Eran Feigenbaum compares Google Apps to a bank in the days when a bank was a new idea.
Just as a bank stores money, Google Apps stores data, and the onus is on Google to convince you and your business that this data is properly protected. “It’s very similar to the situation banks were in hundreds of years ago,” says Feigenbaum, the director of security for Google’s various enterprise products and services, including its Google Apps suite of online business applications. “They had to convince us to give them our money, to take the money out from under the mattress and put it in the bank.”
As part of this ongoing effort to convince the world that its online services are as secure as traditional software installed on your own servers — if not more so — Feigenbaum and company have announced that Google Apps has been certified as compliant with the ISO 27001 standard, an internationally recognized standard for managing the security of information.
The standard is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), and according to Google, Google Apps was certified by Ernst & Young CertifyPoint, an ISO certification operation backed by the International Accreditation Forum (IAF). This bowl of international alphabet soup doesn’t mean much to the Average Joe, but it may go a long way toward convincing some businesses to adopt Google’s suite of online services.
“Many of our own processes are ISO certified,” Chet Loveland, CISO and global compliance officer of MWV, a global packaging company based in Virginia, said in a canned statement about Google’s certification. “I think it’s important, find it assuring and are very pleased that Google Apps will be audited and certified to this Information Security Management System ISO standard on an ongoing basis.”
Last year, in a similar effort to prove the worth of its suite, Google announced that Google Apps had successfully undergone audits related to the SSAE 16 Type II and ISAE 3402 Type II security standards. And a year before that, the company announced that the suite had been certified as compliant with the Federal Information Security Management Act (FISMA), which covers software applications used by the US government.
In some cases, the certification process is a delicate business. In the spring of April 2011, as part of a court battle with Google, Microsoft accused the search giant of making “misleading security claims” in touting FISMA certification for its Google Apps for Government suite, and what this boiled down to was that after receiving certification, Google changed the name of its suite and restricted certain parts of the suite to data centers located in the U.S.
No comments:
Post a Comment