Google has made an independent security audit and compliance certificate available to the public in order assuage customer concerns over data protection and its cloud. The company has also started testing a status page for all services on the Cloud Platform.
Both documents are available on the company’s Enterprise Security site. The SOC 3 Type II audit report and updated ISO 27001 certification are meant to address security concerns over its Cloud Platform as well as Google Apps for Business and Education. SOC 3 Type II examines controls at a service organization relevant to security, availability, processing integrity confidentiality, or privacy.
This is the first time the company is making details of an independent security audit and a security compliance certification available to the public. Its public cloud competitors Microsoft Azure and Amazon Web Services (AWS) have already made documents available, as well as have status pages for their cloud.
Both audits and certifications are ubiquitous in the data center industry. SOC 2 examines the details of data center testing and operational effectiveness while SOC 3 is for public use and is the highest level of certification. A SOC 2 report includes auditor testing and results, while SOC 3 provides a system description and the auditor’s opinion.
Cloud competitors AWS and Microsoft Azure both offer various security reports. Both offer SOC 2 Type II and SOC 3 audits. Google is playing catch-up in this regard, however its cloud is also the newest entrant.
Google is also testing a status page for its cloud. It joins status pages for its Apps and its Platform as a Service. The status page is still in experimental stages, but it will boost the cloud appeal once it formally launches. Status pages reflect the availability across services and is key to providing good transparency.
It’s also key to host a status page outside of the cloud infrastructure – a lesson that Salesforce.com learned in the mid 00s when both its CRM and its status page went down in the same outage.
Both AWS and Microsoft Azure have status pages. The major public cloud providers are increasing transparency on the whole to win over business.