In what will surely give in further boost to Google’s already formidable ensemble of third-party certifications, the search giant has announced the addition of two brand new security and privacy certifications for its Apps for Work and Cloud Platform.
The platforms now sport ISO 27017 certification for cloud security and ISO 27018 for privacy. While its Cloud Platform has the ISO 27018 certification, Google has also renewed its ISO 27001 certificate covering 60 Google Cloud Platform products.
A blog post on the topic said,
We’re proud to add two new certifications to Google Apps for Work and Google Cloud Platform: ISO 27017 for cloud security and ISO 27018 for privacy. We announced ISO 27018 adoption last year, and have now added ISO 27018 certification to our compliance commitments. Additionally, we renewed our ISO 27001 certification for the fourth year in a row and increased the product coverage from 34 to 60 different products.
While the security policies ensure that the customer data is well protected from prying eyes by security policies and monitoring tools, the privacy certificates are there to make sure that the same will not be used by third parties — including Google — for advertisements.
Here are the changes being brought by the introduction of the new policies.
ISO 27017 (Security)
- The security roles and responsibilities between Google and our customers are clearly-defined
- Our customers’ data is protected from any unauthorized party and between different cloud customers
- The security policies for Google’s virtual networks are as secure as on our physical networks
- Our customers have adequate tools to monitor how their data is handled at Google.
ISO 27018 (Privacy)
- Google does not use customer data for advertising.
- The data that our customers entrust with us remains the customer’s.
- Google provides our customers with tools to delete and export customer data.
- Google scrutinizes third party requests to customer data and ensures customers are informed of such third-party requests.
- Google is transparent about where our customer’s data is stored.
Google already was pretty much transparent about customer data and where it was stored. However, it now has a certificate from a global, highly respected third-party that confirms the above points. While regular users would probably take Google’s word for it, enterprise consumers can be quite picky when choosing a service provider — and more so with the increasing competition in the field. And that’s exactly where Google’s shiny new certificates are going to come in handy.
The update was long overdue, considering that most of Google’s competitions including Amazon Web Services, Microsoft Azure and IBM’s cloud unit, all rock ISO 27018 and ISO 27001 certificates among others. That Google has chosen to add these certificates now, may point towards a more aggressive Google in the infrastructure-as-a-service (IaaS) market.