How secure are Brown's Google services? Is there information I should not be storing in Google Drive?
The Brown Information Security Group has reviewed and approved of the data security position at Google. Their favorable review and decisions were based upon:
- a review of the contract presented to the University by Google
- a review of the Privacy and Security policy of Google (http://www.google.com/privacypolicy.html) which includes the following:
- "We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data. We restrict access to personal information to Google employees, contractors and agents who need to know that information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations."
- The terms and conditions of Google Apps aligns, supports, and complement current Brown security and privacy email policy.
- A teleconference discussion with Google representatives, which indicated that the same privacy standards used for Google employees is utilized for customers on the Google Apps platform
- Answers provided by Google relative to hiring standards, physical and logical security, access controls, authorization, and authentication
It should be noted that there is a contractual statement by Google in the Terms and Conditions which states that Google will not guarantee that University data will be housed in servers based in the United States. This is of importance to any faculty member who will be working with data sponsored by government grants, as such grants many specify for the data to remain in the United States.
Is my privacy and the confidentiality of our email and documents protected?
Google may be compelled to disclose Brown's confidential Information when required by law but only after it, if legally permissible: (a) uses commercially reasonable efforts to notify the owner; and (b) gives the owner the chance to challenge the disclosure. This is at least as much protection as is afforded by existing Brown policy.
What if something needs to be totally private?
One should remember that no email or storage system is completely secure, and privacy cannot be assumed. With this in mind however, Google utilizes best of breed hardware, software, and security architecture to maintain confidentially and privacy. If something needs to be totally private, email is perhaps not the best method for transmission.
Where will the servers be located for Brown's Google services?
Servers are housed in Google's data centers - Google does not disclose the exact locations of their servers for security reasons. The content of each email or document is spread around to several different physical data center locations so that in the unlikely event that one of Google's data centers is compromised, Brown's data will still be protected. This is actually much more rigorous than the security of our existing service.