Google has just made it public that it has got ISO 27001 certification for its Google Apps for Business service. It is an endorsement that Google acts in accordance with the standard ISO information security management protocols while pursuing the best practices “for the systems, technology, processes and data centers serving Google Apps for Business.”
Initially, there were huge security concerns among many executives when they used to think of moving to Google Apps. However, this certification will surely help business people while ensuring them a safe usage of Google’s cloud solutions. It is obvious that Google is really trying to secure their business services to attract large companies to their integrated solutions. Getting certification has allowed Google to be a top player when it comes to business services. For most companies the fact that Google has certification is usually good enough to trust that their services are secure and suitable for this level of business.
This new certification along with existing FISMA certification for its Google Apps for Government products and SSSAE16/ISAE3402 audits certainly sends a message to its users that Google is giving its best to follow the current development and maintenance of an advance Information Security Management System. Besides that, Google sends its audit report to third party on a daily basis, which is quite similar to the ISO 27001 standard.
Although it''s a big news, still there are some concerns, i.e. according to security consultant Alec Muffett, this certification doesn’t mean that the applications are fully secure. He said, companies that asked for this certification get “to design their own high-jump bar, document how tall it is end what it is made of, how they intend to jump over it and then they jump over it.” Although the concerns may be valid, there is no doubt that Google is working hard to improve their standing through certifications that will definitely attract big companies to their business services.
Eran Feigenbaum is the director of security for Google Enterprise group. He said that “businesses are beginning to realize that companies like Google can invest in security at a scale that’s difficult for many businesses to achieve their own.” Many companies that are in competition with Google, try to get their data centres certified. According to Google, its certification is also applicable on its networking infrastructure and applications. It will be interesting to see how the certification will bring in a whole new client base for Google's business services.