Since news outlets have reported the extent of the National Security Agency’s surveillance activity monitoring Americans, some consumers may be uneasy about the thought of agents looking over their emails. However, many tech companies have begun to fight back with added encryption techniques. Google, for example, has begun to encrypt all of its traffic between email users, email servers and data centers.
Users can check the security of a site for themselves by looking at the website’s URL. If a website has https:// in front of it, than that means it is using encryption to keep hackers from spying on your data.
Google (GOOG) made encryption between data servers a priority after the revelations last summer that the NSA kept surveillance on sites like Gmail to read emails.
“Our commitment to the security and reliability of your email is absolute, and we’re constantly working on ways to improve,” said Nicolas Lidzborski, Gmail security engineering lead.
HIPAA Compliance & Google
Encryption is crucial for keeping data secure in the health care industry, as health companies must comply with privacy rules derived from the Health Insurance Portability and Accountability Act. Google has been making major advances in compliance practices that are specific to the health care industry, according to Health IT Security. This time, the tech company has added features to its cloud service, allowing for Business Associate Agreements (BAAs) between health care industry users and the Google cloud. Google first added HIPAA-compliance BAAs to its services last year in October. Google’s website indicates it offers BAAs for Gmail, Google Calendar, Google Drive and the Google Apps Vault.
Previously, the Oregon Health and Science University was reprimanded when it stored HIPAA-protected data at Google without signing a BAA. Google has since created a streamlined process for signing a BAA.
The process has Google asking the following questions:
- Are you a covered entity (or business associate of a covered entity) under HIPAA?
- Will you be using Google Apps in connection with protected health information?
- Are you authorized to request and agree to a Business Associate Agreement with Google for your Google Apps domain?
Google & Email Security
With the upgrade to encrypted email, Google is now successfully able to prevent nearly all email account data breaches, according to Dark Reading. It has so far reduced the number of Google account compromises by 99% as of last year. According to Mike Hearn, a security engineer with Google, there is a system of risk analysis in place that determines the likelihood that a person signing into Google is truly the one who owns the Google account. This system uses 120 variables and occurs every single time someone logs into Google, whether it is every five minutes or every month.
More from Credit.com