Google Apps For Business Gets ISO 27001 Certification

Next Story

Push Level Agreement

Google just announced that its Google Apps for Business service has earned ISO 27001 certification. This certifies that Google is following the standard ISO information security management protocols and best practices “for the systems, technology, processes and data centers serving Google Apps for Business.”

If you’re a startup or individual user, chances are you don’t care too much about whether a company you are working with is following any of the ISO’s over 19,000 standards. This certification, however, will likely give larger and more highly regulated businesses (and the executives who sign off on these deals) the necessary reassurances that moving to Google’s cloud solutions is safe.

This ISO 27001 certification, which was certified by Ernst & Young CertifyPoint, an ISO certification body accredited by the Dutch Accreditation Council, follows Google’s previous FISMA certification for its Google Apps for Government product. Google also regularly submits itself to third-party audits according to the SSAE 16 / ISAE 3402 standard, which is quite comparable to the ISO 27001 standard.

It’s important to note, though, that this certification is not a security “seal of approval,” as security consultant Alec Muffett told Computer World UK’s Anh Nguyen, and does not “guarantee that the applications are 100% secure.” Instead, says Muffett, companies that apply for ISO 27001 certification get ” to design their own high-jump bar, document how tall it is and what it is made of, how they intend to jump over it and then they jump over it.”

Google’s Eran Feigenbaum, the company’s director of security for its Google Enterprise group, believes that “businesses are beginning to realize that companies like Google can invest in security at a scale that’s difficult for many businesses to achieve on their own.” While most of Google’s competitors focus on getting their data centers certified, it’s worth noting that Google also argues that its certification is broader and also includes its networking infrastructure and applications.

Given that all of this isn’t the most exciting news in the world – especially not on a national holiday in the U.S. – here is a video of Feigenbaum, who is also a mentalist – playing Russian Roulette with a nail gun: