Google Apps for Business Gets ISO 27001 Certification
May 29, 2012
By Ed Silverstein, TMCnet Contributor
Google (News - Alert) Apps for Business has received ISO 27001 certification – which is a globally-recognized, independent standard for security management. It applies to the data centers, processes, systems and technology for Google Apps for Business.
The certification was given after an analysis by Ernst & Young CertifyPoint, an ISO certification body. It is seen as an important move for the technology sector.
“The certification, along with our existing SSAE 16/ISAE 3402 audits and FISMA certification for Google Apps for Government, help assure our customers that Google is committed to ongoing development and maintenance of a robust Information Security Management System (ISMS) that an independent, third-party auditor will regularly audit and certify,” Eran Feigenbaum, director of Security, Google Enterprise, said in a recent blog post.
It comes as businesses are moving to the cloud, and they are recognizing that Google can offer security services, features and data protection that businesses would not be able to provide on their own, Feigenbaum said.
In addition, Richard Edwards, a principal analyst at Ovum, was pleased with the news that Google Apps got the ISO 27001 certification. He says it means that “information security management is now explicitly under management control and not just an IT function.” He explains that an increasing amount of information is being stored for businesses in cloud-based repositories, such as Dropbox (News - Alert), Google Docs, Office 365 and Box.com.
“If the information security management or compliance strategies of an organization do not extend to cloud services and the vendors providing these document and file storage services, then companies might find that their most useful, and indeed valuable, information is put at risk,” he adds. ''Quantifying this risk of storing information in the cloud versus on premise is very difficult, and so most business managers are tending to turn a blind-eye and pretend that it is of little consequence. Ovum (News - Alert) hopes that Google’s nod to best practice will encourage other information management cloud services vendors and their customers to pay more attention to this important aspect of corporate governance.’’
“Many of our own processes are ISO certified. So, I am thrilled that Google Apps, our core communications platform, is also now ISO certified with its recent ISO 27001 certification,” Chet Loveland, CISO and Global Compliance Officer, MWV, said in the blog post. “This certification validates what I already knew, through due diligence, about Google Apps -- that the technology, process and infrastructure offers good security and protection for the data that I store in Google Apps. I think it's important, find it assuring and am very pleased that Google Apps will be audited and certified to this Information Security Management System ISO standard on an ongoing basis.” MWV is a multi-billion dollar, global provider of packaging and packaging solutions.
In other recent ISO news, TMCnet reports that the ISO-19770-3 standard will make software licensing compliance easier for customers.
Edited by Brooke Neuman