Apps for BusinessLearn more:
Additional resources:
Certifications:
Switch to Google Apps
Learn how switching from Microsoft Exchange or Lotus Notes helps you save money and reduce IT hassles.
Built with security and reliability in mind
With Google Apps for Government, agencies can benefit from the scale and redundancy of one of the most robust networks of distributed datacenters in the world. The protection of the data and intellectual property on these servers is our top priority, with extensive resources dedicated to maintaining data security. Google is committed to providing the best security in the industry on an ongoing basis.
In addition to empowering employees across the city, everyone will benefit from Google's security controls, which will provide a higher level of security for City data than exists with our current system.- Randi Levin, CTO, City of Los Angeles
First with FISMA certification
Obtaining Federal Information Security Management Act (FISMA) certification & accreditation for Google Apps is critical to our US federal government customers, who must comply with FISMA by law. All customers – both public and private sector – benefit from this governmental review and certification of our security controls.
- Google is the first in the industry to complete FISMA certification for a multi-tenant cloud application.
- Google Apps has received an authority to operate at the FISMA-Moderate level; an independent auditor assessed the level of operational risk as Low.
- Google's FISMA documentation is available for review by interested agencies.This enables agencies to compare the security of Google Apps to that of existing systems. Submit a request.
Meeting unique government requirements
Google Apps for Government provides segregated systems for our US government customers. Government customer data is stored in the US only. This "community cloud" – as defined by the National Institute of Standards and Technology – is available now to any federal, state or local government in the United States.
Security & reliability advantages of the cloud
Google Apps brings you the latest technologies and some of the best practices in the industry for datacenter management, network application security, and data integrity.
- Prepare your agency with best-in-class disaster recovery at no additional cost.
- Protect against the latest threats with no scheduled downtime. Google’s architecture enables rapid updates and configuration changes across the entire network as needed.
- Get 99.9% uptime with the Google Apps for Government service level agreement, giving you confidence that employees will have access whenever they need it.
- Reduce the risk of lost USB drives and laptops; employees can access information securely from anywhere.
- Benefit from our full-time information security team, including some of the world’s foremost experts in information, application, and network security.
Security FAQs
What is FISMA?
The Federal Information Security Management Act of 2002, or "FISMA", is a United States federal law pertaining to the information security of federal agencies' information systems. FISMA applies to all information systems used or operated by U.S. federal agencies -- or by contractors or other organizations on behalf of the government.
If you want to learn more about FISMA, there is a very thorough entry on Wikipedia.
Who owns the data that organizations put into Google Apps?
To put it simply, Google does not own your data. We do not take a position on whether the data belongs to the institution signing up for Apps, or the individual user (that's between the two of you), but we know it doesn't belong to us!
The data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things.
- We won't share your data with others except as noted in our Privacy Policy.
- We keep your data as long as you require us to keep it.
- Finally, you should be able to take your data with you if you choose to use external services in conjunction with Google Apps or stop using our services altogether.
Where is my organization's data stored?
Your data will be stored in Google's network of data centers. Google maintains a number of geographically distributed data centers, the locations of which are kept discreet for security purposes. Google's computing clusters are designed with resiliency and redundancy in mind, eliminating any single point of failure and minimizing the impact of common equipment failures and environmental risks.
Access to data centers is very limited to only authorized select Google employees personnel.
Is my organizations data safe from your other customers when it is running on the same servers?
Yes. Data is virtually protected as if it were on its own server. Unauthorized parties cannot access your data. Your competitors cannot access your data, and vice versa. In fact, all user accounts are protected via this virtual lock and key that ensures that one user cannot see another user's data. This is similar to how customer data is segmented in other shared infrastructures such as online banking applications.
Google Apps has received a satisfactory SAS 70 Type II audit. This means that an independent auditor has examined the controls protecting the data in Google Apps (including logical security, privacy, Data Center security, etc) and provided reasonable assurance that these controls are in place and operating effectively.
What does a Google Apps SAS70 Type II audit mean to me?
An independent third party auditor issued Google Apps an unqualified SAS70 Type II certification. Google is proud to provide Google Apps administrators the peace of mind knowing that their data is secure under the SAS70 auditing industry standard.
The independent third party auditor verified that Google Apps has the following controls and protocols in place:
- Logical security: Controls provide reasonable assurance that logical access to Google Apps production systems and data is restricted to authorized individuals
- Privacy: Controls provide reasonable assurance that Google has implemented policies and procedures addressing the privacy of customer data related to Google Apps
- Data center physical security: Controls provide reasonable assurance that data centers that house Google Apps data and corporate offices are protected
- Incident management and availability: Controls provide reasonable assurance that Google Apps systems are redundant and incidents are properly reported, responded to, and recorded
- Change management: Controls provide reasonable assurance that development of and changes to Google Apps undergo testing and independent code review prior to release into production
- Organization and administration: Controls provide reasonable assurance that management provides the infrastructure and mechanisms to track and communicate initiatives within the company that impact Google Apps
Can my organization use our own authentication system to provide user access to Google Apps?
Google Apps integrates with standard web single sign-on systems using the SAML 2.0 standard. Organizations can do the integration themselves, or work with a Google partner to accomplish this.
