Google toys with internet air-gap for some staff PCs

In a bid to shrink the attack surface of its army of employees, and thus boost security, Google is taking an experimental approach: cutting some of their workstations off from the internet. 

The Chocolate Factory has seen fit to sever staffers' links to the outside electronic world, admittedly on a small scale, according to internal documents viewed by CNBC. Roughly 2,500 Googlers were selected for the internet air-gap trial, and then following some feedback the search giant adjusted it so that people can opt out and others can volunteer.

The Register was able to confirm the pilot program with Google, which told us it was being limited to fewer than two percent of workstations. Those who choose to participate will have their general internet access removed along with root privileges on their individual boxes if they had that.

We experiment continuously to raise the cost of attacks

"Ensuring the safety of our products and users is one of our top priorities," a Google spokesperson told us, adding the corporation "routinely explore[s] ways to strengthen our internal systems against malicious attacks." 

Google's tools and office software accessed via the web will still be accessible to those cut off from the internet generally. Workers in the program who require internet access for their jobs will be able to get exceptions. Whether that's a precursor to a wider workstation lockdown, Google VP of Security Engineering Heather Adkins took to Twitter to answer with an emphatic no. 

"We aren't turning the internet off at Google," Adkins tweeted. "We experiment continuously to raise the cost of attacks for bad guys and are running a short test."

Regardless, cutting user workstations off from the internet is an obvious way for Google to decrease its cybersecurity footprint, and it couldn't come at a better time what with, say, supply chain attacks in vogue.

• IT security teams, business execs still not on same page
• Mind the airgap: Why nothing focuses the mind like a bit of tech antiquing
• Israeli researcher fans fears: here's another way to cross the airgap
• Google uses India to test 'deliver to the house near the post office' feature

And also attacks on centralized cloud-based systems. For instance, Microsoft recently confirmed it was caught up in a serious security breach in which alleged Chinese snoops Storm-0588 breached Outlook Web Access accounts belonging to 25 organizations, including a US government agency.

The financial cost of data theft is rising as well; we trust Google with so much of our information and IT infrastructure that efforts to shore up its internal security will be welcome.

That said, the effectiveness of Google's small-scale test may be hard to ascertain. While we didn't get much in the way of direct answers to our questions from Google, a spokesperson did tell us that neither laptops nor smartphones are included in the pilot - just desktop workstations. Adkins' tweet backed that up. Googlers are free to get online from their portable or handheld devices, which speaks to the nature of the tech goliath's internal network structure. ®