Google, Telstra get cloud security certification

Powered by SC Magazine
 

But standard process no 'seal of approval'.

Google has joined a growing host of cloud providers to receive an ISO 27001 security certification, for its Google Apps for Business product.

The search giant was issued the audit-focussed security certificate from Ernst & Young’s Dutch certification body, CertifyPoint. The Dutch body also certified Amazon Web Services Elastic Cloud Compute, Simple Storage Service and Virtual Private Cloud in 2010.

The certification sees Google Apps for Business join its other consumer web products and some application programming interfaces that boast the security clearance, in addition to audits already undertaken for SSAE 16 / ISAE 3402 and FISMA certifications Google undertakes for US government agencies.

The three-stage ISO 27001 certification requires compliant service companies to undergo annual audits of policy documentation, and security and management processes.

The standard is designed to ensure organisations continually examine and design controls to take account of evolving security threats or vulnerabilities, while having management processes in place to ensure those controls are used where necessary.

Telstra also recently gained complete ISO 27001 certification for its infrastructure-as-a-service platform, following an independent audit of its Sydney and Melbourne facilities for the process.

Mark Pratley, Telstra's general manager of cloud computing, said the data centres had received the certification for the first time, as a result of the audit.

While ISO 27001 is a widely recognised standard, security consultant Alec Muffett told Computerworld UK it was “not at all” a ‘seal of approval‘, but rather an independent verification of security standards set by the certificate applicant.

Those who receive ISO 27001 certification rarely publish what standards they set for themselves. 

Amazon said certificates issued by Ernst & Young's CertifyPoint are recognised in all country members of the International Accreditation Forum

Microsoft has relied on independent audits conducted by the British Standards Institute for the ISO 27001 certification applied to Windows Azure. It also received a separate certificate for its Global Foundation Services infrastructure hosting Bing, Hotmail, MSN, Office 365, Xbox Live and Windows Azure.

The company is undergoing the certification process for SQL Azure, Service Bus, Access Control, Caching, and its content delivery network.

Australian data centre operator Equinix, IT services outfit ASG and Telstra's cloud rival Optus all boast the ISO certificate for their respective data centres.

Additional reporting by James Hutchinson.

Copyright © iTnews.com.au . All rights reserved.


Google, Telstra get cloud security certification
 
 
 
Top Stories
ATO shaves $4m off IT contractor panel
Reform cuts admin burden, introduces KPIs.
 
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  25%
TOTAL VOTES: 433

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  54%
 
No
  46%
TOTAL VOTES: 209

Vote