Photo: Google Enterprise Director of Security, Eran Feigenbaum
Imagine what would happen if all the Google engineers turned rogue and held the world's Gmail accounts to ransom. Or if aliens attacked earth and wiped California off the map.
It sounds more like something from a Hollywood movie script than real life, but that's the nature of disaster recovery - you rarely see it coming.
It may come as a surprise, however, to learn that the folks at Google Enterprise have considered just these scenarios.
"We play a lot of games here," admits Google Enterprise director of security, Eran Feigenbaum. "Part of our disaster recovery plan is to assume the worst has happened. In last year's scenario, Google was attacked by aliens and California was off the map. We asked: What do we do? How do we run our infrastructure?"
Feigenbaum holds some serious security credentials; before joining Google in 2007, he held the post of US chief information security officer (CISO) for PricewaterhouseCoopers. He also spent several years designing and implementing cryptosystems for electronic commerce solutions for Fortune 1000 clients and government agencies.
But the links to Hollywood run deeper than war gaming and role play. When he is not defining and implementing the security strategy for Google's enterprise product suite, you are likely to find him practising the more arcane pursuits of magic and mentalism.
Indeed, you may know him better as Eran Raven, the contestant from NBC television show, Phenomenon.
"On a personal basis, I think the mentalism and profiling makes you curious," he says. "It makes you want to attack problems, break them down and not accept the status quo. As a good security professional, I take those same types of skills. That's really the way we do things a Google; let's not accept things just because that's the way it has been done in past. Let's really attack it, break it down and ask: How can we do this better and change the way computing is done."
It's one of the reasons Google operates its own infrastructure, and custom-builds firewalls at the front end. But Feigenbaum maintains the real measure of a good security organisation is not just about security itself, but about how it reacts to an incident. For its part, Google employs more than 250 dedicated security professionals, as well as internal audit and compliance teams, physical security teams and those within the product teams.
"People don't like to talk about it - we never want to think about getting into a car accident," he says. "But the reality is security incidents happen for various reasons. It's about how you react to that. Having a 24/7 security team is part of that and having our major security operations in California and Zurich so we can work through time zones.
Sign up for Computerworld eNewsletters.