting when it comes to layer two,
also known as the secure perimeter, and that includes the main entrance gate
which I am pulling up to right now. [upbeat music] Hey, how's it going?
person: Good morning. [upbeat music] Wong: So layer two has
a lot of security features ranging from smart fencing
to overlapping cameras to 24/7 guard patrols and more. I'm on my way to meet some experts who are going to show me
how it all works. Hi, Joe. Kava: Hi, Stephanie, how are you? Wong: So I just passed the main gate
and I saw guards and cameras, but what are some things
that I didn't see? Kava: Yeah there's actually
a lot of technology and operations
going on behind the scene. So from the time that you're on site, we know that you're here, and we're able to do
correlation analysis of where you've been. We have guards in vehicles,
we have some guards on foot. There's also the vehicle crash barrier. That's designed to stop
a fully loaded truck from crashing
through the front entrance. Wong: Ricky, Tarik, can you tell me more
about what's unique about the fencing? Gordon: This particular fence
is an anti-climb fence. It's also equipped with fiber.
The technology tells us if someone's near the fence
or touches the fence. Billingsley: So we use thermal cameras
and standard cameras. So we're able to see
video footage at night just as clearly as we can
during the day. [light electronic music] Wong: Welcome to layer three,
building access. But just so you know,
I am still nowhere near the data center floor. That's a few more layers deep.
Let's head inside. O'Brien: Stephanie.
Wong: Hello. O'Brien: So you've gotten through
the gate, you've come in, you've come in to our secure lobby. You have your card,
and we know that that's you, but if someone happened to lose
their card, what we want to make sure is
that it's actually Stephanie who has shown up. scanner: Please center your eye. O'Brien: And with iris scan,
we can authenticate that it's actually you
along with your ID. Wong: Okay, I think it's good. One thing that's a little
hard to get used to when you visit a data center is, for secure areas, only one person is allowed to badge
through a door at a time. [light electronic music] Layer four includes
the security operations center, or SOC, a hive of activity that
is monitoring the data center 24/7, 365 days a year. [light electronic music] So it sounds like we've been
keeping them very busy today. Davis: Yes, yes you have. So the doors, the cameras,
the badge readers, the iris scan--
everything is connected here. This is the brains
of the security system. So if there's anything out
of the ordinary happening, they have to be able to pick that up. [upbeat music] Wong: Interesting fact about layer five, the data center floor: less than 1% of Googlers
ever get to set foot in here. So right now, I'm feeling kinda special. [upbeat music] Kava: This is truly
a as-needed only access area, meaning that only the technicians and engineers that have to be there to maintain, upgrade,
or repair the equipment are ever allowed there. Wong: And do Googlers or anyone
have access to the data? Kava: We have access to the devices,
but the data at rest is encrypted,
and our customers can issue and keep their own encryption keys, and we do this because
protecting the privacy and the security of our users' data
is our highest priority. Wong: The mysterious layer six,
where disks are erased and destroyed
and the fewest number of people are allowed to enter. Drives that need to be retired
from the data center floor come into this room
through a secure two-way locker system which means that only technicians
assigned to this room can pull them
from that locker to either erase or destroy them. Henley: All right,
welcome to the crusher room. Wong: Wow. Henley: So at this point,
we have scanned the hard drive, and the software has told us
that we need to destroy it. Wong: Can we see it in action? Henley: Back up.
Wong: All right. I'll stay back here.
[both laugh] [mechanical whirring] That disk is definitely destroyed. Henley: Yes it is. [upbeat music] Wong: If you didn't think
these six layers of security were enough,
Google Cloud actually has two security testing programs in place. One hires companies to try to break in to data center sites from the outside, and the other tasks Googlers
with trying to break security protocols from the inside. And getting out of a data center
is arguably even harder than getting in, as everybody
has to go through full metal detection each time they leave
the data center floor. [upbeat music] person: Thank you, ma'am,
for your cooperation. Wong: Thank you. Google Cloud supports compliance with over 40 global standards,
regulations, and certifications, and the commitment to constantly test,
optimize, and improve systems makes it a leader
in data center security. Now, how do I get out of here? [upbeat music]
