Google outlines new compliance and security certifications for Google Cloud
Google LLC today outlined a range of new compliance and security certifications for Google Cloud as part of a commitment to act as a “security transformation partner and to be the most trusted cloud.”
The new certifications include the addition of Cloud DNS to Google Cloud’s list of Federal Risk and Authorization Management Program compliant products along with additional government and security compliance certifications across Canada, Europe and Asia.
FedRAMP is a U.S. governmentwide program designed to standardize security assessment, authorization and monitoring for cloud products and services offered to federal government agencies. The goal of the program is to make sure that federal data is consistently protected at a high level in the cloud.
With the addition of Cloud DNS as a FedRAMP certified offering, Google is aiming to allow U.S. public sector customers to leverage a broader set of Google Cloud technologies with the assurance they’re meeting the highest level of civilian classification. Customers that wish to take advantage of the support can leverage Assured Workloads for Government, a service that allows Google Cloud Platform customers to quickly and easily create controlled environments where U.S. data location and personnel access controls are enforced.
The service also supports compliance with the U.S. Department of Defense, the Federal Bureau of Investigations Criminal Justice Information Services Division and FedRAMP High requirements. The supported compliance regimes are currently in beta testing and will be generally available later this month.
Google’s commitment to compliance and requirements extends beyond the U.S. to Asia-Pacific countries with Google Cloud working with various public sector agencies in the region to help them understand their compliance requirements and shared responsibilities.
In India, Google Cloud, in conjunction with India’s Ministry of Electronics and Information Technology has been audited on its conformance with the requirements of MeitY empanelment (registration) and successfully passed. In Japan, a similar process has taken place with registration for the country’s Information System Security Management and Assessment Program, a Japanese government system for assessing the security of cloud service providers to participate in public sector projects.
South to Australia, Google Cloud has obtained certification through the Australian Signals Directorate’s Information Security Registered Assessor’s Program framework, which assesses the implementation and effectiveness of an organization’s security controls against the Australian government’s security requirements.
In southeast Asia, Google has published Google Cloud GR 71 mapping to help public sector customers in Indonesia evaluate their GR 71 compliance as it relates to their use of Google Cloud services. GR 71 is a local law that regulates the activities of electronic system operators, generally defined as any person, government administrator, business entity, or member of society that provides, administers, and/or operates an electronic system individually or collectively for users. In Thailand, Google has gained compliance with the Information Security Standard for Meeting Control Systems.
In Europe, Google has also received attestations of compliance with the German Federal Office for Information Security’s Cloud Computing Compliance Criteria Catalogue for GCP and Google Workspace.
“In addition to public sector compliance, we continue to maintain our industry-leading audits and certifications for customers, including recertification of our compliance against ISO/IEC 27001/27017/27018 and SOC 1/2/3,” Mike Daniels, vice president Google’s Global Public Sector, wrote in a blog post. “We also recently added Apigee certificates for BSI C5, PCI-DSS, and SOC 1/2/3, as well as the AppSheet SOC 2 report, to our self-serve portal.”