UPDATED 10:00 EDT / APRIL 08 2021

CLOUD

Google outlines new compliance and security certifications for Google Cloud

Google LLC today outlined a range of new compliance and security certifications for Google Cloud as part of a commitment to act as a “security transformation partner and to be the most trusted cloud.”

The new certifications include the addition of Cloud DNS to Google Cloud’s list of Federal Risk and Authorization Management Program compliant products along with additional government and security compliance certifications across Canada, Europe and Asia.

FedRAMP is a U.S. governmentwide program designed to standardize security assessment, authorization and monitoring for cloud products and services offered to federal government agencies. The goal of the program is to make sure that federal data is consistently protected at a high level in the cloud.

With the addition of Cloud DNS as a FedRAMP certified offering, Google is aiming to allow U.S. public sector customers to leverage a broader set of Google Cloud technologies with the assurance they’re meeting the highest level of civilian classification. Customers that wish to take advantage of the support can leverage Assured Workloads for Government, a service that allows Google Cloud Platform customers to quickly and easily create controlled environments where U.S. data location and personnel access controls are enforced.

The service also supports compliance with the U.S. Department of Defense, the Federal Bureau of Investigations Criminal Justice Information Services Division and FedRAMP High requirements. The supported compliance regimes are currently in beta testing and will be generally available later this month.

APAC protection

Google’s commitment to compliance and requirements extends beyond the U.S. to Asia-Pacific countries with Google Cloud working with various public sector agencies in the region to help them understand their compliance requirements and shared responsibilities.

In India, Google Cloud, in conjunction with India’s Ministry of Electronics and Information Technology has been audited on its conformance with the requirements of MeitY empanelment (registration) and successfully passed. In Japan, a similar process has taken place with registration for the country’s Information System Security Management and Assessment Program, a Japanese government system for assessing the security of cloud service providers to participate in public sector projects.

South to Australia, Google Cloud has obtained certification through the Australian Signals Directorate’s Information Security Registered Assessor’s Program framework, which assesses the implementation and effectiveness of an organization’s security controls against the Australian government’s security requirements.

In southeast Asia, Google has published Google Cloud GR 71 mapping to help public sector customers in Indonesia evaluate their GR 71 compliance as it relates to their use of Google Cloud services. GR 71 is a local law that regulates the activities of electronic system operators, generally defined as any person, government administrator, business entity, or member of society that provides, administers, and/or operates an electronic system individually or collectively for users. In Thailand, Google has gained compliance with the Information Security Standard for Meeting Control Systems.

In Europe, Google has also received attestations of compliance with the German Federal Office for Information Security’s Cloud Computing Compliance Criteria Catalogue for GCP and Google Workspace.

“In addition to public sector compliance, we continue to maintain our industry-leading audits and certifications for customers, including recertification of our compliance against ISO/IEC 27001/27017/27018 and SOC 1/2/3,” Mike Daniels, vice president Google’s Global Public Sector, wrote in a blog post. “We also recently added Apigee certificates for BSI C5, PCI-DSS, and SOC 1/2/3, as well as the AppSheet SOC 2 report, to our self-serve portal.”

Image: Google

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.