The Rise of Google Apps for Business has left Microsoft shaking in its collective boots. Microsoft recently rebranded hotmail addresses to @outlook.com, and it’s hard to imagine Office 365 would exist if not for Google’s presence in the space. Naturally, MSFT has adopted super PAC techniques to scare customers away from Google Apps. They warn users that a transition to Google from Microsoft Exchange Server would create security threats. This is simply not true, so here is some information that could be useful to you if you are on the fence between platforms.
Here is a link to a powerful Google Security Whitepaper. You may also find this blog post helpful.
When it comes to security, customer data is sharded and stored in fragments across multiple servers and across multiple data centers to both enhance reliability and provide greater security than can be achieved by storing all data on a single server. When only fragments are kept in any one place, the chance that a possible physical or computer-based compromise could result in the loss of meaningful information is greatly reduced.
Here is a link to a video detailing some of the many steps Google takes to ensure data center security.
Need references? Hoards of organizations that require top-notch security have recently “Gone Google”.
The U.S. Department of the Interior and General Services Administration recently transitioned to Google Apps, as well as intellectual property sensitive corporations such as Genentech and Motorola. And, of course, Google!
I recommend the following resources to learn more:
- Google’s technical publications (Top 10 reasons to trust Google blogpost, Security First Site.)
- Top 10 Stengths of Google’s Cloud
- The auditing and reporting tools available in Google’s products.
- The public record. In addition to Google’s transparency report, there are several information security organizations which produce incident reports.
In order to reduce the administrative overhead for customers who perform SAS70 (now SSAE16) audits, SSAE16 is now in place as well as ISO 27001. The auditors have clearly indicated that these instruments are not intended to be used for sales and marketing purposes. Therefore Google doesn’t encourage customers to consider certifications in and of themselves sufficient proof of security.
- There are many other auditing standards and Google uses to regularly evaluate their relevance to customers. For example, FISMA was added in 2009 to accommodate federal agencies. FISMA is closely related to the ISO27001 suite of protocols but as of now, they have not yet adopted ISO27001.
- One should also note that state and local governments are usually not required to have FISMA Certification. Consequently, most of these government entities can sign up for the Google Apps for Business version and do not need to worry about being out of compliance with stricter federal security mandates.
- Finally, please know you can add two-step verification for an extra layer of security. When you sign into your Google Account, Google can require you to have access to your phone as well as your username and password.