Work is going Google.
Keeping you safe in 2013
Thursday, December 19, 2013
Posted by Eran Feigenbaum, Director of Security, Google Enterprise
Most businesses these days rely on technology to get their work done. And anyone who’s responsible for that technology — or even anyone who just follows the news — knows that 2013 was a big year for internet security. Of course, security has been a top priority for Google for over a decade. Millions of businesses trust Google to keep their data safe every day -- a responsibility we take very seriously. We focus on protecting our customers’ data from all unauthorized access, whether from common phishing, sophisticated hacking, or state-sponsored intrusions.
Google employs hundreds of full-time world-class security engineers. We were the first to offer important security tools, like free
between your browser and our servers, and a handful of other security innovations. As a company, Google uses the same products and services that we offer to our customers. We run on the same infrastructure, in the same data centers.
Before businesses slow down for the holidays, we wanted to highlight a few of the many investments we’ve made and features we’ve launched in 2013 to help keep our customers — and everyone on the web — safe. Of course, there’ll be much more to come next year.
Offering new security tools for Google Apps administrators:
In addition to protecting our customers, Google also makes it easier for customers to protect themselves. For domain administrators, having visibility into and control over how their users’ accounts are working is a big help.
Suspicious login alerts
: A new feature in the Google Apps Admin Console allows administrators to
receive email alerts
when our systems detect suspicious or unusual login activity in their users’ accounts. This helps admins stay informed of what’s happening in their domain — to a degree not possible with most email systems — and, when necessary, take swift corrective action.
Android device management
: Organizations can manage smartphones and tablets - including Android and iOS - right from the Google Apps Admin console. The
Android device management features
include the ability to selectively wipe Google Apps account data without wiping a user’s entire device and require the latest version of the Device Policy app to ensure security policies are enforced across all devices.
: A new account recovery process for super administrators helps keep their accounts more secure by allowing each super admin to specify their own recovery email address and telephone number. And the new
mobile Admin app
lets administrators quickly accomplish the most critical tasks (like suspending users or resetting passwords) wherever they are, using an Android phone or tablet.
Verifying our practices through third-party certifications and regulatory compliance:
When it comes to security and helping our customers comply with specific industry regulations, you don’t just need to take our word for it. Many of our security practices have been reviewed and verified by third-parties in the form of audits.
Federal Information Systems Management Act
includes a rigorous evaluation of the security processes and data protections, and is required by U.S. federal government customers. Google Apps was the first cloud productivity suite to receive FISMA
back in 2010
, and we renewed our certification again this year.
is one of the most widely recognized, internationally accepted independent security standards. After earning ISO 27001 for Google Apps
, we renewed our certification again this year for Google Apps and
the certification for Google Cloud Platform.
SOC2, SSAE 16 & ISAE 3402
: Companies use the
Type II audit, and its international counterpart
Type II audit, to document and verify the data protections in place for their services. We’ve successfully completed these audits for Google Apps every year since
(when the audits were known by their previous incarnation, SAS 70) and we did so again this year for Google Apps and Google Cloud Platform.
: This year, we started offering
Business Associate Agreements
(BAAs) to help our customers who need to comply with the Health Insurance Portability and Accountability Act (HIPAA) while using Google App.
Improving security for everyone on the web:
Our work doesn’t end with providing security for Google products or even Google customers. To keep ahead of the bad guys, we work with researchers and others in the broader security community to make sure the the web is safe for everyone.
Updated SSL certificates
: To keep users safe, we utilize encryption on almost all connections made to Google, but this encryption needs to be updated at times to make it even stronger. This year, we
all of our SSL certificates to 2048-bit RSA, which will help the industry move away from weaker, 1024-bit keys next year.
: Since introducing our
vulnerability rewards programs
in 2010, we’ve rewarded (and fixed!) more than 2,000 security bug reports, paid out more than $2 million in rewards, and been recognized for setting
leading standards for response time
. And to convey our commitment to security and thank researchers for their important work, this year we
the maximum award from $1000 to $5000.
Easier recovery for hacked websites
: As a site owner, discovering your site is hacked with
is stressful, and trying to clean it up under a time constraint can be very challenging. We’ve been working to make recovery even easier and streamline the cleaning process —
we notify webmasters
when the software they’re running on their site is out of date, and we’ve set up a
dedicated help portal
for hacked sites with detailed articles and videos explaining each step of the process to recovery. This year, we released
additional security tools
so webmasters can find information about security issues on their site in one place and pinpoint problems faster with detailed code snippets.
Whether it’s creating easy-to-use tools to help organizations manage their information or keeping customer data safe from prying eyes, we’re constantly investing to ensure that Google earns and keeps your trust. Here’s to a happy, healthy, and (most of all) safe 2014.
Android for Work
Android for Work Live
Android security tips
Armed Forces Day
Chomebox for Meetings
Chrome for Business
Chrome for Work
Chromebooks for Business
Chromebooks for Education
Chromebooks for Work
Chromebox for digital signage
Chromebox for meetings
Chromebox for signage
cloud computing gonegoogle
cloud computing gonegoogle Google Apps
cloud computing gonegoogle Google Apps google docs small business success story
cloud computing gonegoogle Google Apps google docs small business success story switch
Cloud Platform Live
data processing amendment
Digital Learning Day
Drive for Education
earth and maps
Education on Air
Global Partner Summit
Google App Engine
Google Apps Blog
Google Apps for Business
Google Apps for Education
Google Apps for Government
Google Apps for Work
Google Apps Marketplace
Google Apps Reseller
Google Apps Script
Google Apps Vault
Google Calendar app
Google Certified Teachers
Google Cloud Datastore
Google Cloud DNS
Google Cloud Platform
google cloud storage
Google Cloud Vision API
google commerce search
Google Compute Engine
Google Drive for Work
Google Earth Engine
Google Earth Enterprise
Google Earth Images
Google Earth Pro
Google Email Security and Archiving
Google Enterprise Search
Google for Education
Google for Education Partner Program
Google for Education Training Center
Google for Entrepreneurs
Google for Work
Google for Work and Google for Education Partner Program
Google for Work partner program
Google Maps API
Google Maps APIs
Google Maps Coordinate
Google Maps Engine
Google Maps Engine Pro
Google Maps Engine public data program
Google Maps for Business
Google Maps for Work
Google Maps Gallery
Google Maps Tracks API
Google Message Continuity
google message security
Google My Maps
Google My Maps Pro
Google Places API
google play for education
Google Prediction API
Google Research tool
Google Science Fair
Google Search Appliance
Google Security Key
Google Site Search
Google Smart Lock
Google Storage for Developers
GSA for Commerce
Hangout on Air
Hangouts on Air
hints and tips
Inbox by Gmail
Mapping a better world
model contract clauses
Niagara International Transportation Technology Coalition
Safer Internet Day
Small Business Week
spam and security trends
Transport and Logistics
University of Calgary
Veteran Owned Businesses
Veterans Day 2013
Veterans Day 2014
women in tech
Women's History Month
Keeping you safe in 2013
Google+ Helps Premier Foods Elves Get Ready for th...
Kurdistan Regional Government is first government ...
Google Chromebooks provide personalization, collab...
[Automatic response] A Reply from Google Groups
Images Now Showing
New Google Sheets: faster, more powerful, and work...
More Chromebook options for your schools from Dell...
Graduation Alliance deploys Chromebooks to help at...
WaterTrax gives utilities a visual view of water q...
Google Apps helps eco-cosmetics company LUSH keep ...
Fairfax NZ gets on the same page with Google Apps
National Geographic shares rich map content with t...
Google Compute Engine and App Engine give Evite fr...
Google Apps Improves Efficiency for Redfin Agents ...
Pediatric Home Service puts patient care at nurses...
Google Compute Engine is now Generally Available w...
The State of Colorado Puts Innovation First
Subscribe by email
Google Cloud Platform
Official Google Blog
Public Policy Blog
Lat Long Blog
Ads Developer Blog
Android Developers Blog