Google, Telstra get cloud security certification

Powered by SC Magazine
 

But standard process no 'seal of approval'.

Google has joined a growing host of cloud providers to receive an ISO 27001 security certification, for its Google Apps for Business product.

The search giant was issued the audit-focussed security certificate from Ernst & Young’s Dutch certification body, CertifyPoint. The Dutch body also certified Amazon Web Services Elastic Cloud Compute, Simple Storage Service and Virtual Private Cloud in 2010.

The certification sees Google Apps for Business join its other consumer web products and some application programming interfaces that boast the security clearance, in addition to audits already undertaken for SSAE 16 / ISAE 3402 and FISMA certifications Google undertakes for US government agencies.

The three-stage ISO 27001 certification requires compliant service companies to undergo annual audits of policy documentation, and security and management processes.

The standard is designed to ensure organisations continually examine and design controls to take account of evolving security threats or vulnerabilities, while having management processes in place to ensure those controls are used where necessary.

Telstra also recently gained complete ISO 27001 certification for its infrastructure-as-a-service platform, following an independent audit of its Sydney and Melbourne facilities for the process.

Mark Pratley, Telstra's general manager of cloud computing, said the data centres had received the certification for the first time, as a result of the audit.

While ISO 27001 is a widely recognised standard, security consultant Alec Muffett told Computerworld UK it was “not at all” a ‘seal of approval‘, but rather an independent verification of security standards set by the certificate applicant.

Those who receive ISO 27001 certification rarely publish what standards they set for themselves. 

Amazon said certificates issued by Ernst & Young's CertifyPoint are recognised in all country members of the International Accreditation Forum

Microsoft has relied on independent audits conducted by the British Standards Institute for the ISO 27001 certification applied to Windows Azure. It also received a separate certificate for its Global Foundation Services infrastructure hosting Bing, Hotmail, MSN, Office 365, Xbox Live and Windows Azure.

The company is undergoing the certification process for SQL Azure, Service Bus, Access Control, Caching, and its content delivery network.

Australian data centre operator Equinix, IT services outfit ASG and Telstra's cloud rival Optus all boast the ISO certificate for their respective data centres.

Additional reporting by James Hutchinson.

Copyright © iTnews.com.au . All rights reserved.


Google, Telstra get cloud security certification
 
 
 
Top Stories
Microsoft confirms Australian Azure launch
Available from next week.
 
NBN Co names first 140 FTTN sites
National trial extended.
 
Cloud, big data propel bank CISOs into the boardroom
And this time, they are welcome.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  27%
TOTAL VOTES: 260

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  62%
 
No
  38%
TOTAL VOTES: 82

Vote