Posted by Eran Feigenbaum, Director of Security, Google Apps
No matter how you slice it, mobile and cloud are essential for future business growth and productivity. This is driving increases in security spending as organizations wrestle with threats and regulatory compliance — according to Gartner, the computer security industry will reach $71 billion this year, which is a 7.9 percent increase over 2013.
To help organizations spend their money wisely, it’s essential that cloud companies are transparent about their security capabilities. Since we see transparency as a crucial way to earn and maintain our customers’ confidence, we ask independent auditors to examine the controls in our systems and operations on a regular basis. The audits are rigorous, and customers can use these reports to make sure Google meets their compliance and data protection needs.
We’re proud to announce we have received an updated ISO 27001 certificate and SOC 2 and SOC 3 Type II audit report, which are the most widely recognized, internationally accepted independent security compliance reports. These audits refresh our coverage for Google Apps for Business and Education, as well Google Cloud Platform, and we’ve expanded the scope to include Google+ and Hangouts. To make it easier for everyone to verify our security, we’re now publishing our updated ISO 27001 certificate and new SOC3 audit report for the first time, on our Google Enterprise security page.
Keeping your data safe is at the core of what we do. That’s why we hire the world’s foremost experts in security—the team is now comprised of over 450 full-time engineers—to keep customers’ data secure from imminent and evolving threats. These certifications, along with our existing offerings of FISMA for Google Apps for Government, support for FERPA and COPPA compliance in Google Apps for Education, model contract clauses for Google Apps customers who operate within Europe, and HIPAA business associate agreements for organizations with protected health information, help assure our customers and their regulators that we’re committed to keeping their data and that of their users secure, private and compliant.