Google’s New Cloud Security: 4 Points You Need to Know
In order to achieve ISO 27001 certification, Google had to make a big investment. This security standard can only be verified after a rigorous auditing process that ensures the suite information security management system meets a number of requirements. Google hopes that this certification will prove to businesses that Google can make larger security investments on their behalf than they can on their own. As a result, businesses of all sizes should feel safe with the idea of a Google Apps migration, knowing that data in the Google cloud is afforded a great deal of protection.
2. The standard is hard to achieve and internationally accepted
The reason that Google had to make a major investment to earn ISO 27001 security certification is that it is extremely difficult to achieve and requires a multi-part in-depth auditing process. This is because ISO 27001 certification is an independent security standard and is one of the most internationally accepted standards of its kind. Specifically, this certification is part of an Information Security Management System (ISMS).
3. The certification requires a multiple part auditing process
The audit required for ISO 27001 Certification must be conducted by an independent party. In Google’s case, this body was Ernst & Young CertifyPoint. The body conducted a multiple part audit that included an informal examination and then a more formal and more invasive review of Google Apps for Business’ information security controls and risks. Additionally, Ernst & Young CertifyPoint had to guarantee that Google’s practices were ongoing, which it did with follow-up assessments. During the auditing process, Ernst & Young CertifyPoint paid specific attention to Google’s information security risks, nothing threats, impacts, and vulnerabilities, as well as its controls, risk treatment methods, and management system. All of these controls and systems had to be on par with the ISO 27001 Certification in order for Google to pass the audit.
4. Users should expect more security investments by Google
This is certainly not the last major security investment that Google will make, says Eran Feigenbaum, Director of Security for Google Enterprise. Feigenbaum points to Google Apps for Government’s FISMA certification and SSAE 16 / ISAE 3402 audits, in conjunction with Google Apps for Business’ new ISO 27001 certification, to prove that Google has a lasting commitment to cloud security. Additionally, users should expect Google to undergo more third-party audits to ensure that its information security management is continuing to evolve to meet even higher standards.