Author Archive

Two-step verification is easy to set up, manage and use. When enabled by an administrator, it requires two means of identification to sign in to a Google Apps account, something you know: a password, and something you have: a mobile phone. It doesn’t require any special tokens or devices. After entering your password, a verification code is sent to your mobile phone via SMS, voice calls, or generated on an application you can install on your Android, BlackBerry or iPhone device. This makes it much more likely that you’re the only one accessing your data: even if someone has stolen your password, they'll need more than that to access your account. You can also indicate when you're using a computer you trust and don't want to be asked for a verification code from that machine in the future.

Two-step verification is built on an open standard designed to allow integration with other vendors’ authentication technologies in the future. We are also open sourcing our mobile authentication app so that companies can customize it as they see fit.

Two-step verification continues Google’s stream of security innovation. In early 2009, we added the ability to view password strength and set minimum password length requirements for Google Apps accounts. Later in the year we were the first to provide HTTPS encryption to millions of users, and in 2010 Google Apps was the first cloud messaging and collaboration service to gain US government security certification.

Administrators for Google Apps Premier, Education, and Government Editions can activate Two-step verification from the English version of the Admin Control Panel now, and Standard Edition customers will be able to access it in the months ahead. Once enabled by their administrator, end users can set it up in the Accounts tab in Gmail settings.

Posted by Eran Feigenbaum, Director of Security, Google Apps

Enterprise Holdings is the largest rental car company in North America and operates Alamo Rent A Car, Enterprise Rent-A-Car and National Car Rental. They manage over 1.1 million cars, 68,000 employees and 7,600 locations around the world. When Enterprise Holdings wanted to add more security to their corporate e-mail, they chose Google Postini Services.

Join us for a free webinar on September 28, where Michael Preuss, Manager of Windows Engineering for Enterprise Holdings, will discuss why his company chose a cloud-based message security solution and how Postini’s powerful spam filtering technology was able to help them address their email security challenges. Adam Swidler, Senior Manager with Google Enterprise, will also provide an overview of Google’s security solutions and facilitate a deep-dive discussion into best-in-class practices for organizations interested in enterprise-grade protection.

A live Q & A session will follow. We hope you can join us!

Message Security in the Cloud
Tuesday, September 28th, 2010
10 a.m. PDT / 1 p.m. EDT / 6 p.m. GMT
Register here

Posted by Adrian Soghoian, Google Postini Services team

Google Message Security, powered by Postini, is a leader in cloud-based email security and we are honored that it has recently been recognized with several significant awards:



Google Message Security (GMS) was was selected as the Gold award-winner of the “Messaging Security Products” category by the readers of Information Security magazine and is featured in the September issue.



GMS also recently won the Top Provider award in the “Security as a Service” category of the recent 2010 Nemertes Pilot House Awards. GMS scored the highest of all vendors in every category including “Technology, Customer Service and Value.”
In addition, GMS was the top-rated product across all 12 categories that were evaluated, earning GMS the 2010 PilotHouse Admiral Award.

At Google, we focus intensely on the user experience, so we are especially proud to receive these awards that are voted on by security and technology experts who are Google Message Security users.

Thanks go to Information Security magazine, Nemertes Research and especially to the many users who voted for Google Message Security. We'd also like to congratulate our fellow nominees and award-winners and acknowledge their contributions to the field of online security.

For more information on Google Message Security and the Postini suite of security and archiving products, please visit, www.google.com/postini

Posted by Adam Swidler, Google Postini team

The Google Enterprise team is excited to be participating in the Computer Security Institute Annual Conference, CSI 2010, taking place in National Harbor, Maryland, from Tuesday through Friday, October 26-29. CSI2010 brings together security and IT professionals from around the world to discuss and share best practices in computer security, risk management and compliance. The event features keynote presentations, workshops, panel discussions and customer case studies. Google’s Adam Swidler will be presenting a session entitled “Is Your Organization’s Data Safer in the Cloud?” at 11:15 AM EDT on Friday, October 29.

If you'll be at the conference, please join us for Adam’s presentation to hear about information security, privacy, and data protection in the cloud from Google’s perspective. If you can’t attend the conference, please visit our website for more information about about the security and privacy of data in Google Apps.

Posted by Ashley Chandler, Google Apps team

Google Apps customers experience both cost savings and productivity benefits, and more than 3 million of businesses have made the switch to Google Apps. To answer some of the questions businesses often ask about the security and privacy of data that is stored in Google Apps, we released the Google Apps Security Whitepaper in June. And to provide further visibility into how we protect the data in Google Apps, we are hosting a webcast on November 18th, 2010. Register today to attend this webcast.

In the webcast, Eran Feigenbaum, Director of Security for Google Apps, will describe some of the challenges of securing traditional on-premise IT infrastructure and explain how Google’s cloud computing architecture can offer an improved security model. John Collins, Google Enterprise Trust Product Manager, will then talk about how Google protects the privacy of the data that is stored in Google Apps.

We will take questions from the audience, so if your business or organization is considering a move to Google Apps, this session will be a great opportunity.

Register to attend this webcast, Thursday, November 18th at 11:00 AM PST / 2:00 PM EST / 19:00 GMT.

Posted by Adam Swidler, Google Apps team

With more than 300,000 devices activated per day globally, Android is seeing rapid adoption in the post-PC era. Android works quite well with Google Apps, but we’re working to make it an excellent choice for both end-users and IT at businesses and schools. Over the last year for instance, we helped IT administrators manage Android straight from the browser, and we introduced features such as Priority Inbox view in Gmail for Android and the ability to edit Google Docs on the go.

Today we are announcing three more updates to our Android for business portfolio around security and connecting with colleagues. These products will be available to all Google Apps for Business and Google Apps for Education customers:

1. With the new version of the Google Apps Device Policy app, employees can quickly secure a lost or stolen Android 2.2+ device by locating it on a map, ringing the device, and resetting the device PIN or password remotely via the new My Devices website.
   
   
2. Google Apps administrators have an option in the control panel to “Encrypt Data on Device”, which will now include requiring encrypted storage on Android 3.0 tablets. Devices will need version 2.0 of the Google Apps Device Policy app.


3. A new corporate contacts app, Google Apps Lookup, makes it easier to find and contact people in your organization. Type (or speak) the name or email address of a coworker, and then tap to call, email, IM or send a text message. Lookup pulls information from the Google Apps directory, so admins need to enable “Shared Contacts” in the control panel before employees can use Lookup on their Android 2.1+ devices.
   
   

Learn more about how to set up Google Apps Device Policy and Google Apps Lookup. Mobile devices harness the power, speed and scale of the web to help people stay productive on the go. And these improvements should help make Android users even more productive while keeping their information secure. Stay tuned, there’s more to come. Posted by Mayur Kamat, Product Manager for Google Enterprise Mobility

This week the Google Enterprise team is excited to be participating in the Center for the Application of Information Technology (CAIT) Information Security Roundtable. CAIT is a non-profit organization within Washington University in St. Louis that serves as the center for information technology leaders in the St. Louis region. The Information Security Roundtable is an ongoing series of events and the next one, focused on cloud computing, will be held on April 21.

At this roundtable, I’ll be presenting "Working in the Cloud: How Cloud Computing is Reshaping Enterprise Technology", where I will discuss how cloud computing is influencing enterprise IT and what this means for businesses. The session will provide insight into how Google works to protect the data that is stored in our cloud, and it will also describe how businesses and organizations can start to leverage low-risk cloud computing solutions.

If you’re not able to attend the roundtable, you can visit our Google Apps Trust page and find more information on security and data protection in Google Apps.

Posted by Adam Swidler, Sr. Manager – Google Enterprise

At Google, we run a network of data centers that are built for scale and reliability. They’re also designed for security and data protection. For the 3 million businesses that have gone Google and the thousands more that join them every day, these features help ensure that their data is kept safe.

Many of you have been interested in visiting our data centers to see how we work to protect your data, but access to them is tightly restricted. Since we can’t give everyone a tour, we look for other ways to provide some visibility into these buildings. Last year we published the Google Apps security white paper, earlier this year we hosted a security & privacy webcast and today we’re sharing a video that highlights some of the capabilities in our data centers, including:

1. Physical security
2. Data protection
3. Reliability of operations

At Google, two things that are important to us are hearing directly from customers and designing and building applications with data protection features in mind.

Today, we get the pleasure of combining the two as we host a Google Apps Customer Advisory Forum focused on security and compliance. These forums are one of the many ways that we interact with customers, share our plans, discuss their priorities and together help shape the future of Google Apps. Customers will share why the security and compliance features of Google Apps led them to Go Google, and how we can further enhance our products in these areas.

Many of the security and data protection measures in Google Apps are outlined in our security white paper. We’re the first major cloud provider to offer 2-step verification, default https encryption, attachment viewing and mobile device management in the browser, and many other security and administrative capabilities.

For additional information about the security and privacy of Google Apps, please visit our Google Apps Trust site where you can see a video that highlights the data protections that are in place in our data centers.

Posted by Adam Swidler, Sr. Manager, Google Enterprise

Posted by Joe Kava, Data Center Construction & Operations Team

Back in 2009, we hosted our first conference on data center efficiency at the Google campus in Mountain View, CA. Colleagues from the industry joined us in sharing best practices and laying out the path to improved efficiency in large-scale computing infrastructure. In the past two years we’ve continued to work hard at improving our own efficiency, and we’ve been impressed by the advances others in the industry have made as well. Leaders in the tech sector have managed to achieve and surpass what seemed like stretch goals at the time.

Data center efficiency isn’t just for the big guys. Improving the energy efficiency of your facility – large or small – reduces your organization's total environmental impact. It also makes financial sense for computing infrastructures at any scale, as the most effective efficiency best practices are actually quite straightforward. Whether you run a facility of a hundred kW or a multi-MW data center, there are simple, immediate steps you can take to deliver rapid environmental and economic returns.

We’re happy to announce that we’re hosting a second data center efficiency conference, this time in Zurich, Switzerland, on May 24th. We’ll be gathering industry leaders together again to share and discuss the latest energy efficiency best practices. The agenda includes:

• Keynotes on data center sustainability
• Best practice case studies from Google and other leading organizations
• Practical implementation strategies for local cooling solutions and geo-independent approaches to efficiency
• Time for networking with peers, including a relaxed cocktail reception after the Summit.

Limited space is still available. Find out more and register to attend here.