Google Apps win ISO 27001 certification
FISMA fisticuffs forgotten?
Google has proudly told the world its online productivity suite, Google Apps, has gained the ISO's good cloudkeeping seal of security approval, in the form of the ISO 27001 security certification.
Eran Feigenbaum, Google Enterprise's Director of Security let us all know the good news on Monday, US time, and named Ernst & Young CertifyPoint as Google's auditor.
The announcement was made without any of the recent unpleasantness over security for cloud apps which, as we reported earlier this month, saw Google and Microsoft swap accusations about just who's cloud suites have achieved the FISMA certification required to win business from the US government.
Google has had that accreditation sewn up for a while now. With ISO 27001 also on its trophy shelf alongside SSAE 16 / ISAE 3402 certificates, the company now feels its security credentials are second-to-none and that “businesses are beginning to realize that companies like Google can invest in security at a scale that's difficult for many businesses to achieve on their own.” ®
ISO is a scam
As an internal auditor for years, I can tell you with certainty that ISO certifications are a smoke & mirrors game that does nothing to prove or drive actual quality. What little advantage ISO compliant companies gain is immediately trumped by the bureaucratic leach that is attached to said company. READ: it is a PR ploy and a resource drain. And anybody that knows anything about security aught not be fooled by some ISO goof balls that can't possibly understand real security in the first place.
What about ISO 27002?
It's all good and well to have a management system in place, but the processes underneath require ISO 27002 certification before the 27001 has any meaning whatsoever.
Besides, that a company is "safe" doesn't mean it respects privacy. It's still a company subject to the US Patriot Act, which suggests it may be of use to a US resident and/or company, but flagged as "avoid like the plague" for aliens (to use that lovely, rather indicative term).
Re: ISO is a scam
Heh, I've not had any faith in anything ISO since MS were able to push their poorly defined and proprietary OOXML format through the system in an attempt to derail ODF. Reading about that whole process was an eye-opener.