Google Apps Clears Key Security Hurdle

Google Apps for Business wins ISO 27001 certification, potentially opening the door to wider adoption in government and regulated industries.

Thomas Claburn, Editor at Large, Enterprise Mobility

May 29, 2012

3 Min Read
InformationWeek logo in a gray background | InformationWeek

Google Drive: 10 Alternatives To See

Google Drive: 10 Alternatives To See


Google Drive: 10 Alternatives To See (click image for larger view and for slideshow)

Google said Monday it had received ISO 27001 certification for Google Apps for Business, a recognition of its information security practices that will make its cloud services more palatable for use in government and other regulated industries.

Back in 2007, when Google first introduced a version of Google Apps for Business--under the name "Google Apps Premiere Edition"--worries about security made many companies reluctant to migrate from on-premises IT to cloud computing.

Since then, Google has addressed those concerns, where warranted, through features like the integration of Postini's enterprise message services, support for two-factor authentication, and the launch of FISMA-certified Google Apps for Government.

Eran Feigenbaum, director of security for Google's enterprise group, says that security is now a reason that organizations are adopting Google Apps rather avoiding it.

"The reason for this shift is that businesses are beginning to realize that companies like Google can invest in security at a scale that's difficult for many businesses to achieve on their own," he said in a blog post.

[ Read Microsoft Accuses Google Of Lying About Security Certifications. ]

In the past five years, Google has managed to convince a number of high-profile businesses and government agencies to utilize its cloud services. It's been a long haul, but cloud computing is no longer exotic. With plenty of companies committed to cloud computing and Microsoft pitching Office 365, businesses considering a move to the cloud no longer have to play the role of pioneer. They can look to their peers for examples of the benefits and potential pitfalls.

Google's ISO 27001 certification, granted by Ernst & Young CertifyPoint, further cements the legitimacy of Google Apps as a business tool. The certification requires that management carefully examine organizational security risks, designs and deploys reasonable security controls to address those risks, and adopts a management process to maintain organizational security controls.

"This certification validates what I already knew, through due diligence, about Google Apps--that the technology, process, and infrastructure offers good security and protection for the data that I store in Google Apps," said Chet Loveland, CISO and global compliance office of MeadWestvaco, in a statement.

Google Apps for Government is FISMA certified and a number of Google services have passed SSAE 16 / ISAE 3402 / SAS 70 audits. These include: Gmail, Google Talk, Google Calendar, Google Docs (documents, spreadsheets, presentations), Google Sites, iGoogle, Control Panel (CPanel), Google App Engine, Google Apps Script, Google Storage for Developers, and Google Postini Services (Google Message Security and Google Message Discovery).

Geared specifically toward the federal government, its agencies, and third parties, FISMA is a set of requirements aimed at establishing a baseline level of computer and network security. In our FISMA Lifts All Compliance Boats report, we show that when you reach FISMA compliance, you'll likely be compliant with just about every security mandate out there. (Free registration required.)

About the Author

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights