Google experiments with cutting employees’ web access
Google is reportedly disconnecting thousands of employee desktop computers from most of the internet as part of an internal security trial.
Hannah Minn
· less than 3 min read
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
One way to secure a network? Disconnect it.
Google is reportedly testing disabling internet access for thousands of employees—with the exception of internal tools and Google-owned platforms—as part of an experiment in better securing the workplace, CNBC reported. Root access will be disabled for some employees.
Internal descriptions of the project that CNBC obtained stated “Googlers are frequent targets of attacks.” The experiment is intended to prevent hackers from stealing data or remotely deploying arbitrary code. Since employees can access Google-controlled parts of the internet, it doesn’t appear to be a true air gap, which would disconnect the machines entirely from other networks.
Google doesn’t plan to roll out the restrictions company-wide, according to Google VP of security Heather Adkins.
“No, we aren’t turning the internet off @google,” Adkins tweeted, adding the test only applied to “very specific” machines. “Testers have full internet access on other devices, and can also opt out of the test!” she added.
As ZDNet noted, Google hasn’t had a major data breach since a 2018 API bug update leaked tens of millions of Google+ users’ data, but rival Microsoft was recently targeted in a token forging attack by a hacker group in China.
The attack on Microsoft compromised email accounts at several US government agencies, and may have exposed millions of Azure Active Directory apps. Notably, both Google and Microsoft are increasingly competing for major US government contracts.
While gapping systems from the broader internet cuts off threat actors’ potential access vectors, it can also pose a major inconvenience to workers who lose access to online resources. Organizations also sometimes overlook flaws in air gap implementation, such as unknown points of IT/OT convergence.
“Ensuring the safety of our products and users is one of our top priorities,” a Google spokesperson told CNBC in a statement. “We routinely explore ways to strengthen our internal systems against malicious attacks.”
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.