Google Verifies The Security Of Its Cloud Services

Google has updated some security certifications for its cloud platform and Google Apps, and added new certificates for Google+ and its Hangouts messaging service.

The new ISO 27001 certificate, as well as SOC 2 and SOC 3 Type II audit reports, have been posted online for the whole world to see. This is the first time Google has opened these documents to scrutiny.

The move can be seen as an attempt to promote cloud services to users who distrust US cloud companies following last year’s disclosures by Edward Snowden.

Transparency

ISO 27001 is a certification that looks at 114 different areas including physical and environmental security, cryptography and incident management.

Meanwhile, SOC (Service Organisation Control) reports were originally developed to evaluate the control of financial information, with later versions adopted to cover data management in general. These reports also look at confidentiality and privacy of user information.

All three are internationally accepted and independently verified marks of security compliance. In order to obtain these certificates, third-party auditors have to examine the organisation’s infrastructure, applications and even people who look after the servers.

“Since we see transparency as a crucial way to earn and maintain our customers’ confidence, we ask independent auditors to examine the controls in our systems and operations on a regular basis. The audits are rigorous, and customers can use these reports to make sure Google meets their compliance and data protection needs,” said Eran Feigenbaum, director of Security at Google Apps.

All of the new certificates have been published on the Google Enterprise website. Especially interesting is the 10-page SOC 3 report that includes the detailed list of inspected services and requirements for a successful audit.

The more detailed SOC 2 report has not been made public, but can be requested from Google as long as you sign a non-disclosure agreement.

Feigenbaum said that the Google security team now consists of 450 full-time engineers, and the company will continue adapting to the legal and regulatory landscape in the US and Europe in order to keep data “secure, private and compliant”.

What do you know about Edward Snowden and the NSA? Take our quiz!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago