Google Apps for Business awarded ISO 27001 certification

Others should follow Google's lead and engender greater confidence in the cloud, says Ovum

Google has announced that its online business suite has been awarded the ISO 27001 standard, which governs the explicit managed control of information security.

ISO 27001 certification recognises a system that manages information security under a checklist of systemic requirements, including the protection of data.

Google Apps for Business was awarded the standard after a nine-month auditing process by independent certification institute Ernst & Young CertifyPoint. It covers Google's systems, technology, process and data centres.

In a blog post, Eran Feigenbaum, director of security at Google Enterprise, said he hoped that the standard would allow businesses to move to the cloud with confidence.

"This new certification, along with our existing SSAE 16/ISAE 3402 audits and FISMA certification for Google Apps for Government, helps assure our customers that Google is committed to ongoing development and maintenance of a robust Information Security Management System that an independent, third-party auditor will regularly audit and certify," he said.

Richard Edwards, analyst at research firm Ovum, said that the increase in the amount of business information being stored in cloud-based repositories has meant that vendors should follow Google's lead in embracing information security management standards.

"Today, Ovum is pleased to hear that Google Apps has obtained ISO 27001 certification, meaning that information security management is now explicitly under management control and not just an IT function," he said.

"If the information security management or compliance strategies of an organisation do not extend to cloud services and the vendors providing these document and file storage services, then companies might find that their most useful and, indeed, valuable information is put at risk," he continued.

"Quantifying this risk of storing information in the cloud versus on-premise is very difficult and so most business managers are tending to turn a blind-eye and pretend that it is of little consequence. Ovum hopes that Google's nod to best practice will encourage other information management cloud services vendors and their customers to pay more attention to this important aspect of corporate governance."

• Google's data-gathering practices are again in the spotlight, with calls from the US Congress for renewed investigation of the company's recording of unencrypted Wi-fi data by its Street View camera vehicles.