Google VPN and privacy and data implications

November 2, 2020

Google has announced it will be releasing a new Virtual Private Network (VPN), which will be directly embedded in Google One services.

With one tap from the Google One app, users will be able to encrypt their online activity for an extra layer of protection wherever they're connected, Google says. In addition, users can stream, download and browse on an encrypted, private connection, shield against hackers on unsecured networks (like public Wi-Fi), and hide their IP address and prevent third parties from using it to track their location.

"We already build advanced security into all our products, and the VPN extends that security to encrypt all of your phone’s online traffic, no matter what app or browser you’re using. The VPN is built into the Google One app, so with just one tap, you can rest assured knowing your connection is safe from hackers," Google says.

Cybersecurity experts, however, think the service leaves much to be desired.

Joseph Carson, chief security scientist and Advisory CISO at Thycotic, a Washington, D.C. based provider of privileged access management (PAM) solutions, says, “A VPN by one of the largest data collection companies in the world is a scary thought. This initially makes me think that it is not exactly a VPN product which is meant to be a virtual private network which typically means that no one can see your data requests. This might be more of a No One Else But Us (NOEBU) will get your data. When products advertise themselves as a VPN, it must be absolutely clear about who it protects against and also whom it is giving access to your entire data communications history to. I hope that this is truly a security motive to make people safe from cybercrime and not one to try and get more data under the disguise of a security solution.”

Dirk Schrader, Global Vice President at New Net Technologies (NNT), a Naples, Florida-based provider of IT security and compliance software, explains: “The Google VPN service is nothing more than a bloated ‘security feature’. It encrypts the last mile, however, that doesn’t solve the issue with these apps that are using weak encryption or no encryption at all. It simply moves the point where the data will be unprotected to a different place, the tunnel end of Google’s side. This VPN feature might make it more difficult to conduct Wi-Fi attacks, but not much more. When Google states that the VPN will hide the user’s location to prevent third parties from tracking them, what is the use of this protection if Google sells the collected data to the exact same third party? Google should use its powers and knowledge to help these app developers apply stronger encryption, instead of deviating from the real problem.”

Microsoft’s Edna Conway, Chief Security and Risk Officer of Azure, will lead this session and provide a real-world, tangible approach to address security and resilience to support you in your journey to operational resilience.

Protecting employees from potential exposure could be a daunting task, but with the right property technology, your office space can become an interactive and responsive asset that helps you ensure new health protocol compliance.