IT Brief Asia logo
Technology news for Asia's largest enterprises
Story image

Interview: How Google Meet tackles security in the remote working age

FYI, this story is more than a year old

2020 may well be the year of the videoconference, as business travellers leave their suitcases at home and look to the internet to cover those all-important meetings. Google Meet is one video platform that has risen to the top of the ranks, with the company recently announcing that it would make the platform free for everyone.

I spoke to Google Cloud's Asia Pacific and China (APAC) head of security for networking and collaboration specialists, Mark Johnston.

His team works with customers across financial services, telecommunications and other regulated industries, as well as startups, to help address security, compliance and networking requirements when migrating to Google Cloud.

We've seen a huge shift to cloud communications tools over the last couple of months – what has it been like for Google Meet (particularly in Asia Pacific)?

Over the past few weeks, we've seen Google Meet help millions of people stay connected. Whether it is colleagues working from home, companies livestreaming to global employees or doctors providing remote care to patients — Google Meet is making this possible.

In fact, earlier this month we hit a new milestone with more than 2 million new users connecting on Google Meet every day, and spending two billion minutes together. We're humbled by the huge responsibility that comes with this growth, and we're determined to continue doing our part to help.

Have you modified your services to cater for an expected usage increase and if so, what kinds of things have you put in place?

We're well within our ability to handle increased network loads. Our network is designed to perform during times of high demand — like streaming the World Cup or Cyber Monday online shopping surges, so we are well within our ability to handle the load.

Meet, and all of G Suite, runs on Google's secure, resilient global infrastructure, which helps us reliably manage our capacity to keep our services up and running. We maintain considerable reserve capacity both inside our network and at hundreds of points of presence and thousands of edge locations.

Years of preparation has meant the performance of our infrastructure remains as high as it was before the pandemic. We also have proprietary hardware that helps satisfy capacity demands, so we remain prepared at this time.

How does Google Meet utilise Google Cloud's capabilities, particularly in terms of security, data protection, and transparency?

Meet takes advantage of Google Cloud's secure-by-design infrastructure to help protect your data and safeguard user privacy. The safety and security features are on by-default so you can be sure the right protections are in place from the get go.

For supported browsers (Chrome, Firefox, Safari, new Edge), we don't require or ask for any plugins to be installed. On mobile, we ask that you install the Meet app from App Store/Play Store. This limits the “attack surface” for Meet and reduces the amount of software users and specifically businesses need to patch with security updates on end-user machines.

We also ensure that only authorised users can use and access Meet services by using a 2-Step Verification option for accounts — making them secure and convenient. Google Meet users can enroll their accounts in our Advanced Protection Program (APP), which provides our strongest protections available against phishing and account hijacking and is specifically designed for the highest-risk accounts.

Karthik Lakshminarayanan mentioned in a recent blog that Google Meet includes anti-hijacking measures for web meetings and dial ins. Could you explain a little more about how attackers could hijack meetings (for example brute forcing numbers), and the potential effects?

Google Meet employs an array of counter-abuse protections to keep our customers meetings safe, including anti-hijacking measures for both web meetings and dial-ins — making it difficult to programmatically brute force meeting IDs.

A common way attackers hijack meetings is by guessing the meeting code. It's why we made our meeting codes 10 characters long, with 25 characters in the set, making it harder to guess.

We also limit the ability of any participants to join the meeting more than 15 minutes in advance of the scheduled time, reducing the window in which a brute force attack can even be attempted.

How does Google protect its tools from these types of attacks?

We employ a vast array of safe-by-default measures to keep meetings safe for both web meetings and telephony dial-ins.

In addition to what is mentioned in responses above, all data between the user and Google for video meetings is encrypted by default. For every person and for every meeting, Google Meet generates a unique encryption key, which only lives as long as the meeting and is never stored to disk — meaning calls are secure and protected.

Our products, including Meet, also regularly undergo independent verification of their security, privacy, and compliance controls, achieving certifications, attestations of compliance and audits against standards around the world.

For G Suite and Google Meet users from admins right down to end users, what protections does Google Meet put in place to protect businesses and their staff?

As mentioned above, Google Meet takes advantage of the same secure-by-design infrastructure, built-in protection, and global network that Google uses to secure your information and safeguard your privacy.

We have a number of built-in features that are on by-default available to all users so you can be sure the right protections are in place from the get go.

To help ensure that only authorised users administer and access Meet services, we support multiple 2-Step Verification options for accounts that are secure and convenient. These include hardware and phone-based security keys and Google prompt. Additionally, Google Meet users can enroll their account in the Advanced Protection Program (APP), which provides our strongest protections available against phishing and account hijacking and is specifically designed for the highest-risk accounts.

For hosts, we offer additional capabilities for extra security. For example, only the meeting host will be able to admit participants not on the calendar invite and only they can remove or mute participants directly within a meeting. Also, meeting participants can't rejoin nicknamed meetings once the final participant has left. This means if the instructor is the last person to leave a nicknamed meeting, people can't join later without the host present.

We understand the importance our technology plays in keeping businesses and teams moving forward, and are committed to continually innovating with new features to make our tools helpful, secure, and safe.

Related stories
Top stories
Story image
Cybersecurity
Spike in demand for cybersecurity training amid skills shortage
"Organisations cannot just rely on cybersecurity professionals to safeguard the businesses’ infrastructure and protect their data."
Story image
Network Management
VMware announces CSP product innovations and partnerships
These additions enable CSPs to modernise networks and accelerate 5G core, RAN and edge deployments and lifecycle management.
Story image
eCommerce
New FedEx report reveals biggest trends in eCommerce
The report shows that SMEs and consumers agree that there's room for further growth in the already booming eCommerce sector.
Story image
Revenue management
BillingPlatform improves offerings to foster customer revenue growth
BillingPlatform has enhanced its platform and products with a focus on helping customers drive revenue growth through improved CPQ functionality, new B2B digital commerce capabilities and expanding its payment integrations to include Stripe, Stax Payments and Adyen.
Story image
Web Development
Kafkawize joins Aiven to further open source journey
The acquisition signals Aiven's evolution from an open-source contributor to a steward of open-source communities. As part of this transition, Kafkawize has also been renamed Klaw.
Story image
Artificial Intelligence
TeamViewer and Hyundai Motor sign new strategic partnership
TeamViewer and Hyundai Motor have signed a strategic partnership with the hopes of accelerating digital innovation within an automotive smart factory.
Story image
Sustainable IT
Adobe surveys sustainability at work in Hong Kong employees
The top three sustainability practices are reducing paper usage (46%), digital document storage and management (43%), and curbing electricity consumption (37%).
Story image
Cybersecurity
Best practices for industrial cyber resilience
Operational technology (OT) security is gaining more attention than ever before, but sufficient understanding of what it takes to prevent breaches is still lacking amongst many organisations.
Story image
Cloud Services
Workday shares a vision to transform the partner ecosystem
The firm will unveil an enhanced partner program in early 2023, including three consolidated tracks for innovation, go-to-market, and service partners.
Story image
IT Automation
Tech job moves - Adobe, Ambit, blueAPACHE, Cue & DC Blox
We round up all job appointments from September 26-,30 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Ransomware
Commonwealth tackling rising cybercrime threat in Asia
Ransomware, identity theft, and virtual security attacks identified as growing threats to security and economic growth.
Story image
Firewall
Barracuda accelerates growth in its data protection business
Barracuda cloud-to-cloud backup protects against evolving cyber threats, such as ransomware, and is now transactable in the Azure Marketplace.
Story image
Cloud Services
Dell and Wind River transform telecom cloud deployments
Dell’s industry-first co-engineered solution with Wind River speeds the adoption of open, cloud-native network technologies.
Story image
Artificial Intelligence
Zendesk adds AI capabilities to customer support solutions
Zendesk recently announced Intelligent Triage and Smart Assist, new artificial intelligence (AI) solutions empowering businesses with customer support.
Story image
Subscriptions
Denodo targets mid-market with new subscription models
These new subscriptions will help mid-market companies to streamline data integration and accelerate speed to insights.
Story image
Omnichannel
The need for purpose-built mobility in retail today
Against the backdrop of increasing competition, retailers are increasingly looking for ways in which they can take costs out of their business without sacrificing operational efficiencies.
Story image
IT infrastructure
Kyndryl launches open solution, powered by co-creation
Kyndryl Vital is led by global teams of designers who work alongside customers and partners to define and solve complex problems with innovation.
Story image
Cybersecurity
Test your API Security with Infinite API Scanner
The effectiveness of API scanning technology can mean the difference between successful and unsuccessful programming outcomes, and often enterprises and IT leaders struggle to get it right.
AWS Marketplace
Whitepaper: A practical guide for mitigating risk in today’s modern applications
Link image
Story image
Cloud
MYOB provides efficiency boost with new inventory solution
Premium Inventory is an integrated solution that helps goods-based businesses improve efficiency, reduce costs and increase cashflow.
Story image
Databricks
Qlik and Databricks partnership advances cloud analytics
Qlik has announced two significant enhancements to its partnership with Databricks that make it easier for customers to combine Qlik's solutions and Databricks.
Story image
Artificial Intelligence
Fortinet advances AIOps to aid the hybrid workforce
"We’re continuing our commitment to AI innovation by delivering AIOps capabilities across our robust portfolio of enterprise networking technology."
Story image
Customer Relationship Management
NetSuite helps Australian bridal boutique to scale operations globally
Grace Loves Lace is now using Oracle NetSuite to create enhanced experiences for brides from Queensland, Australia, to locations worldwide. 
Story image
Cybersecurity
Continuous attack attempts discovered on Atlassian Confluence zero day
Following a coordinated disclosure of a zero-day vulnerability by Volexity in Atlassian Confluence, attackers went wild to exploit it.
Story image
Sustainable IT
Equinix commits US$50 million to advance digital inclusion
Establishes the Equinix Foundation, an employee-driven charitable organisation, to advance digital inclusion through grants and strategic partnerships.
Story image
Artificial Intelligence
Exclusive: Uniphore shares how Conversational AI can be the key to business success
Conversational AI and Automation are vital tools to help further promote organisational cohesion and communication, and Uniphore is leading the charge.
Story image
Digital Transformation
NEC Corporation and Red Hat expand global collaboration
NEC Corporation and Red Hat have announced an expanded global collaboration to drive IT modernisation and digital transformation on Red Hat OpenShift.
Aws Marketplace
Learn how to implement a backup and recovery plan for a new generation of Kubernetes-based modern applications
Link image
Story image
Digital Transformation
How businesses can stay connected with their clients in a digital environment
Staying connected in a virtual world requires strong communication and collaboration, especially with many workplaces adopting a work-from-anywhere business model.
Story image
Legacy
Trellix enables greater cyber resiliency with extended XDR platform
"Legacy SIEM technology has failed to modernise security operations. We are confident Trellix XDR fills this critical gap.”
Story image
Malware
Black Lotus Labs discovers new, multipurpose malware
Black Lotus Labs, the threat intelligence team at Lumen, has discovered a new, rapidly growing, multipurpose malware written in the Go programming language.
Story image
Radio access network
Dell and Fujitsu team up on Open RAN solutions and initiatives
Dell Technologies and Fujitsu are working together to make it easier for CSPs to accelerate the adoption and simplify the deployment of Open RAN.
Story image
Customer Relationship Management
Diagnostic: Does your tech stack up for growth?
It’s common for tech companies to encounter limitations in their tech stack as they experience growth. After all, at first, you only need to invest in systems to support the needs of an early-stage or single-entity business.
Story image
Tax
BlackLine adds tax hyperautomation capabilities to its solutions
The extension to BlackLine's intercompany solutions comes in response to organisations facing increasing intercompany tax scrutiny globally.
Story image
Microsoft
Yubico research finds concerning trends around authentication security practices
A new global survey from Yubico has found that 59% of employees still rely on usernames and passwords as the primary method to authenticate their accounts.
Story image
Microsoft
A deep dive into a Corporate Espionage operation
In the last few years, we have seen a dramatic shift in the level of sophistication of cyberattacks, mostly thanks to the introduction of the profit-sharing business model for financially motivated threat actors.
Story image
Apple
Jamf shows intent to acquire mobile security firm ZecOps
This acquisition positions Jamf to help IT and security teams strengthen their organisation’s mobile security posture.
Story image
eCommerce
Customer loyalty drops when brands don't innovate - report
Customers are quick to flee slow-to-innovate brands with lagging commerce experiences, with millennials and Gen Z leading the migration.
Story image
Firewall
Forrester names Akamai as web application firewall leader
"We continually monitor and improve our capabilities to defend customers from new threats, while enabling customers to protect evolving attack surfaces."
Story image
Cloud
IBM releases Transformation Index to assist cloud innovation
IBM has released its Transformation Index: State of Cloud, commissioned by the company and conducted by an independent research firm.
Story image
Data Protection
99% of security experts unhappy with tokenisation investment
Cybersecurity experts are looking for a solution that provides the strength of tokenisation while removing the friction that has accompanied it in the past.