As Cloud grew, security was ought to be requisite. With standardization measures were invariably called by customers, the online giant – Google has joined the league of security compliance standards for its cloud platform.
Recently, Google is known to have added International Organization for Standardization (ISO) 27017 certification for cloud security and ISO 27018 certification for personally identifiable information stored in the cloud and have also renewed its existing ISO 27001 certificate for the fourth year.
Sharing an account for the customers on the security breaches the stride taken from Google will open corridors for the enterprise market.
ISO 27017, lately mainstream last year, pivotal on Google cloud security measures and determine networking are secure so that unauthorized parties can’t access customers’ data. It also requires the vendor to provide customers with adequate monitoring tools.
ISO 27018 focuses on privacy practices for customer data and compliance. It prevents the vendor from using data for advertising and provides protection from third-party requests.
Amazon Web Services, Microsoft Azure and IBM SoftLayer, and other major players have already clutched the certifications.
A few years ago, security was a primary concern for enterprises, but cloud adoption continued at a rapid pace, mostly around testing the platforms. That’s changed as enterprises are more comfortable with the idea of workloads in public clouds and the benefits of asset management on those platforms, said Adrian Sanabria, senior security analyst at 451 Research.
“It’s being seen as a foregone conclusion,” Sanabria said. “Everybody is using cloud, and the only question is how much are they going to use it and what are they going to use it for.”
Still, enterprises need to see certain regulations and standards before they can put anything in the cloud. “You can’t even talk with a business if they’re required to have those certifications and you don’t have them,” Sanabria said.
Third-party scrutiny and protection of data sets is a hot-button issue and customers will need these kinds of assurances before adopting big data services, said Renee Murphy, principal analyst with Forrester Research. It’s a positive step for Google, which is usually the last to comply with security certifications.
“If you want to get into the cloud space and want to do enterprise cloud, you should at least be able to prove you’re compliant,” Murphy said.
Typically, Google doesn’t act until it reaches a critical mass of customer demand, she continues. It’s also far from being ready to take on deeper compliance structures such as FedRAMP – Google Cloud Platform is not FedRAMP compliant, but Google App Engine is.
“They definitely let demand push them in that direction,” Murphy added. “They don’t go out there to create demand the way AWS does.”
Not including the limited FedRAMP compliance, Google now lists nine different privacy and security standards it meets for its platform which is afar from AWS or Azure.
Google Cloud Platform services encompass by these certifications includes Cloud Dataflow, Cloud Bigtable, Container Engine, Cloud Dataproc and Container Registry. Compute Engine, App Engine, Cloud SQL, Cloud Storage, Cloud Datastore, BigQuery and Genomics, which were previously audited as part of ISO 27001compliance, will be part of the additional certifications as well.