Hardware tracking and disposal Google meticulously tracks the location and status of all equipment within our data centers from acquisition to installation to retirement to destruction, via bar codes and asset tags. Metal detectors and video surveillance are implemented to help make sure no equipment leaves the—data—center—loor—without—authorization.—If—a—component—fails—to—pass— a performance test at any point during its lifecycle, it is removed from inventory and retired. When a hard drive is retired, authorized individuals verify that the disk is erased by writing zeros to the drive and performing a—multiple-step—veriication—process—to—ensure—the—drive—contains—no—data.— If the drive cannot be erased for any reason, it is stored securely until it can be physically destroyed. Physical destruction of disks is a multistage process beginning with a crusher that deforms the drive, followed by a shredder that breaks the drive into small pieces, which are then recycled at a secure facility. Each data center adheres to a strict disposal policy and any variances are immediately addressed. A global network with unique—security—beneits Google’s IP data network consists of our own iber, public iber, and undersea cables. This allows us to deliver highly available and low latency services across the globe. In other cloud services and on-premises solutions, customer data must make several journeys between devices, known as “hops,” across the public Internet. The number of hops depends on the distance between the customer’s ISP and the solution’s data center. Each additional hop introduces a new opportunity for data to be attacked or intercepted. Because it’s linked Google’s IP data network to most ISPs in the world, Google’s global network improves the security of data in transit by limiting hops across the public Internet. consists—of—our—own—iber,— Defense in depth describes the multiple layers of defense that protect public—iber,—and—undersea—Google’s network from external attacks. Only authorized services and cables. This allows us to protocols that meet our security requirements are allowed to traverse it; deliver highly available and anything—else—is—automatically—dropped.—Industry-standard—irewalls—and— access—control—lists—”ACLs)—are—used—to—enforce—network—segregation.—All—traic— low latency services across is routed through custom GFE (Google Front End) servers to detect and the globe. stop malicious requests and Distributed Denial of Service (DDoS) attacks. Additionally, GFE servers are only allowed to communicate with a controlled list—of—servers—internally;—this—Ȋdefault—denyȋ—coniguration—prevents—GFE— servers from accessing unintended resources. Logs are routinely examined to reveal any exploitation of programming errors. Access to networked devices is restricted to authorized personnel. 8