Information security is important to any business, and cloud security has concerned many businesses for years. Since Google first launched its cloud platform in 2006, it has worked to make Google Apps for Business as secure as possible. And on May 28, Google reached a new level in cloud security for businesses when it announced that Google Apps for Business had earned ISO 27001 security certification.
This announcement was not only big news for Google and for businesses, but also for cloud security. The ISO 27001 certification that Google achieved is part of an Information Security Management System (ISMS) and is one of the most internationally accepted independent security standards.
In order to achieve the ISO 27001 certification, Google had to meet specific requirements. Google opened itself for an assessment of its information security risks that made special note of impacts, vulnerabilities, and threats. There had to be operating risk treatment methods ready for use against unfavorable risks as well as a suite of information security controls and a management system prepared to meet ongoing security needs.
To determine whether or not Google met these requirements, Ernst & Young CertifyPoint conducted a three-part audit. First, the body conducted an informal review of the risks and controls associated with Google’s information security. This step was followed by a significantly more in-depth audit. To complete the process, Ernst & Young CertifyPoint did ongoing reviews to guarantee that Google continued its information security practices.
The process of earning this certification is not easy, but the result for Google was well worth the effort. Now, large businesses that had any lingering concerns about information security in the cloud should be more comfortable with the idea of a Google Apps migration, knowing the service is backed by an internationally accepted independent security standard.
Although Google making large security investments is not something new, this latest certification should bring the importance of cloud security to Google to the forefront. When people see Google Apps for Business’ ISO 27001 certification alongside Google Apps for Government’s SSAE 16 / ISAE 3402 audits and FISMA certification, Director of Security for Google Enterprise Eran Feigenbaum believes that there should be no doubt that Google has made security for its cloud platforms a top priority. To stress this idea and to further ensure users of the safety of their data, Google will continue to have third-parties audit its security controls.
In general, Google’s new, high-level security certification should put even the largest enterprises at ease with cloud security. Google made a huge investment in information security by undergoing the audit and meeting the requirements for ISO 27001 certification, and its efforts should prove that security in the Google cloud has surpassed expectations.