Google’s Security Policy, Disaster Recovery and Business Continuity

For this post, I will explore Google’s security policy, Disaster Recovery and Business Continuity. In the event of a natural or humanmade disaster, failure of hardware, or another unplanned, damaging event, a company must have a detailed and properly-executed disaster recovery plan (DRP). For such a large company such as Google, the DRP has to be as sophisticated as the technology behind Google’s search engine, among their other fantastic products. A business continuity plan (BCP), provides the steps and methods in which business operations will continue after an unpredicted outage or downtime.

Google’s DRP and BCP are utilized in each of its data centers and uses multiple components/steps to reduce any single point of failure/increase redundancy. In the effort to lessen the chance of data loss for Google’s various hardware, software, and services, all application data is replicated to multiple systems within multiple data centers, thus ensuring the continuous operation of their apps, as well as provide the means to restore data using numerous channels (Google, 2012).

Additionally, Google’s data centers are geographically located to ensure the continued operation of its applications and information transfer in the event of disaster falling upon an individual data center (Google, 2012); if this happened, another data center in an area that wasn’t subjected to the failure would take over the inflicted data center’s operations. The ability to quickly swap data centers is provided by high-speed connections, along with 24/7 coverage and proper system administration.

Google’s headquarters in Mountain View, CA, follows a specific BCP in the event of a disaster, planning for up to 30 days of services/personnel unavailability. In conjunction with this BCP, proper testing of Google’s DRP is performed continuously to ensure its many steps are followed correctly. In these tests, both operational and business IT systems are taken off-line, thus simulating, for example, a seismic event. Once the IT systems are turned off, fail-over systems and policies are enabled, transferring data around and ensuring day-to-day operations are kept intact.

Due to Google’s highly-sensitive nature of its information, the world’s massive usage of its applications and services, and the increasing level of risk of natural and human-made disasters/attacks, Google’s multi-tiered information security and disaster recovery policies are vital to ensuring one of the largest tech companies of all time can effectively and securely provide the many gadgets and apps that connect us all.


Whitman, M., & Mattord, H. (2016). Management of Information Security. (6th ed.). Boston, MA: Cengage Learning.

Google’s Approach to IT Security. (2012). Retrieved December 16, 2019, from

Categories: Security

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s