Infosec 2015: Cloud location doesn’t deter hackers, says Google chief

The geographical location of your data in the cloud won't improve its security and thinking it does is a fallacy.

So claims Eran Feigenbaum, director of security for Google Apps, who said that where data resides has no bearing on how safe it is. Speaking at a keynote at this week's Infosec show in London, he asked delegates if they thought where data was stored made had an effect on how secure it was.

"Data location does not improve security, actually the reverse," he said. "Adversaries do not abide by geographical borders. I haven't seen a hacker yet that said oh that data is in London, I'd better not hack it, I'd rather hack it if it was in Belgium.

He said that location had some bearing on regulation, but that needs to be separated from security. Some types of data need to reside in a certain place such as data held by Swiss banks that need to stay within that country's borders.

"Just because data is stored within a specific region or specific country, doesn't make it more secure," he said.

Google's datacentres share the same level of security regardless of location, Feigenbaum added. "They get audited and they have the same practices," he said.

The biggest - as yet unsolved - problem relating to cloud is authentication, according to Feigenbau, who added that while people can tell who others are face to face "in reality, most online service still rely on username/password combinations."

"If I get to guess your password, I get to impersonate you," said Feigenbaum. "I get the same access and privileges that you have."

The release a few weeks ago of a Chrome extension called Password Alert is just one of Google's responses to the challenge of passwords getting into the wrong hands. This will tell Chrome users if they are using the same password on different services in order to prevent problems such as users having the same password for their corporate infrastructure as their Netflix account, for example.

Feigenbaum concluded by saying that organisations need to make it easier for users to do the right thing as far as security is concerned and alert them when they don't to help increase education and awareness.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.