Since the launch of Google Apps for Work (formerly known as Google Apps for Business), Google has continuously enhanced the security options for its cloud-based office productivity suite. Google Apps for Work features default encryption, two-step verification, security check-ups, and security keys to protect both the data of individual (free) users, and those who subscribe to the service for business, educational, and enterprise use. This week, Google announced via their blog that it has added the new ISO/IEC 27018:2014 privacy standard to its framework for compliance for Google Apps for Work. According to the post, “the new standard provides guidance for cloud providers on protecting the personally identifiable information of their customers and their customers’ users.”
Google isn’t the first cloud provider to obtain this credential. Microsoft announced back in February that Azure and other applications such as Office 365 have adopted ISO 27018. It appears that more cloud vendors are moving towards becoming compliant with ISO 27018. So what exactly does this mean?
What Is ISO 27018:2014?
The International Organization for Standardization (ISO) is an organization that develops and publishes International Standards for multiple fields and industries. According to the ISO:
ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
Essentially, ISO 27018:2014 is a baseline of control objectives and guidelines for software companies to follow to create applications that protect Personally Identifiable Information – anything that identifies an individual such as name, address, email address, or phone number.
What Does This Mean For Google Apps?
In adherence to the guidelines set forth in ISO 27018:2014, Google has set up Google Apps for Work so that data is not used for advertising, the data remains in control of the user, the data is protected from third-party requests, and that Google is to be transparent about where the data is being stored. Additionally, Google provides users with tools to delete and export your data. It is important to note that compliance to ISO 27018:2014 is specific to the Google Apps for Work subscription service. Personal users of Google Apps such as Google Docs or Gmail – who don’t pay a monthly subscription fee, may not have the same data protections – such as restricting using data gained from the free Google apps for advertising purposes.
The major benefit in adhering to ISO guidelines is improved global reach. Privacy and data laws differ from country to country (and here in the US can even differ from state to state). By being in compliance with the regulations set forth by the International Organization for Standardization, Google is able to provide their application services to users across the world, knowing that Google Apps for Works meets internationally approved standards for data and privacy protection.
Are you interested in learning more about Google Apps for Work and how your company can securely host and compute data in the Google cloud? Contact Provo IT to speak to one of our IT consultants about different options for migrating to Google Apps for Work.