The company begins publishing its security certificates and audits online
Google has updated some security certifications for its cloud platform and Google Apps, and added new certificates for Google+ and its Hangouts messaging service.
The new ISO 27001 certificate, as well as SOC 2 and SOC 3 Type II audit reports, have been posted online for the whole world to see. This is the first time Google has opened these documents to scrutiny.
The move can be seen as an attempt to promote cloud services to users who distrust US cloud companies following last year’s disclosures by Edward Snowden.
ISO 27001 is a certification that looks at 114 different areas including physical and environmental security, cryptography and incident management.
Meanwhile, SOC (Service Organisation Control) reports were originally developed to evaluate the control of financial information, with later versions adopted to cover data management in general. These reports also look at confidentiality and privacy of user information.
All three are internationally accepted and independently verified marks of security compliance. In order to obtain these certificates, third-party auditors have to examine the organisation’s infrastructure, applications and even people who look after the servers.
“Since we see transparency as a crucial way to earn and maintain our customers’ confidence, we ask independent auditors to examine the controls in our systems and operations on a regular basis. The audits are rigorous, and customers can use these reports to make sure Google meets their compliance and data protection needs,” said Eran Feigenbaum, director of Security at Google Apps.
All of the new certificates have been published on the Google Enterprise website. Especially interesting is the 10-page SOC 3 report that includes the detailed list of inspected services and requirements for a successful audit.
The more detailed SOC 2 report has not been made public, but can be requested from Google as long as you sign a non-disclosure agreement.
Feigenbaum said that the Google security team now consists of 450 full-time engineers, and the company will continue adapting to the legal and regulatory landscape in the US and Europe in order to keep data “secure, private and compliant”.
What do you know about Edward Snowden and the NSA? Take our quiz!