How Google Meet addresses security in the remote working age



[ad_1]

2020 could well be the year of video conferencing, as business travelers leave their bags at home and search the Internet to cover such important meetings. Google Meet is a video platform that has risen to the top of the ranks, and the company recently announced that it would make the platform free for everyone.

I spoke to the head of security for Google Cloud for Asia Pacific and China (APAC) for networking and collaboration specialists, Mark Johnston.

His team works with clients in financial services, telecommunications and other regulated industries, as well as startups, to help address security, compliance and network requirements when migrating to Google Cloud.

We’ve seen a big shift towards cloud communication tools in the past few months: what has it been like for Google Meet (particularly in Asia Pacific)?

In the past few weeks, we’ve seen Google Meet help millions of people stay connected. Whether it’s colleagues working from home, companies streaming live to global employees, or doctors providing remote patient care, Google Meet is making it possible.

In fact, earlier this month we reached a new milestone with more than 2 million new users connecting on Google Meet every day and spending two billion minutes together. We are honored by the great responsibility that this growth entails, and we are determined to continue to do our part to help.

Have you modified your services to meet an expected increase in usage and, if so, what kinds of things have you implemented?

We are within our ability to handle increased network loads. Our network is designed to work during times of high demand, such as streaming World Cup or Cyber ​​Monday online shopping waves, so we are within our ability to handle the load.

Meet and the entire G Suite run on Google’s strong and secure global infrastructure, helping us to reliably manage our ability to keep our services running. We maintain considerable reserve capacity both within our network and at hundreds of points of presence and thousands of edge locations.

Years of preparation have meant that the performance of our infrastructure remains as high as before the pandemic. We also have proprietary hardware that helps meet capacity demands, so we are still prepared at this time.

How does Google Meet use Google Cloud capabilities, particularly in terms of security, data protection and transparency?

Meet leverages the secure design infrastructure of Google Cloud to help protect your data and safeguard user privacy. Security and protection features are enabled by default, so you can be sure that the proper protections are in place from the start.

For supported browsers (Chrome, Firefox, Safari, new Edge), we do not require or ask for plugins to be installed. On mobile devices, we ask that you install the Meet app from the App Store / Play Store. This limits the “attack surface” for Meet and reduces the number of software users, and specifically businesses need to patch with security updates on end-user machines.

We also ensure that only authorized users can use and access Meet services using a two-step verification option for accounts, making them secure and convenient. Google Meet users can enroll their accounts in our Advanced Protection Program (APP), which provides our strongest protections available against phishing and account hijacking and is specifically designed for the highest risk accounts.

Karthik Lakshminarayanan mentioned in a recent blog that Google Meet includes anti-hijacking measures for web meetings and markup entries. Could you explain a little more about how attackers could hijack meetings (e.g. brute force numbers) and the possible effects?

Google Meet employs a number of abuse protections to keep our clients’ meetings safe, including anti-hijacking measures for both web meetings and bookmarking, making it difficult to programmatically identify meetings by brute force.

A common way for attackers to hijack meetings is by guessing the meeting code. That’s why we made our meeting codes 10 character, with 25 characters in the set, making it more difficult to guess.

We also limit the ability of any participant to join the meeting more than 15 minutes before the scheduled time, reducing the window in which even a brute force attack can be attempted.

How does Google protect its tools from this type of attack?

We employ a wide range of default safeguards to keep meetings safe for both web meetings and phone calls.

In addition to what was mentioned in the previous answers, all data between the user and Google for video conferencing is encrypted by default. For each person and for each meeting, Google Meet generates a unique encryption key, which only lasts for the meeting and is never stored on disk, which means that calls are safe and secure.

Our products, including Meet, also regularly undergo independent verification of their security, privacy, and compliance controls, achieving certifications, compliance certifications, and standards audits around the world.

For G Suite and Google Meet users, from administrators to end users, what protections does Google Meet put in place to protect businesses and their staff?

As previously mentioned, Google Meet leverages the same secure infrastructure by design, built-in protection, and global network that Google uses to protect your information and privacy.

We have a number of built-in features that are turned on by default for all users, so you can be sure that the proper protections are in place from the start.

To help ensure that only authorized users manage and access Meet services, we support multiple two-step verification options for accounts that are secure and convenient. These include hardware and phone-based security keys and the Google prompt. Additionally, Google Meet users can enroll their account in the Advanced Protection Program (APP), which provides our strongest protections against phishing and account hijacking and is specifically designed for the highest risk accounts.

For hosts, we offer additional capabilities for added security. For example, only the meeting host will be able to admit participants who are not in the calendar invitation, and only they can delete or mute participants directly within a meeting. Also, meeting participants cannot rejoin dubbed meetings once the final participant has left. This means that if the instructor is the last person to leave a known meeting, people cannot join later without the host present.

We understand the importance of our technology to keep companies and teams moving forward, and we are committed to continually innovating with new features to make our tools useful, safe and secure.

[ad_2]