[upbeat music] Barry: Privacy, security, compliance, and availability, these terms often get bundled together or used interchangeably because there's some overlap. It's important, though, to distinguish between them, especially when evaluating cloud service providers. I'll start with privacy. Privacy in the context of cloud technology refers to the data an organization or an individual has access to and who they can share that data with. Imagine that you have an important letter or document. It contains private information, so you lock it away in a drawer in your house. You also keep the key with you, so you can be sure no one else has access to it unless you give them permission. With traditional technology, an organization would store that letter, or their private data, on-premises where it feels safe because they generally know where it is and trust that the letter will be kept private. Storing data in the cloud is different in that it's more like taking that private information and keeping it in a commercial storage facility. It's locked away just as before, but now you've relinquished some of the control to someone else. That facility will likely have better security controls than you could provide yourself. Now, storing your data in a facility you don't own or completely control might be daunting. You might be wondering, how can I be sure no one else is accessing my data? Or what could a facility manager, for example, do with my data? And the answer is, when moving your data to the cloud, the facility and its employees only store or process your data. The data itself remains private. I'll cover more details about how Google Cloud ensures that customer data remains private a little later in this module. Let's move on to the next term. Security in the cloud refers to the policies, procedures, and controls put in place to keep data safe. If we go back to the letter analogy, the lock on the drawer is a security measure. Why is this important? If an organization regularly handles customer data, for example, it has a responsibility to its customers to ensure that customer private data is protected from external threats. Data breaches put an organization's reputation at risk, and in today's fast-paced global economy, reputation is everything. So business leaders want to trust that only authorized people have access to sensitive company information. Compliance takes data security one step further. It's about meeting standards set by a third party. This third party might be a regulatory authority, or it might be an international standards organization. Compliance is especially important in highly regulated industries, such as healthcare or banking, where there's an abundance of sensitive data. In these cases, an organization's approach to data security needs to meet any requirements set forth by the relevant standards or regulatory bodies in its region or industry. The next term is availability. IT teams want to prevent unauthorized access to data, yet still make sure the data is available when needed. This describes the availability or reliability of a service. Availability refers to how much time the cloud service provider guarantees that your data and services are up and running or accessible. The availability of a service is typically documented as a percent of time per year, for example, 99.999% or 5/9. In this example, services would only be unavailable for five minutes in a year. To assess the availability of a service, you might ask, for example, does the system work? Am I confident that I can access my files anytime I need to, day or night? Or will I not have access due to system downtime? Whether you're working in healthcare, banking, retail, or even education, it's critical to understand how you and your cloud provider can work together to keep your organization's data private, secure, and compliant while maintaining service availability and subsequently, reliability. If you're using or plan to use Google Cloud products and services, Google Cloud's commitment to helping you keep your data secure and private is as follows: You own your data, not Google. That means that your data is your data, period. Google doesn't sell customer data to third parties, and Google Cloud does not use your data for advertising purposes. Google Cloud only processes a customer's data according to the specific instructions it receives. Next, all customer data is encrypted by default. Google Cloud was the first cloud provider to encrypt all customer data at rest by default without customers needing to do anything. Google Cloud guards against insider access to your data. Insiders are only able to access customer data with their permission or in very specific scenarios with specific instructions. Google never gives any government entity backdoor, or unlawful, access to data or to Google servers that store data. Google rejects government requests that are invalid and regularly publishes a transparency report detailing government requests. And finally, our privacy practices are audited against international standards. This includes standards like ISO 27-0-17, which covers the protection of personally identifiable information, or PII, in cloud services. All right, we've covered the definitions for key terms and Google Cloud's commitments to securing customer data. In the next video, let's move on to today's cybersecurity challenges.
