Cloud // Software as a Service
News
5/29/2012
01:40 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
Repost This

Google Apps Clears Key Security Hurdle

Google Apps for Business wins ISO 27001 certification, potentially opening the door to wider adoption in government and regulated industries.

Google Drive: 10 Alternatives To See
Google Drive: 10 Alternatives To See
(click image for larger view and for slideshow)
Google said Monday it had received ISO 27001 certification for Google Apps for Business, a recognition of its information security practices that will make its cloud services more palatable for use in government and other regulated industries.

Back in 2007, when Google first introduced a version of Google Apps for Business--under the name "Google Apps Premiere Edition"--worries about security made many companies reluctant to migrate from on-premises IT to cloud computing.

Since then, Google has addressed those concerns, where warranted, through features like the integration of Postini's enterprise message services, support for two-factor authentication, and the launch of FISMA-certified Google Apps for Government.

Eran Feigenbaum, director of security for Google's enterprise group, says that security is now a reason that organizations are adopting Google Apps rather avoiding it.

"The reason for this shift is that businesses are beginning to realize that companies like Google can invest in security at a scale that's difficult for many businesses to achieve on their own," he said in a blog post.

[ Read Microsoft Accuses Google Of Lying About Security Certifications. ]

In the past five years, Google has managed to convince a number of high-profile businesses and government agencies to utilize its cloud services. It's been a long haul, but cloud computing is no longer exotic. With plenty of companies committed to cloud computing and Microsoft pitching Office 365, businesses considering a move to the cloud no longer have to play the role of pioneer. They can look to their peers for examples of the benefits and potential pitfalls.

Google's ISO 27001 certification, granted by Ernst & Young CertifyPoint, further cements the legitimacy of Google Apps as a business tool. The certification requires that management carefully examine organizational security risks, designs and deploys reasonable security controls to address those risks, and adopts a management process to maintain organizational security controls.

"This certification validates what I already knew, through due diligence, about Google Apps--that the technology, process, and infrastructure offers good security and protection for the data that I store in Google Apps," said Chet Loveland, CISO and global compliance office of MeadWestvaco, in a statement.

Google Apps for Government is FISMA certified and a number of Google services have passed SSAE 16 / ISAE 3402 / SAS 70 audits. These include: Gmail, Google Talk, Google Calendar, Google Docs (documents, spreadsheets, presentations), Google Sites, iGoogle, Control Panel (CPanel), Google App Engine, Google Apps Script, Google Storage for Developers, and Google Postini Services (Google Message Security and Google Message Discovery).

Geared specifically toward the federal government, its agencies, and third parties, FISMA is a set of requirements aimed at establishing a baseline level of computer and network security. In our FISMA Lifts All Compliance Boats report, we show that when you reach FISMA compliance, you'll likely be compliant with just about every security mandate out there. (Free registration required.)

Comment  | 
Print  | 
More Insights
The next wave in APM
The next wave in APM
Find out how to get the benefits of application monitoring while avoiding the complexity and performance headaches.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government, May 2014
Protecting Critical Infrastructure: A New Approach NIST's cyber-security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work?
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.