Google Apps for Business wins ISO 27001 certification, potentially opening the door to wider adoption in government and regulated industries.
Google Drive: 10 Alternatives To See
(click image for larger view and for slideshow)
Google said Monday it had received ISO 27001 certification for Google Apps for Business, a recognition of its information security practices that will make its cloud services more palatable for use in government and other regulated industries.
Since then, Google has addressed those concerns, where warranted, through features like the integration of Postini's enterprise message services, support for two-factor authentication, and the launch of FISMA-certified Google Apps for Government.
Eran Feigenbaum, director of security for Google's enterprise group, says that security is now a reason that organizations are adopting Google Apps rather avoiding it.
"The reason for this shift is that businesses are beginning to realize that companies like Google can invest in security at a scale that's difficult for many businesses to achieve on their own," he said in a blog post.
In the past five years, Google has managed to convince a number of high-profile businesses and government agencies to utilize its cloud services. It's been a long haul, but cloud computing is no longer exotic. With plenty of companies committed to cloud computing and Microsoft pitching Office 365, businesses considering a move to the cloud no longer have to play the role of pioneer. They can look to their peers for examples of the benefits and potential pitfalls.
Google's ISO 27001 certification, granted by Ernst & Young CertifyPoint, further cements the legitimacy of Google Apps as a business tool. The certification requires that management carefully examine organizational security risks, designs and deploys reasonable security controls to address those risks, and adopts a management process to maintain organizational security controls.
"This certification validates what I already knew, through due diligence, about Google Apps--that the technology, process, and infrastructure offers good security and protection for the data that I store in Google Apps," said Chet Loveland, CISO and global compliance office of MeadWestvaco, in a statement.
Google Apps for Government is FISMA certified and a number of Google services have passed SSAE 16 / ISAE 3402 / SAS 70 audits. These include: Gmail, Google Talk, Google Calendar, Google Docs (documents, spreadsheets, presentations), Google Sites, iGoogle, Control Panel (CPanel), Google App Engine, Google Apps Script, Google Storage for Developers, and Google Postini Services (Google Message Security and Google Message Discovery).
Geared specifically toward the federal government, its agencies, and third parties, FISMA is a set of requirements aimed at establishing a baseline level of computer and network security. In our FISMA Lifts All Compliance Boats report, we show that when you reach FISMA compliance, you'll likely be compliant with just about every security mandate out there. (Free registration required.)
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.