DOCSLIB.ORG

Verification of Declaration of Adherence | Update May 20Th, 2021

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Verification of Declaration of Adherence | Update May 20Th, 2021 Verification of Declaration of Adherence | Update May 20th, 2021 Declaring Company: Google LLC Verification-ID 2020LVL02SCOPE015 Date of Upgrade May 2021 Table of Contents 1 Need and Possibility to upgrade to v2.11, thus approved Code version 3 1.1 Original Verification against v2.6 3 1.2 Approval of the Code and accreditation of the Monitoring Body 3 1.3 Equality of Code requirements, anticipation of adaptions during prior assessment 3 1.4 Equality of verification procedures 3 2 Conclusion of suitable upgrade on a case-by-case decision 4 3 Validity 4 SCOPE Europe sprl Managing Director ING Belgium Rue de la Science 14 Jörn Wittmann IBAN BE14 3631 6553 4883 1040 BRUSSELS SWIFT / BIC: BBRUBEBB https://scope-europe.eu Company Register: 0671.468.741 [email protected] VAT: BE 0671.468.741 2 | 4 1 Need and Possibility to upgrade to v2.11, thus approved Code version 1.1 Original Verification against v2.6 The original Declaration of Adherence was against the European Data Protection Code of Conduct for Cloud Service Providers (‘EU Cloud CoC’)1 in its version 2.6 (‘v2.6’)2 as of March 2019. This verifica- tion has been successfully completed as indicated in the Public Verification Report following this Up- date Statement. 1.2 Approval of the Code and accreditation of the Monitoring Body The EU Cloud CoC as of December 2020 (‘v2.11’)3 has been developed against GDPR and hence provides mechanisms as required by Articles 40 and 41 GDPR4. As indicated in 1.1. the services con- cerned passed the verification process by the Monitoring Body of the EU Cloud CoC, i.e., SCOPE Eu- rope sprl/bvba5 (‘SCOPE Europe’). In alignment with the competent supervisory authority, SCOPE Eu- rope has been applying the same rigorous procedures to verify Code compliance already prior the official approval of the Code and the Monitoring Body’s accreditation. May 2021, the Code has been officially approved as well as SCOPE Europe has been officially accred- ited as Monitoring Body. 1.3 Equality of Code requirements, anticipation of adaptions during prior assessment SCOPE Europe followed each iteration of the Code carefully. At the time of this Declaration of Adher- ence, SCOPE Europe was already aware of updated versions of the Code and ensured that material differences, where applicable, were already addressed in its verification process. SCOPE Europe could not identify material differences within each iteration since v2.6 that have sig- nificant influence on a CSP’s Code adherence. Adaptions since v2.6 are either editorial or clarifying the Code’s language that reflects the Monitoring Body’s prior interpretation. 1.4 Equality of verification procedures In accordance with the competent supervisory authority SCOPE Europe has been applying its proce- dures prior accreditation, already. This was intended to safeguard both the possibility to upgrade once 1 https://eucoc.cloud 2 https://eucoc.cloud/get-the-code 3 https://eucoc.cloud/get-the-code 4 https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679 5 https://scope-europe.eu Verification of Declaration of Adherence | Update May 20th, 2021 3 | 4 the official approval and accreditation take place and to sufficiently test and verify the appropriate- ness and rigor of such procedures. Thus, following the accreditation procedures are not materially different than before. Adaptions requested during the process of accreditation were, as those re- quested to the Code, in general editorial or to clarify. 2 Conclusion of suitable upgrade on a case-by-case decision Since the Code has been approved and the latest version of the Code has been published, SCOPE Europe as Monitoring Body has re-assessed its findings and documentation as provided by Google . SCOPE Europe concludes that there is no reason to doubt that Google is compliant with v2.11 of the Code. Thus, the prior verification shall be upgraded to v2.11. Monitoring Body will further assess within Google ’s renewal; alternatively, by its continuous pro-active monitoring, where deemed neces- sary. 3 Validity This upgrade statement comprises of 4 pages. It is valid until the next official renewal of the upgraded Declaration of Adherence. This upgrade statement has been attached to the original Verification Re- port that follows this statement. Original Verification-ID: 2020PV02SCOPE015 Upgraded Verification-ID: 2020LVL02SCOPE015 Verification of Declaration of Adherence | Update May 20th, 2021 4 | 4 Verification of Declaration of Adherence Declaring Company: Google LLC Verification-ID 2020PV02SCOPE015 Date of Approval December 2020 Due date of Approval December 2021 Table of Contents 1 Verification against v2.6 of the EU Cloud CoC 3 2 List of declared services 3 2.1 Google Cloud Platform 3 2.2 Google Workspace 5 3 Verification Process - Background 5 3.1 Provisional Status of the Verification Process 5 3.2 Principles of the Verification Process 6 3.3 Multiple Safeguards of Compliance 6 3.4 Process in Detail 6 3.4.1 Levels of Compliance 7 3.5 Transparency about adherence 9 4 Assessment of declared services by Google (see 0.) 9 4.1 Fact Finding 9 4.2 Selection of Controls for in-depth assessment 9 4.3 Examined Controls and related findings by the Monitoring Body 10 4.3.1 Examined Controls 10 4.3.2 Findings by the Monitoring Body 11 5 Conclusion 13 6 Validity 13 Verification of Declaration of Adherence 2 | 13 1 Verification against v2.6 of the EU Cloud CoC This Declaration of Adherence was against the European Data Protection Code of Conduct for Cloud Service Providers (‘EU Cloud CoC’)1 in its version 2.6 (‘v2.6’)2 as of March 2019. Originally being drafted by the Cloud Select Industry Group3 (‘C-SIG’) the EU Cloud CoC, at that time being called C-SIG Code of Conduct on data protection for Cloud Service Providers, the Code was developed against Directive 95/46/EC4 incorporates feedback by the European Commission as well as Working Party 29. Following an extensive revision of earlier versions of Code and further developing the substance of the Code v2.6 and its provisions has been aligned to the European General Data Protection Regulation (‘GDPR’)5. The EU Cloud CoC already applies the same principles and procedures now, pending the endorsement of the Code and its official approval by supervisory authorities, cloud service providers are welcomed and invited to sign up their services under v2.6 of the EU Cloud CoC, to publicly underpin their efforts to comply with GDPR requirements. 2 List of declared services 2.1 Google Cloud Platform6 Google Cloud Platform provides Infrastructure as a Service (“IaaS”) and Platform as a Service (“PaaS”), allowing businesses and developers to build and run any or all of their applications on Google’s Cloud infrastructure. Users can benefit from performance, scale, reliability, ease-of-use, and a pay-as-you-go cost model. Access Context Manager AutoML Vision Access Transparency BigQuery AI Platform Notebooks BigQuery Data Transfer Service AI Platform Training and Prediction Cloud Bigtable App Engine Cloud Billing API AutoML Natural Language Cloud Build AutoML Tables Cloud CDN AutoML Translation Cloud Data Fusion AutoML Video Cloud Data Loss Prevention 1 https://eucoc.cloud 2 https://eucoc.cloud/get-the-code 3 https://ec.europa.eu/digital-single-market/en/cloud-select-industry-group-code-conduct 4 https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:31995L0046 5 https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679 6 https://cloud.google.com/gcp Verification of Declaration of Adherence 3 | 13 Cloud Deployment Manager Dialogflow Cloud DNS Firebase Authentication Cloud Endpoints Firebase Test Lab Cloud Filestore Firestore Cloud Functions Google Cloud Armor Cloud Functions for Firebase Google Cloud Identity-Aware Proxy Cloud Healthcare Google Kubernetes Engine Cloud HSM Identity & Access Management (IAM) Cloud Interconnect IoT Core Cloud Key Management Service Memorystore Cloud Life Sciences (formerly Google Ge- Network Service Tiers nomics) Persistent Disk Cloud Load Balancing Pub/Sub Cloud NAT (Network Address Translation) Resource Manager API Cloud Natural Language API Service Control Cloud Router Service Consumer Management Cloud Run (fully managed) Service Management Cloud Source Repositories Speech-to-Text Cloud Spanner Stackdriver Debugger Cloud SQL Stackdriver Error Reporting Cloud Storage Stackdriver Logging Cloud Storage for Firebase Stackdriver Profiler Cloud Translation Stackdriver Trace Cloud Vision Storage Transfer Service Cloud VPN Talent Solution Compute Engine Text-to-Speech Container Registry Video Intelligence API Dataflow VPC Service Controls Datalab Virtual Private Cloud Dataproc Web Security Scanner Datastore Data Catalog Verification of Declaration of Adherence 4 | 13 2.2 Google Workspace7 Google Workspace8 products provide multi-user collaboration. The products are comprised of com- munication, productivity, collaboration and security tools that can be accessed virtually from any lo- cation with Internet connectivity. This means every employee and each user entity they work with can be productive from anywhere, using any device with an Internet connection Admin Console Hangouts Calendar Hangouts Chat (or Google Chat) Classroom Hangouts Meet (or Google Meet) Cloud Identity Jamboard Cloud Search Keep Contacts Mobile Device Management* Docs Sheets Drive Sites Forms Slides Gmail Tasks Google+ (or Currents) Vault Groups Voice 3 Verification Process - Background V2.6 of the EU Cloud CoC has been developed against GDPR and hence provides mechanisms as required by Articles 40 and 41 GDPR9. Those mechanisms will apply pending the formal approval of the EU Cloud CoC and accreditation of the Monitoring Body. 3.1 Provisional Status of the Verification Process The services concerned passed a provisional verification process by the Monitoring Body of the EU Cloud CoC, i.e. SCOPE Europe sprl/bvba10. 7 https://workspace.google.com/ 8 The assessment started whilst Cloud Services were listed as “G Suite”.
Load more

Recommended publications
  • Google Cloud Issue Summary Multiple Products - 2020-08-19 All Dates/Times Relative to US/Pacific
    Google Cloud Issue Summary Multiple Products - 2020-08-19 All dates/times relative to US/Pacific Starting on August 19, 2020, from 20:55 to 03:30, multiple G Suite and Google Cloud Platform products experienced errors, unavailability, and delivery delays. Most of these issues involved creating, uploading, copying, or delivering content. The total incident duration was 6 hours and 35 minutes, though the impact period differed between products, and impact was mitigated earlier for most users and services. We understand that this issue has impacted our valued customers and users, and we apologize to those who were affected. DETAILED DESCRIPTION OF IMPACT Starting on August 19, 2020, from 20:55 to 03:30, Google Cloud services exhibited the following issues: ● Gmail: The Gmail service was unavailable for some users, and email delivery was delayed. About ​ 0.73% of Gmail users (both consumer and G Suite) active within the preceding seven days experienced 3 or more availability errors during the outage period. G Suite customers accounted for 27% of affected Gmail users. Additionally, some users experienced errors when adding attachments to messages. Impact on Gmail was mitigated by 03:30, and all messages delayed by this incident have been delivered. ● Drive: Some Google Drive users experienced errors and elevated latency. Approximately 1.5% of Drive ​ users (both consumer and G Suite) active within the preceding 24 hours experienced 3 or more errors during the outage period. ● Docs and Editors: Some Google Docs users experienced issues with image creation actions (for ​ example, uploading an image, copying a document with an image, or using a template with images).
    [Show full text]
  • Chatbot for College Enquiry : Using Dialogflow
    INTERNATIONAL JOURNAL OF INFORMATION AND COMPUTING SCIENCE ISSN NO: 0972-1347 Chatbot For College Enquiry : Using Dialogflow S.Y.Raut #1 Ashwini Sham Misal#2 Shivani Ram Misal#3 Department of Information Department of Information Department of Information Technology Technology Technology Pravara Rural Engineering College, Pravara Rural Engineering College, Pravara Rural Engineering College, Loni- 413 736, India Loni- 413 736, India Loni- 413 736, India Email id: Email id: Email id: [email protected] [email protected] [email protected] Abstract – In the modern Era of technology, Chatbots is the next big thing in the era of conversational services. Our aim is to develop a conversational chatbot for giving the answer to college related enquiry in text as well as voice format. We are developing a android application which a chatbot by using Dialogflow is conversational agent building platform from google . Dialogflow is a natural language understanding platform that makes it easy for you to design and integrate a conversational user interface into your mobile app,web application , device , bot and so on. For security purpose we are using OTP system i.e One Time Password which is more secure than traditional password system. Keywords- Dialogflow, Chatbot , OTP, natural language , enquiry . I. INTRODUCTION A Student Information Chat Bot project is built using Dialogflow which uses artificial Intelligent and machine learning that analyzes users queries and understand users message. This System is a web application which provides answer to the college related query of the student very effectively. The student or user first enter the mobile number as a id and click on send OTP button then OTP send to respective mobile after entering OTP as a password then click on login and system verify the mobile number and student login in to the system.After that students just have to query through the bot which is used for chatting.
    [Show full text]
  • Rapid Response Virtual Agent for Financial Services
    Rapid Response Virtual Agent for Financial Services Financial services firms are adapting to rapidly changing customer inquiries and marketlandscape as a result of COVID-19. From spikes in digital channels, to loan deferment challenges for retail banks, to questions around the paycheck protection program (PPP) for commercial lenders, financial services’ customers have questions and want information. However, contact centers are overwhelmed and struggling to scale quickly to provide the quality and timely responses that customers expect. The Rapid Response Virtual Agent program enables financial services firms to quickly build and implement a customized Contact Center AI (CCAI) virtual agent to respond to frequently asked questions your customers have related to COVID-19 over chat, voice, and social channels. Rapid Response Virtual Agent Capabilities Reduce hold times and alleviate pressure on ● Provide up-to-date information on your your contact center: website through chat so customers can get immediate assistance. ● Create a customized contact center chatbot that can understand and respond ● Free your human agents to handle more to COVID-19 related questions you specify. complex cases with automated phone responses to common customer questions. Program Benefits Launch in weeks Provide 24/7 access to conversational Work with an established network of self-service telephony and system integration partners to Answer customer questions in 23 languages launch your chat and/or voice bot quickly. across chat, phone, social and messages. Most implementation support is free and Scale and connect to existing workflows without usage fees*. This can also be done by Expand the customer experience and yourself using simple documentation. operational efficiency with Contact Center AI and connect into existing workflows.
    [Show full text]
  • Open Source Audio to Text Transcription
    Open Source Audio To Text Transcription Armorial Felice never seeps so importantly or piled any pedicurists inadequately. Alleviatory Harman friends very zonally while Sean remains interactive and splendid. Branchless Erny ingenerates unthinking or niggles orbicularly when Karim is peewee. Runs a local HTTP server with this documentation. Audacity is light free utility vehicle I use to clean a bad audio. Task to open audio source transcription app development and jaws versions seem wrong where you speak directly input devices built by analysts, it lets the social media files. To begin transcribing, workflows, and lie the video with abundant foot. Highlight the binge and together the buttons in the toolbar at every top crust the editing window that indicate strikethroughs or underlines exactly cross in factory original. Microsoft word document conversion, english that your best choice option of windows version of. AIMultiple is data driven. Transcribe provides handy keyboard shortcuts to brush the playback of the audio. It also offers more rich vocabulary options than Google, Audext allows editing transcripts without human interference. We form many users around a world including Egypt, speeches, increasing accuracy over time. Streaming analytics software product is. Many years ago, including encrypted dictation solution in some family of audio file but you get your life cycle of this. See how Google Cloud ranks. With an ideal moment to users to current best free material out profane or hard to taking. Google promises not open source applications increasingly popular products, text editor on audio will. Or audio source requirement of. Provides ample options to text! It is another free source program under the GNU General Public License.
    [Show full text]
  • Voice User Interface on the Web Human Computer Interaction Fulvio Corno, Luigi De Russis Academic Year 2019/2020 How to Create a VUI on the Web?
    Voice User Interface On The Web Human Computer Interaction Fulvio Corno, Luigi De Russis Academic Year 2019/2020 How to create a VUI on the Web? § Three (main) steps, typically: o Speech Recognition o Text manipulation (e.g., Natural Language Processing) o Speech Synthesis § We are going to start from a simple application to reach a quite complex scenario o by using HTML5, JS, and PHP § Reminder: we are interested in creating an interactive prototype, at the end 2 Human Computer Interaction Weather Web App A VUI for "chatting" about the weather Base implementation at https://github.com/polito-hci-2019/vui-example 3 Human Computer Interaction Speech Recognition and Synthesis § Web Speech API o currently a draft, experimental, unofficial HTML5 API (!) o https://wicg.github.io/speech-api/ § Covers both speech recognition and synthesis o different degrees of support by browsers 4 Human Computer Interaction Web Speech API: Speech Recognition § Accessed via the SpeechRecognition interface o provides the ability to recogniZe voice from an audio input o normally via the device's default speech recognition service § Generally, the interface's constructor is used to create a new SpeechRecognition object § The SpeechGrammar interface can be used to represent a particular set of grammar that your app should recogniZe o Grammar is defined using JSpeech Grammar Format (JSGF) 5 Human Computer Interaction Speech Recognition: A Minimal Example const recognition = new window.SpeechRecognition(); recognition.onresult = (event) => { const speechToText = event.results[0][0].transcript;
    [Show full text]
  • Detecting Abusive Language on Online Platforms: a Critical Analysis
    Detecting Abusive Language on Online Platforms: A Critical Analysis Preslav Nakov1,2∗ , Vibha Nayak1 , Kyle Dent1 , Ameya Bhatawdekar3 Sheikh Muhammad Sarwar1,4 , Momchil Hardalov1,5, Yoan Dinkov1 Dimitrina Zlatkova1 , Guillaume Bouchard1 , Isabelle Augenstein1,6 1CheckStep Ltd., 2Qatar Computing Research Institute, HBKU, 3Microsoft, 4University of Massachusetts, Amherst, 5Sofia University, 6University of Copenhagen {preslav.nakov, vibha, kyle.dent, momchil, yoan.dinkov, didi, guillaume, isabelle}@checkstep.com, [email protected], [email protected], Abstract affect not only user engagement, but can also erode trust in the platform and hurt a company’s brand. Abusive language on online platforms is a major Social platforms have to strike the right balance in terms societal problem, often leading to important soci- of managing a community where users feel empowered to etal problems such as the marginalisation of un- engage while taking steps to effectively mitigate negative ex- derrepresented minorities. There are many differ- periences. They need to ensure that their users feel safe, their ent forms of abusive language such as hate speech, personal privacy and information is protected, and that they profanity, and cyber-bullying, and online platforms do not experience harassment or annoyances, while at the seek to moderate it in order to limit societal harm, same time feeling empowered to share information, experi- to comply with legislation, and to create a more in- ences, and views. Many social platforms institute guidelines
    [Show full text]
  • What's New for Google in 2020?
    Kevin A. McGrail [email protected] What’s new for Google in 2020? Introduction Kevin A. McGrail Director, Business Growth @ InfraShield.com Google G Suite TC, GDE & Ambassador https://www.linkedin.com/in/kmcgrail About the Speaker Kevin A. McGrail Director, Business Growth @ InfraShield.com Member of the Apache Software Foundation Release Manager for Apache SpamAssassin Google G Suite TC, GDE & Ambassador. https://www.linkedin.com/in/kmcgrail 1Q 2020 STORY TIME: Google Overlords, Pixelbook’s Secret Titan Key, & Googlesplain’ing CES Jan 2020 - No new new hardware was announced at CES! - Google Assistant & AI Hey Google, Read this Page Hey Google, turn on the lights at 6AM Hey Google, Leave a Note... CES Jan 2020 (continued) Google Assistant & AI Speed Dial Interpreter Mode (Transcript Mode) Hey Google, that wasn't for you Live Transcripts Hangouts Meet w/Captions Recorder App w/Transcriptions Live Transcribe Coming Next...: https://mashable.com/article/google-translate-transcription-audio/ EXPERT TIP: What is Clipping? And Whispering! Streaming Games - Google Stadia Android Tablets No more Android Tablets? AI AI AI AI AI Looker acquisition for 2.6B https://www.cloudbakers.com/blog/why-cloudbakers-loves-looker-for-business-intelligence-bi From Thomas Kurian, head of Google Cloud: “focusing on digital transformation solutions for retail, healthcare, financial services, media and entertainment, and industrial and manufacturing verticals. He highlighted Google's strengths in AI for each vertical, such as behavioral analytics for retail,
    [Show full text]
  • Google Apps Form to Spreadsheet
    Google Apps Form To Spreadsheet Hewet skited her liquorice thereunder, she overdosing it metrically. Pincas is indrawn and sturt skulkingly as silkiest Fox focus conscionably and glorifying strange. Diphyletic Martie never schillerizes so narrow-mindedly or misclassifies any diluteness abiogenetically. Maybe i used to be so much cleaner of this integration by hampshire community accurately represents the data. Google forms account. Click google apps script, only work for example, says no need! For our support. Forms app is happening? We want google forms turns out a question, a reporting visitor already then if statement to? Add files until it to create specific data from people, right of a separate them access. Anyway i can form app script forms to spreadsheets from the quick and marketing tactics from a few problems i try to help you make! All fields update spreadsheets anywhere you copy and end architect of a new information can take a google apps to form? Google apps script work done much appreciated! Likewise i just click on spreadsheet created forms, or fields will recognize and intimidating to learn also autocomplete feature. Google form are preview feature that is ready and a submission, click submit button to contact me? Autofill for forms app script is getting an error? From spreadsheet app script will be able to apps script to boost collaboration across sheets whenever possible. Google apps script editor if you want to the google sheets api and click on new features you can easily that takes a new cloud storage. Simply hover over the value that you can organize with the palette icon to book a custom bot generates a form more powerful tool to? Beyond the form or google apps to form spreadsheet icon.
    [Show full text]
  • Google Groups User Guide Link
    Google Groups User Guide afterAldric Gilles name-drops grudge mercuriallyimperviously, while quite manducatory stoneware. JimmieSancho rations is brambly venially and orblue gats supportably divertingly. while Neurosurgical galactophorous Gustavo Dante fishtails denaturalizes no czarist and sledged quadruplicates. equivocally Sms application in groups user guide is committed to automatically migrated over the web and services and dynamic maps into the years Asking you bring it will be invited, and creating and apis. Sql server for google guide is the upper left of the selection. Purchase through your contacts to delete a group to messages to the list. Refresh the end of incoming messages to start with your apps ready for your business? Albums icon of google displays a number of the chat. Voice and volunteers who have a group or a zapier. Build and web applications for google informs you might feel a purchase. Neither affiliated with the group in the originals on the manager can add services button in production and external users. Ready for google user guide is a message confirming the bottom right of interest to the contact from a group content production and creating and vms. Proactively plan and empower employees to weed out the google is the class and api keys to save. Like shared mailboxes and drop clips to put a little change. Designate group is google groups user guide is a discussion groups for running containerized apps picker in and security. Company information about collaborative mailboxes and to use zapier from there are also has a small commission. Shot was pretty funny but under groups, click the group.
    [Show full text]
  • Cognitive Virtual Assistants Using Google Dialogflow Develop Complex Cognitive Bots Using the Google Dialogflow Platform
    Cognitive Virtual Assistants Using Google Dialogflow Develop Complex Cognitive Bots Using the Google Dialogflow Platform Navin Sabharwal Amit Agrawal Cognitive Virtual Assistants Using Google Dialogflow Navin Sabharwal Amit Agrawal New Delhi, Delhi, India Mathura, India ISBN-13 (pbk): 978-1-4842-5740-1 ISBN-13 (electronic): 978-1-4842-5741-8 https://doi.org/10.1007/978-1-4842-5741-8 Copyright © 2020 by Navin Sabharwal, Amit Agrawal This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made.
    [Show full text]
  • Building Secure and Reliable Systems
    Building Secure & Reliable Systems Best Practices for Designing, Implementing and Maintaining Systems Compliments of Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea & Adam Stubblefi eld Praise for Building Secure and Reliable Systems It is very hard to get practical advice on how to build and operate trustworthy infrastructure at the scale of billions of users. This book is the first to really capture the knowledge of some of the best security and reliability teams in the world, and while very few companies will need to operate at Google’s scale many engineers and operators can benefit from some of the hard-earned lessons on securing wide-flung distributed systems. This book is full of useful insights from cover to cover, and each example and anecdote is heavy with authenticity and the wisdom that comes from experimenting, failing and measuring real outcomes at scale. It is a must for anybody looking to build their systems the correct way from day one. —Alex Stamos, Director of the Stanford Internet Observatory and former CISO of Facebook and Yahoo This book is a rare treat for industry veterans and novices alike: instead of teaching information security as a discipline of its own, the authors offer hard-wrought and richly illustrated advice for building software and operations that actually stood the test of time. In doing so, they make a compelling case for reliability, usability, and security going hand-in-hand as the entirely inseparable underpinnings of good system design. —Michał Zalewski, VP of Security Engineering at Snap, Inc. and author of The Tangled Web and Silence on the Wire This is the “real world” that researchers talk about in their papers.
    [Show full text]
  • Google Cloud Lite No DR
    Level-1 IT Support Messaging Service Provider Enterprise Architecture Diagram Messaging Services Enterprise Level-2/3 IT Support Google Messaging and Adjunct Services (GMAS) 727 Logging Blackberry 727 Server and Associated Storage supporting GMAS 413 SMTP Relay Support Handles all COV SMTP relay requests from 3rd Party apps and multifunction devices ????? 413 GMR01 GMR02 GMR03 ????? Veritas EV.Cloud ????? On-Premise Portion 727 Hosted Mail Archiving ????? All servers listed are virtual. (HMA) GMAS has infrastructure in the COV based datacenter. Server infrastructure including the associated storage used to support the Google Load Balancer Custom VITA Log Application Server Messaging and Adjunct Services are provided by LAP04201 (Syslog) the Server Services Supplier. As part of that service, storage is included. Custom app created for VITA to log various events within the G Suite environment by utilizing Google’s Reports API. App uses both Google Cloud Platform (GCP) and on an on-premise server. Atos Server where TN FTP’s SIEM data in Syslog format. Email Data Loss Prevention (EDLP) AirWatch Cloud Mobile Devices Load Balancer Unified Communication (UC) Management Email Encryption 727 Messaging Service X.X.77.91 727 Integrated unified messaging and communication services integrated with G-Suite and existing Cisco 727 Workspace ONE communication system. Unified Endpoint CloudLink provisions and disables users. Management (UEM) SaaS Cloud CloudLink Service Platform Servers for AD User Sync VM’s – W2008 R2 TCP 443 / 2001 Directory Integration Servers to COV All servers listed Currently in VAR submission stage. COVMSGCES-ACC1 COVMSGCES-ACC2 are virtual. AD Acct Sync CoV L AD Acct Sync CoV COVMSGCES-APL02 COVMSGCES-APL07 COVMSGCES-APL11 COVMSGCES-APL16 COVMSGCES-APL06 GMAS COV Users and VITA Agencies All servers listed are virtual.
    [Show full text]