Google has extended the compliance of its cloud services, announcing that Google Apps for Work and Google Cloud Platform have achieved certification to ISO cloud security and privacy standards. The company has also extended certification to cover 60 Google products and services.
The news comes just after Microsoft announced that its Azure ML cloud-based machine learning service had achieved certification for similar security and privacy standards, showing that this is a growing requirement for customers as cloud services become more mainstream.
Google said that Google Apps for Work and Google Cloud Platform have both been granted ISO 27017 certification for cloud security and ISO 27018 certification for privacy. The firm has also renewed its ISO 27001 certification for the fourth year in a row, and increased coverage under this standard from 34 to 60 services.
ISO 27017 provides additional controls on top of those specified in ISO 27001, according to Google, addressing some of the security risks that are more specific to cloud services.
These include ensuring that customer data is protected from unauthorised access and other cloud customers, and that the division of security roles and responsibilities between Google and its customers are clearly defined.
Meanwhile, ISO 27018 specifies controls and guidelines for implementing measures to protect customers' personally identifiable information, and providing transparency on the processing of that data.
Google claimed that customers can be assured that the firm does not use their data for advertising, is transparent about where data is stored, and that customers are informed of any requests to access their data.
"Google was born in the cloud, and we've set a high bar for what it means to host, serve and protect our users' data all over the world," said Eran Feigenbaum, director of security for Google Apps for Work, on the Google for Work blog.
"Certifications such as these provide independent third-party validations of our commitment to world-class security and privacy, while also helping our customers with their own compliance efforts."
Q3 losses reverse Q2 gains
FBI briefing US companies to dump Kaspersky, claiming intelligence prove it a 'threat to national security'
Kaspersky rejects FBI accusations that its products are a 'threat to national security'
But breached contractor says that it simply didn't have that much data
EE follows Three in threatening legal action against Ofcom - but for entirely different reasons