Customer Questions around Security/Privacy boundaries

[Julie Zhu]

Hi Translate API experts,

My customer is currently evaluating the use of translate API.

They have below questions, wonder if you can provide some guidance on it, thank you so much!

• What privacy attestations are available for Google translate?
• What security controls are available to limit access to “translated content”?
• Does Google delete the translated content, or is it retained for any reason.?
• Any other information you can shed some light on to help us better assess the use of Google translate.

[Julie Zhu]

Gentle ping,

Anyone can point the customer to the right direction?

Thank you!

sincerely,

Julie

--

Julie Zhu Customer Engineer @ Google Cloud Mobile 860 480 5265 10 Summer Street, Boston, MA, 02110

[Yingjie He]

Hi Julie,

Here is the public doc for the data usage: https://cloud.google.com/translate/data-usage, I think it will resolve most of your questions.

Please let us know if you have other questions. 

Thanks very much!

[Julie Zhu]

Hi Yingjie and all,

This is super helpful! Thank you!

one additional customer concern, though, ( the doc doesn't address)

How does Translate API deal with issue when people use the translate solution to bypass firewall rules and access blocked sites?

As described in this article

https://www.thetechbasket.com/google-translate-as-proxy-server/

Thank you!

sincerely,

Julie

--
You received this message because you are subscribed to a topic in the Google Groups "Google Cloud Translation API" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-translate-api/4pH7bt16_hw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-translate...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-translate-api/1d7c653b-f632-44c8-bad0-b0f3b46beb59n%40googlegroups.com.

[Julie Zhu]

Hi Experts,

Just bubble this up, see if you can help with any pointers?

Thank you!

sincerely,

Julie

[Raul Saucedo Ramirez]

This scenario you mentioned could happen if your firewall is misconfigured to the internet, you could have some security issues. You could follow official tutorials to correctly configure the firewall with a translation API. 

[Julie Zhu]

Hi Raul and Translate team,

Customer's concern is not about firewall, firewall can be very well configured but using the method indicated here

People can still bypass firewall using translate api as a proxy.

What would be your recommendation to avoid /mitigate such breach?

\Thank you!

sincerely,

Julie

To view this discussion on the web visit https://groups.google.com/d/msgid/google-translate-api/ea0e01a9-79ad-4798-ba11-dd3d11d4af75n%40googlegroups.com.

[Jose Gutierrez Paliza]

The key principle to understand: Which IPs can connect to the instance: Port being secured by IAP[1]? Connections that don't go through GCLB or TCP API aren't subject to IAP access control.

If the firewall allows connections from any other IPs, those connections are not subject to IAP. This means that if your firewall allows connection from any other IP’s it is possible to have a bypass.

You could Restrict Peer Ip’s through a Cloud VPN Tunnel[2] reducing the risk of bypassing existing security controls.

For apps hosted on Google Cloud Load Balancing, you can configure the GCE firewall to allow direct access to the backend for certain IPs.

[1]https://cloud.google.com/iap 

[2]https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview#vpn-org-policy