Google, Telstra get cloud security certification

Powered by SC Magazine
 

But standard process no 'seal of approval'.

Google has joined a growing host of cloud providers to receive an ISO 27001 security certification, for its Google Apps for Business product.

The search giant was issued the audit-focussed security certificate from Ernst & Young’s Dutch certification body, CertifyPoint. The Dutch body also certified Amazon Web Services Elastic Cloud Compute, Simple Storage Service and Virtual Private Cloud in 2010.

The certification sees Google Apps for Business join its other consumer web products and some application programming interfaces that boast the security clearance, in addition to audits already undertaken for SSAE 16 / ISAE 3402 and FISMA certifications Google undertakes for US government agencies.

The three-stage ISO 27001 certification requires compliant service companies to undergo annual audits of policy documentation, and security and management processes.

The standard is designed to ensure organisations continually examine and design controls to take account of evolving security threats or vulnerabilities, while having management processes in place to ensure those controls are used where necessary.

Telstra also recently gained complete ISO 27001 certification for its infrastructure-as-a-service platform, following an independent audit of its Sydney and Melbourne facilities for the process.

Mark Pratley, Telstra's general manager of cloud computing, said the data centres had received the certification for the first time, as a result of the audit.

While ISO 27001 is a widely recognised standard, security consultant Alec Muffett told Computerworld UK it was “not at all” a ‘seal of approval‘, but rather an independent verification of security standards set by the certificate applicant.

Those who receive ISO 27001 certification rarely publish what standards they set for themselves. 

Amazon said certificates issued by Ernst & Young's CertifyPoint are recognised in all country members of the International Accreditation Forum

Microsoft has relied on independent audits conducted by the British Standards Institute for the ISO 27001 certification applied to Windows Azure. It also received a separate certificate for its Global Foundation Services infrastructure hosting Bing, Hotmail, MSN, Office 365, Xbox Live and Windows Azure.

The company is undergoing the certification process for SQL Azure, Service Bus, Access Control, Caching, and its content delivery network.

Australian data centre operator Equinix, IT services outfit ASG and Telstra's cloud rival Optus all boast the ISO certificate for their respective data centres.

Additional reporting by James Hutchinson.

Copyright © iTnews.com.au . All rights reserved.


Google, Telstra get cloud security certification
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  3%
 
A Federal Government agency (ATO, Centrelink etc)
  19%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1861

Vote
Do you support the abolition of the Office of the Information Commissioner?