Google just earned a new, higher security certification for its Google Apps for Business cloud platform. On May 28, Google publicly announced the new ISO 27001 certification, but the question on the minds of many businesses is what exactly does this mean for data security in the cloud?
In order to understand what kind of effect the new certification will have on businesses and cloud computing, it’s important to know what ISO 27001 certification is and how it’s earned.
ISO 27001 certification is part of an Information Security Management System (ISMS) and is one of the most internationally accepted independent security standards. To earn this certification, Google had to pass a three-part auditing process. In this case, it was conducted by Ernst & Young CertifyPoint, which is an official ISO certification body.
The first step of the process is an informal audit of information security risks and controls, and it is followed by a much deeper, formal review. Finally, Google opened itself up to additional audits following-up on the previous reviews to make sure that Google was continuing its practices.
During the audit, Ernst & Young CertifyPoint looked for, among other points, specific requirements that had to be met. These requirements were three-fold. The auditing body assessed Google’s information security risks, noting any threats, vulnerabilities, or impacts. It also evaluated to make sure that Google had developed a functioning set of risk treatment methods to combat unacceptable risks and information security controls. Lastly, the certification body checked that Google had a management system in place that would guarantee that it would meet ongoing security needs.
While this certification process is extremely rigorous, it was well worth the effort for both Google and businesses looking to do a Google Apps migration. Google can now offer businesses an even higher level of cloud security, which should make even the largest corporations feel comfortable with moving their data to the Google cloud network.
Google has fielded doubts about cloud security since it first entered the market in 2006. Though it has made great strides to assure its customers across all platforms, especially businesses, of the security of its cloud network, this latest step clears a much higher hurdle. Now more than ever, businesses are feeling comfortable with the security of the cloud, but some large businesses still need some convincing. But now that Google Apps for Business is certified in one of the most internationally accepted independent security standards, any lasting concerns are likely to diminish. After all, these businesses are now realizing that Google is capable of making significantly larger security investments than they are individually.
In addition, Eran Feigenbaum, Director of Security for Google Enterprise, also believes that this new certification, alongside the FISMA certification and SSAE 16 / ISAE 3402 audits for Google Apps for Government, will assure customers that Google takes cloud security seriously and is dedicated to further enhancing its ISMS. To continue to prove this point, Feigenbaum says Google will continue to submit itself to audits and certifications by third-parties.
This increased focus on cloud security, which has resulted in a higher, more respected certification for Google Apps for Business, will certainly benefit businesses both small and large, who can now be more certain than ever that their data is safe in the cloud.
About the Author: Cloud Sherpas is a leading cloud service provider and was named the “Google Enterprise 2011 Partner of the Year.” As one of the first Google Enterprise partners, Cloud Sherpas has migrated over one million users across a variety of industries from legacy, on-premise messaging systems to Google Apps, helping organizations adopt cloud computing to innovate and dramatically reduce their IT expenses. A Google Apps Reseller in Atlanta, GA, Cloud Sherpas has regional offices in locations including San Francisco, New York, Chicago, Austin and Sydney, and has more Google Apps Certified Deployment Specialists than any other partner in the world.