Google scolds businesses for citing security as a reason not to use cloud

Google has hit out at users that continue to cite security as a major barrier to public cloud adoption, claiming their data will be safer there than on-premise.

The search giant made the claim at its Google Next conference in east London on 23 June, while talking up the business benefits of using its Compute Engine infrastructure-as-a-service (IaaS) offering.

During the event’s opening keynote, Greg DeMichillie, director of product management for Google’s Cloud Platform, said companies are mistaken if they think storing their data on-premise will keep it safe.

“There was a time when security was the reason not to move to the cloud, but with the Home Depot, Target, Sony Pictures and the latest United States government's Office of Personnel Management breaches, quickly customers are realising you are more secure in the cloud with Google than you are by yourself,” he said.

One of the reasons for that is because Google has the scope and scale to invest large sums in security personnel, and far more so than your average enterprise.

“We have more than 500 professional security researchers at Google," said DeMichillie. "These are people doing penetration testing, fuzzing our software with random bad API [application programming interface] calls, and doing in-depth security readings. Very few of you could afford 500 security researchers.”

To emphasise this point, he explained that Google researchers are regularly the first to uncover high-profile security vulnerabilities, such as the Heartbleed OpenSSL fault that came to light in spring 2014.

“It was a pretty bad vulnerability that prompted everybody to massively patch their systems, but what you may not know is that Heartbleed was found by a Google researcher, and that means Google systems were among the first to be patched. Most of them were fully patched before the first full public disclosure was made about the vulnerability,” said DeMichillie.

Google also builds all of the infrastructure that underpins its cloud services, which provides it with an extra layer of protection against hackers, he said.

“We are a full stack creator. If we were an independent server manufacturer, we’d be in the top five list of server manufacturers globally because we build all our own infrastructure,” said DeMichillie.

“We build our own machines, we design our own hardware specifications, our own software specifications, and this minimises the attack surface because you can’t go and buy a Google server, set it up at home and probe it for vulnerabilities.

“All of that is our way of saying, if you thought you couldn’t use a cloud platform because of security, you actually have it backwards. Being on a cloud platform will actually make you more secure,” he concluded

Read more about Google in the cloud