Shoptech and Google Cloud Platform
Shoptech takes the responsibility of hosting your data very seriously. That’s why we partnered with the most reliable cloud management company in the business, Google Cloud Platform. Google Cloud Platform has unmatched standards within the industry when it comes to security and reliability. Their approach is designed to keep your business running fast, lean, and secure and comes with an industry leading 99.978% Network Uptime Guarantee.
Download Security Whitepaper
Security of Physical Premises and Human Resources
Google designs and builds its own data centers, which incorporate multiple layers of physical security protections. Access to these data centers is limited to only a small fraction of Google employees. Multiple physical security layers are used to protect data center floors and use technologies like biometric identification, metal detection, cameras, vehicle barriers, and laser-based intrusion systems. Data centers are monitored 24/7 by high-resolution interior and exterior cameras that can detect and track intruders. Access logs, activity records, and camera footage are available in case an incident occurs. Data centers are also routinely patrolled by experienced security guards who have undergone rigorous background checks and training.
- Dedicated Privacy Team – The Google privacy team operates separately from product development and security organizations but participates in every Google product launch by reviewing design documentation and performing code reviews to ensure that privacy requirements are followed.
- Dedicated Security Team – Google employs security and privacy professionals, who are part of our software engineering and
operations division. This team is tasked with maintaining the company’s defense systems, developing security review processes, building security infrastructure, and implementing Google’s security policies.
- Internal Security and Privacy Events – Google hosts regular internal conferences to raise awareness and drive innovation in security and data privacy, which are open to all employees. Security and privacy is an ever-evolving area, and Google recognizes that dedicated employee engagement is a key means of raising awareness.
- Employee Background Checks – Google will verify an individual’s education and previous employment, and perform internal and external reference checks of every employee.
- Security Training for All Employees – All Google employees undergo security training as part of the orientation process and receive ongoing security training throughout their Google careers. Depending on their job role, additional training on specific aspects of security may be required.
- Internal Audit and Compliance Specialists – Google has a dedicated internal audit team that reviews compliance with security laws and regulations around the world. As new auditing standards are created, the internal audit team determines what controls, processes, and systems are needed to meet them.
- Collaboration with the Security Research Community – Google has long enjoyed a close relationship with the security research community, and greatly value their help identifying vulnerabilities in Cloud Platform and other Google products.
- Vulnerability Management – Google administrates a vulnerability management process that actively scans for security threats using a combination of commercially available and purpose-built in-house tools, intensive automated and manual penetration efforts, quality assurance processes, software security reviews, and external audits.
- Malware Prevention – Google takes these threats to its networks and its customers very seriously and uses a variety of methods to prevent, detect, and eradicate malware.
- Incident Management – Google has a rigorous incident management process for security events that may affect the confidentiality, integrity, or vailability of systems or data. If an incident occurs, the security team logs and prioritizes it according to its severity. Events that directly impact customers are assigned the highest priority.
- Data Centers – To keep things running 24/7 and ensure uninterrupted services, Google’s data centers feature redundant power systems and environmental controls. Every critical component has a primary and alternate power source, each with equal power. Diesel engine backup generators can provide enough emergency electrical power to run each data center at full capacity. Cooling systems maintain a constant operating temperature for servers and other hardware, reducing the risk of service outages.
- Environmental Impact – Google reduces the environmental impact of running our data centers by designing and building their facilities. Google installed smart temperature controls, use “free-cooling” techniques like using outside air or reused water for cooling, and redesign how power is distributed to reduce unnecessary energy loss.
- Custom Server Hardware and software – Google’s servers and their OS are designed for the sole purpose of providing Google services. Server resources are dynamically allocated, allowing for flexibility in growth and the ability to adapt quickly and efficiently, adding or reallocating resources based on customer demand.
- Hardware Tracking and Disposal – Google hard drives leverage technologies like FDE (full disk encryption) and drive locking, to protect data at rest. When a hard drive is retired, authorized individuals verify that the disk is erased by writing zeros to the drive and performing a multiple-step verification process to ensure the drive contains no data.
Standards, Regulations, and Certifications
Google Cloud Platform maintains various certifications to assist you in verifying the security policies and processes Google has in place for the environment of your hosted infrastructure.
- ISO 27001 – Managing information risks
- ISO 27017 – Controlling cloud-based information)
- ISO 27018 – Protecting personal data
- SOC 1 – Controls over financial reporting
- SOC 2 – Controls over security, availability, and confidentiality
- SOC 3 – Public report of controls over security, vailability, and confidentiality
- PCI DSS – Protecting customers card information
- HIPPA – Protecting health information
- CSA STAR – Securing cloud computing environments
- FedRAMP – Assessment, authorization, and monitoring
- FIPS 140-2 Validated – FIPS 140-2 Level 1 Certification
Implementation for Google Cloud Platform
- HITRUST CSF – Industry Agnostic Certification Framework for Regulatory Compliance and Risk Management.
- MPAA – Protecting intellectual property data
- NIST 800-53 – Security and privacy requirements for United States Federal Information systems
- NIST 900-171 – Security requirements for United States Federal controlled unclassified information