Security has long been a top priority for Google. However, cybersecurity is becoming an increasingly vital IT concern; according to Computerworld’s annual Forecast survey of IT executives, security spending is at the top of the priority list for 2015 with 46% of IT leaders increasing their security budget this year. Google is taking security even more seriously by demonstrating a dedicated commitment to tireless innovation not only around products and features, but especially in protecting customer data. Google continues to dedicate resources and employ hundreds of security experts whose only job is to stop threats and scan for vulnerabilities, constantly focusing on new ways to make sure customers’ data is safe in the cloud.
To really put this in perspective: Since 2010, Google has paid more than $4 million in rewards to security researchers who invest their time and effort into finding bugs and vulnerabilities in Google’s systems. Let’s just say there’s a reason why more than 5 million businesses and 64% of the Fortune 500 have gone Google.
It’s Your Data
There is no advertising in Google Apps services. Google has made it clear that they in no way sell users’ data to third parties or process it for any purpose other than what the company, school, student, nonprofit, government agency, etc. intends, provided that doesn’t conflict with their contractual obligations.
Google also gives the administrator full control over privacy controls; for example, allowing them to choose if and how users can share Google Drive documents outside of the company.
Security: A Top Priority
Google employs over 500 full-time security experts who are working to protect their customers’ data, investing millions of dollars into innovation and sophistication with regards to security policies and practices. Leveraging their close relationship with the security research community, Google was the first major cloud provider to offer a Vulnerability Reward Program for Google-owned web properties.
Also, to ensure data is always up and running, Google holds itself to a 99.9% service level agreement for Google Apps, and has consistently achieved higher than that–99.978% in 2013. Data is distributed around the world so that even if an entire data center fails, information will still be accessible.
Another primary security factor is encryption, and Google was the leader in setting a standard of perfect forward secrecy, meaning that content is encrypted as it moves between Google servers and those of other companies. Every single email sent or received is encrypted while moving internally.
Regulatory Compliance Standards
Google subjects itself to regular, independent audits of infrastructure, applications, and operations from third party investigators to prove that customers and regulators can rest assured knowing that Google’s services continually meet some of the highest compliance standards in the industry. Some of these standards include HIPAA, FERPA, COPPA, SSAE16 / ISAE 3402 Type II SOC 2 and 3 detailed audit reports, ISO 27001, one of the most widely recognized and internationally accepted security frameworks, and FISMA for Google Apps for Government.
Update (Sept 2015): Google also recently added the ISO/IEC 27018 privacy standard to its compliance framework.
The approach behind the third party audits is that Google’s services are evaluated in the most comprehensive, thorough manner so that customers and partners have regular access to reports outlining an unbiased and transparent view of how Google protects your data. To learn more, visit Google’s security and privacy FAQ page.
SADA Systems is a Google Cloud Premier Partner focused on creating tools, methodologies, change management and business transformation strategies for the cloud. To learn more about Google security standards, email us at [email protected] or download Google’s full Security and Compliance report.