In what is clearly part of the company’s efforts to get more enterprise customers on its platforms, Google today announced that it has renewed its ISO 27001 certification for the fourth year in a row and upped its product coverage from 34 to 59 products. In addition, Google Apps for Work and the Google Cloud Platform have now also been certified for ISO 27017 for cloud security and ISO 27018 for privacy.
Google already said it would adopt ISO 27018 for Google Apps for Work last year, so this part of the announcement doesn’t come as a major surprise (though unless you have an unhealthy fascination with ISO certifications, you probably don’t remember last year’s announcement).
Unless you work in a major enterprise company, the government or a highly regulated industry, chances are ISO certifications aren’t exactly at the top of your mind when you choose a cloud provider. Still, knowing that a company’s security and data-handling standards are up to par to receive something like an ISO 27001 certification that promises your information will be handled securely does provide at least some additional peace of mind.
ISO 27017 basically certifies that Google’s virtual networks are as secure as its physical networks, that data is protected and inaccessible to other customers on the same platform and that it’s clear which security responsibilities fall on Google and which are the customer’s.
ISO 27018 mostly covers privacy controls. It certifies that Google doesn’t use its customers’ data on the covered platforms for advertising, for example, and that the customers’ data remains theirs. It also certifies that Google lets you delete and export your data and is transparent about where the data is stored.
“Google was born in the cloud, and we’ve set a high bar for what it means to host, serve, and protect our users’ data all over the world,” Google writes in today’s announcement. “Certifications such as these provide independent third-party validations of our ongoing commitment to world-class security and privacy, while also helping our customers with their own compliance efforts.”
Because enterprises do look for these certifications when they decide on a cloud provider, it’s no surprise that Amazon’s AWS and Microsoft’s Azure also offer similar compliance assurances. AWS already offers the same ISO 27001, 27017 and 27018 certifications as Google, for example. Azure, too, is ISO 27001- and 27018-compliant.
The fact that Google didn’t have these certifications before shows that it maybe wasn’t all that serious about getting enterprise customers on its cloud platform (or didn’t understand them) — but with former VMware CEO Diane Greene taking the helm of Google’s cloud businesses, it’s now making an aggressive play to get enterprises to adopt its platform and services.