There’s been a lot of talk about Google’s new security certification, but what does ISO 27001 actually mean? How did Google earn it, and will it benefit your business? These are all important questions to ask, and equally important answers to know.
Simply put, ISO 27001 security certification is among the most internationally accepted independent security standards. Specifically, it is a standard that falls into an Information Security Management System (ISMS). This certification requires three different standards to be met. The first standard is an examination of information security risks that must note any vulnerabilities, impacts or threats. Second, there must be information security controls in place in addition to a fully-functioning suite of risk treatment methods that can be used against any unacceptable risks. Third, a management system that will meet future information security needs must be created.
Google opened itself up to an audit, conducted by Ernst & Young CertifyPoint, to prove that it met these requirements and was eligible for the ISO 27001 certification. To complete the audit, Ernst & Young CertifyPoint conducted an informal review of Google’s information security controls and risks as well as a full, in-depth audit. The final step of the audit involved multiple follow-up reviews to guarantee that Google’s information security practices were ongoing.
Upon meeting these requirements and having a successful audit, Google announced on May 28 that Google Apps for Business was now certified in ISO 27001. This announcement was a big deal for both Google and businesses.
Although Google’s cloud computing platform for businesses has had a favorable reputation since it first launched in 2006, many large businesses have held back from undergoing a Google Apps migration due to security concerns. But now that Google Apps for Business has ISO 27001 certification, these concerns should all but disappear. This new certification has caused many large businesses to realize that Google is able to make a larger investment in security than is an individual business, even a big corporation.
Eran Feigenbaum, Director of Security for Google Enterprise, says that when businesses look at this new ISO 27001 certification alongside Google Apps for Goverment’s SSAE 16 / ISAE 3402 audits and FISMA certification, they should be able to see that Google has a deep commitment to maintaining a high standard of security and to continuing to evolve its security practices. Feigenbaum notes that Google will further highlight this point by continuing to undergo third-party audits.
Knowing the level of security your business’ information enjoys is extremely important, regardless of the size or nature of your company. Your data is essential to the daily operations of your business, and thus it is necessary to know that it will remain intact and that it is not vulnerable to outside threats. Google’s new certification should ease these concerns and reassure businesses that the cloud is a safe, trustworthy place to store data.
Overall, Google Apps for Business’ new security certification, and the rigorous process to which Google submitted itself in order to earn it, should affirm Google’s ongoing dedication to information security in the cloud.