Google Data » Adam Swidler

Google Apps Vault now available to existing Apps and EDU customers

Adam Swidler — Tue, 18 Dec 2012 22:18:00 +0000

Posted by Jerry Hong, Product Manager, Google Enterprise

Since we launched Google Apps Vault, many businesses have adopted it to archive, retain and manage business critical information. Until now, Vault was available only to new and recent Google Apps customers. Starting today, Vault is available to existing Apps customers that purchased Google Apps online, directly from Google. Vault is also now available to Google Apps for Education customers.

Google Apps Vault helps protect organizations of all sizes from lawsuits by enabling organizations to find and preserve email messages that may be relevant to a particular lawsuit. That saves time, effort, and costs associated with responding to litigation or other investigations. Google Apps Vault can also help if an employee leaves abruptly and the organization needs to understand the status of the employee’s projects, Vault will help find the needed information. For educational institutions, Google Apps Vault can help in responding to open records requests.

Vault can be added to an existing Apps account for $5/user/month. If you purchased Google Apps online, directly from us, you can purchase Vault from your Apps Control Panel. If you are a Google Apps for Education customer interested in Vault you can contact us for more information.

For customers that purchased Google Apps from a reseller, prior to August 1st, 2012, we are working to enable Vault for online purchase through resellers and we’ll announce that when it’s ready.

Google Apps offers additional compliance options for EU data protection

Adam Swidler — Wed, 12 Dec 2012 17:10:00 +0000

Posted by Marc Crandall, Head of Global Compliance, Google Enterprise

Earlier this year, we announced our plan to offer model contract clauses as an additional means of compliance with the European Commission’s Data Protection Directive for Google Apps customers who operate within Europe.

Today, we’re pleased to announce that model contract clauses are now available for customer sign-up via the Google Apps control panel.

Google is committed to helping users of Google Apps meet their compliance needs. In addition to Safe Harbor and our ISO 27001 certification, model contract clauses will provide customers with additional compliance options and furnish European businesses and organizations with information they need to trust Google Apps.

Google Apps Vault now available to Google Apps for Government Customers

Adam Swidler — Fri, 09 Nov 2012 03:26:00 +0000

Posted by Jack Halprin, Head of eDiscovery, Google Enterprise

Since we launched Google Apps Vault, many businesses have adopted it to archive, retain and manage business critical information. Starting today, Vault is available for Google Apps for Government customers. Federal, state and local agencies in the United States can now purchase Vault to help meet their compliance needs.

Google Apps Vault helps protect organizations of all sizes from legal and compliance risks through advanced message archiving, retention and eDiscovery capabilities. It provides the ability to quickly search, identify, preserve and export information in response to litigation, investigation, compliance audits, or Freedom of Information Act (FOIA) requests. Vault helps organizations cull through their data and find messages relevant to such requests, reducing the associated time, effort, and costs.

Google Apps Vault can also be used to address knowledge management needs. It enables authorized users to search, manage, and review data. For example, if an employee leaves abruptly and the organization needs to understand the status of the employee’s projects, Vault will help find the needed information. Customers using Vault can ensure that data with critical business information are preserved and can be reviewed.

Vault built on the same infrastructure as Google Apps and recently completed an SSAE 16 / ISAE 3402 Type II SOC 2 audit. Visit our Google Apps for Government page where you can find more details as well as contact our sales team.

Enhanced email management for user groups

Adam Swidler — Wed, 03 Oct 2012 17:00:00 +0000

Posted by Adam Dawes, Product Manager, Google Apps

Google Apps delivers a stream of innovation that brings new features to end users. That same innovation also applies to our Apps administrators. In the past 3 months, admins have gained a number of new capabilities in the control panel, including the ability to search email logs, manage mobile devices more easily, and manage email delivery.

Today, Apps admins have another new capability to support the needs of different user groups in their business or organization. Email settings can now be applied to groups of users, known as organizational units, or OUs. Examples of these email settings include: IMAP & POP access to Gmail, offline access, email forwarding, email footers and many more.

Applying email management settings to user groups helps Apps administrators tailor the use of Gmail within their organization. It’s especially beneficial for organizations that have user segments with different compliance or security needs, such as allowing IMAP access to a specific group of users.

Like all the features that Google Apps delivers, administrators just need to refresh their browser to get access to these updates. For more information on email settings for organizational units, please visit our Help Center.

Google Apps, Vault and Cloud Platform components complete SSAE 16 audit

Adam Swidler — Tue, 18 Sep 2012 21:30:00 +0000

Posted by Eran Feigenbaum, Director of Security, Google Enterprise

Security is incredibly important to our users and we’ve invested many millions of dollars to help keep them safe online. For our Apps and Cloud Platform customers, we provide transparency and visibility to those protections through our Google Apps Security Whitepaper and our data center video tour.

While our descriptions of what we do are valuable to customers, we’re also committed to conducting independent 3rd party assessments of our security and data protection practices. Building on the SSAE 16 audit we completed last year and the ISO 27001 certification for Google Apps that we received in May, we’ve successfully completed a new SSAE 16 / ISAE 3402 SOC 2 Type II audit that covers the following products:

Google Apps
Google Apps Vault
Google Apps Script
Google App Engine
Google Cloud Storage

This year, we’ve added Google Apps Vault to the audit, and performed a SOC 2, Type II audit that's more detailed and comprehensive than last year’s SOC 1 audit. The SOC 2 audit uses a standard set of controls including security, availability, processing integrity, and confidentiality of the data that is stored in our services.

The audit was conducted by Ernst & Young, a leading independent auditor. For Google Apps and Cloud Platform customers, this audit helps verify the data protection technologies and processes we have in place and demonstrates our commitment to protecting users’ data.

Google Apps Vault available online to new customers

Adam Swidler — Thu, 06 Sep 2012 19:02:00 +0000

Posted by Jack Halprin, Head of eDiscovery, Google Enterprise

Google Apps Vault helps businesses of all sizes easily and securely manage their most important information. It can help businesses prepare for the unexpected and reduce the cost of litigation, regulatory investigations and compliance actions.

We launched Google Apps Vault to provide easy-to-use, enterprise-class archiving, retention and eDiscovery capabilities to our Google Apps customers. Until now, many small and medium-size businesses were unable to deploy solutions like Vault due to cost and complexity. But starting today, Apps customers can purchase Google Apps Vault online directly from the Control Panel.

Google Apps Vault can be added to your Google Apps account for an additional $5 per user per month. For information on how to add Vault to your Apps account, please visit the Google Apps Help Center. If you are not yet a Google Apps customer, you can get more information and start a free trial of Google Apps and Google Apps Vault.

Editor’s note: Google Apps Vault is available for new and recent Google Apps for Business and Education customers. We’re working to enable Vault for existing customers, and we’ll announce availability when it is ready.

Continuing the transition from Postini to Google Apps

Adam Swidler — Wed, 15 Aug 2012 15:15:00 +0000

Posted by Adam Dawes, Product Manager - Google Apps

For many of our business customers, maintaining stringent security standards is critical. This is something we’re deeply committed to, and we have invested lots of time and resources into consistently enhancing security, archival and discovery features for our customers.

Since we acquired Postini, we've been working toward integrating its security and compliance capabilities directly into Google Apps. In the past two years, we developed and released numerous Postini features directly in Google Apps, such as user policy management; email content filters; archiving, retention and eDiscovery with Google Apps Vault; and many more. As we look ahead to 2013, we’ll continue these feature integrations and gradually transition Postini Google Message Security (GMS) and Google Message Discovery (GMD) customers to Google Apps. This will enable them to take advantage of the Postini features built directly into Google Apps that are more flexible, powerful and user-friendly.

As part of the ongoing integration of features, starting today Google Apps administrators can use a new feature to manage routing and basic filtering of email to on-premise systems as well as email to Google Apps users. This feature will make it easier for groups like sales, support and operations to use generic email addresses such as sales@ or support@. Messages to these addresses typically need to be routed to ticketing or alerting systems outside of Gmail, and now Google Apps has the capability to define routing rules to get these messages to their proper destinations.

We will communicate additional details about the transition to our customers in the coming months. We are also developing tools and resources that will assist with the transition.

After the migration, customers can explore other Google Apps such as Gmail and Google Docs. Google Apps offers compelling cost savings and productivity benefits that millions of businesses are already enjoying. We look forward to helping our Postini customers enjoy these benefits - when they are ready.

More information on the new email routing feature can be found in the Google Apps Help Center where there are also more details regarding the Postini transition.

Google Apps Vault goes global

Adam Swidler — Tue, 26 Jun 2012 15:45:00 +0000

Posted by Jack Halprin, Head of eDiscovery, Google

In March 2012, we launched Google Apps Vault, bringing enterprise-class information governance to Google Apps. Vault delivers retention, archiving and eDiscovery capabilities for email and chat messages, enabling businesses of all sizes to access and manage business-critical information. Vault offers true manage-in-place capabilities by applying retention policies directly to the Google Apps data, without the need to move, export, or create a copy of data in a separate location.

Google Apps Vault already archives, searches and manages messages in all languages that Google Apps supports (50+). Now the Google Apps Vault user interface is available in 28 languages, including double-byte languages like Japanese, Chinese and Arabic. This new, global Vault interface enables customers worldwide to more easily access and manage their data, further reducing the costs and risks that businesses today face.

"Google Apps Vault offers compelling capabilities and value for businesses around the world in preparing for litigation, investigation, and managing day-to-day business. Vault integrates seamlessly across the evolving Google platform while integrating with business and industries of all sizes. This is a key component in our forward thinking strategy to drive down costs and provide enhanced client service."

- Eric Hunter - Director of Knowledge, Innovation & Technology Strategies at Bradford & Barthel, LLP

Google Apps Vault is available for new and recent Google Apps for Business and Education customers. Existing customers will be able to deploy Google Apps Vault later this year.

Two new security features for Google Apps

Adam Swidler — Tue, 19 Jun 2012 17:13:00 +0000

Posted by Rishi Dhand, Product Manager, Google Apps

Keeping Google Apps accounts secure is important to us, and we've recently added two security features that can better protect user accounts. The first helps businesses deploy 2-step verification and the second enhances integration with Microsoft Active Directory®.

Since we launched 2-step verification, we’ve seen millions of users enable it and thousands more do so every day. 2-step verification requires two means of identification to sign in to a Google Apps account: something you know (a password) and something you have (a verification code from your mobile phone). Even if someone has stolen your password, they'll need more than that to access your account. This additional layer of security greatly reduces the chance of unauthorized access via account hijacking or other means.

Starting today, domain administrators can require the users in their domain to use 2-step verification. This new feature will help Google Apps customers accelerate their deployment of 2-step verification.

For businesses that use Microsoft Active Directory® (AD), we’ve added new capabilities to synchronize and manage passwords. Businesses can manage password policies (e.g. password strength, reset intervals, etc.) using AD and then synchronize from AD to Google Apps when passwords are changed. Passwords are transmitted hashed and encrypted during synchronization.

Learn how to configure this new 2-step verification policy in the Google Apps help center. Download the Google Apps Password Sync for Active Directory (GAPS), and learn how to configure it in the help center.

Google Apps Vault Brings Information Governance to Google Apps

Adam Swidler — Wed, 28 Mar 2012 17:39:00 +0000

Posted by Jack Halprin, Head of eDiscovery, Google

Today we’re announcing the availability of Google Apps Vault (Vault) for Google Apps for Business customers. Vault is an easy-to-use and cost-effective solution for managing information critical to your business and preserving important data. It can reduce the costs of litigation, regulatory investigation and compliance actions.

Businesses of all sizes need to be prepared for the unexpected. In today’s environment, using Vault to manage, archive and preserve your data can help protect your business. Litigation costs can really take a toll on a business when minor lawsuits can run up to many thousands of dollars, and larger lawsuits can cost even more. Significant litigation costs come from having to search and find relevant data, which is also known as electronic discovery (eDiscovery).

E-discovery can be part of virtually any litigation and requires you to search, find and preserve your electronic information such as email. Vault helps protect your business with easy-to-use search so you can quickly find and preserve data to respond to unexpected customer claims, lawsuits or investigations. With an instant-on functionality and availability of your data a few clicks away, Vault provides access to all of your Gmail and on-the-record chats and can provide significant savings to your business over the traditional costs of litigation and eDiscovery.

Additionally, Vault gives Google Apps customers the extended management and information governance capabilities to proactively archive, retain and preserve Gmail and on-the-record chats. With the ability to search and manage data based on terms, dates, senders, recipients and labels, Vault helps you find the information you need, when you need it. Vault gives management, IT, legal and compliance users a systemized, repeatable and defensible platform that will reduce the costs and risks of doing business. With just a few clicks, the business can access a service designed for security and providing auditable access to critical information.

Vault is built on the same modern, 100% web-based architecture as Google Apps. Unlike traditional solutions, it does not require a complex and costly IT environment, and can be deployed in a matter of minutes. Vault brings the security, ease-of-use and reliability of Google Apps to information governance. It can help meet the sophisticated requirements of large organizations and makes these advanced capabilities available to business of all sizes.

Google Apps Vault can be added to your Google Apps account for an additional $5 per user per month starting today, so contact our sales team or a Google Apps reseller if you are interested in signing up for Google Apps and Vault.

We hope that Vault, together with Google Apps, will make a difference to your business and provide the right solution to reducing risk and cost so you can focus on growing your business.

Google Supports the European Cloud Partnership

Adam Swidler — Fri, 27 Jan 2012 20:01:00 +0000

Posted by Patrick Ryan, Policy Counsel, Open Internet

Last year, we were excited about the effort initiated by the U.S. government to promote cloud adoption through the Cloud First initiative. Through this initiative, the federal government declared that taxpayers' money should be used in a more productive way, and having the government run its own data centers (more than 2,000 of them) didn't make sense. They’ve targeted the shutdown of more than 1,000 in what they call their “year of change in federal IT,” saving more than $2 billion in taxpayer money. Through leading by example, the federal government went Google with several large agencies including the National Oceanic and Atmospheric Administration (NOAA) and the Government Services Agency (GSA). They join other public entities like the states of Wyoming, and Utah, Washington DC, and the cities of Orlando and Pittsburgh. Also, quasi-public entities have embraced Google Apps, including more than 61 of the top 100 U.S. universities.

In 2012, we hope to see the same movement in Europe. On January 26th, the European Commission's Vice President Neelie Kroes announced at the World Economic Forum in Davos the European Cloud Partnership, and they're backing it with an investment of 10 million EUR to create "a strong common basis for cloud procurement by public authorities." Commissioner Kroes also addressed many of the concerns about local clouds in a decisive way:

“There is one thing that does not make sense and I want to be clear about it: The Cloud Partnership, and indeed our overall Cloud Computing strategy, is not about building a European super-cloud, neither outright nor by forcing the integration of existing public cloud infrastructures. Cloud business models, and the set-up of cloud suppliers' and publicly-run data centres, should be determined by efficiency considerations on the market.”

We believe that the European Cloud Partnership will be a positive thing for public authorities, not just in Europe, but around the world. According to recent studies, the Internet already accounts on average for 3.4% of GDP in a group of 13 emerging and developed economies, helps to spur economic growth and initiatives like this will help to promote its positive economic impact further.

Adding business class management features to Gmail

Adam Swidler — Tue, 17 Jan 2012 16:57:00 +0000

Posted by Adam Dawes, Gmail Product Manager

Last year, we started integrating Postini’s business-class email security and management capabilities into Gmail and today we’re excited to be rolling out the latest round of integrated features. Google Apps administrators can now take advantage of improved email compliance footers, approved/blocked sender lists and file attachment policies. These capabilities help our customers address compliance requirements and effectively manage email traffic. Previously, Google Apps customers used Google Message Security, powered by Postini, to provide these capabilities.

With this new release, we’ve improved these features and designed them specifically to meet the needs of our Apps customers. Admins will manage the features natively in the Google Apps control panel (localized in 28 languages), leverage our granular policy framework to customize settings for different types of users, and join multiple rules together to address very targeted use cases.

These new features are available globally for Google Apps for Business, Google Apps for Government and Google Apps for Education editions.

Dominie Liang, IT Director at New Media Group in Hong Kong, was able to use the new features to quickly address his company’s compliance requirements:

"Our legal team wanted us to add a compliance note to all of our outbound email. Thanks to Google's new email feature set, we could easily add the rich text format disclaimer with Chinese characters to the email footer, and solved the issue within a minute."

George Krieger, Technical Services Manager, Mazda Raceway Laguna Seca, adds:

"The new message footers in Gmail have made it easy for us to standardize our email signatures and more effectively promote our race schedules. And I love the ability to delegate control of these to our Media department so they can change them when they want without having to call me. This is a major improvement for us."

With the addition of these features to Gmail, there is no longer a need to use Google Message Security (GMS) with Google Apps so we will no longer offer GMS to Google Apps customers. We’ll work with those customers currently using GMS to migrate their settings to these new features. For more information on these features and how customers can migrate to them please refer to this Google Apps Help Center article and the Transition Guide.

Google Apps is the ticket for success at Ticket River

Adam Swidler — Wed, 14 Dec 2011 22:40:00 +0000

Posted by Lance Trebesch, CEO, Ticket River

Editors note: Today’s guest blogger is Lance Trebesch, CEO of Ticket River, an event e-commerce company with 5 business units in the U.S., Australia and the United Kingdom. They offer services and products including online event management, ticket printing and design and customer-configured perforated paper. A PDF version of their case study is also available.

At Ticket River, we’ve helped customers set-up, manage and promote over 300,000 events. We’re based in Harlowton, Montana, but our customer support and software development teams are distributed across North America and Argentina and we have fulfillment partners in Australia and the U.K.

We developed and built all of our systems to be used in the cloud. All of our internal management systems, order processing and order-management systems are web-based and hosted by a provider. The one major exception was email. We were using Microsoft® Exchange but we were becoming increasingly constrained and frustrated with it. It’s expensive for a small business like ours, and it required a lot of IT resources to support.

We looked into Google Apps and were impressed by its capabilities and minimal training requirements. As a small business working with an extended team in six countries on three continents, Google Apps enables us be much more efficient with our communications and projects.

Google Apps has allowed us to streamline our software development, a process that extends across time zones and continents. Gmail gives our employees easy access to email on their Androids and iPhones, letting them stay on top of important issues wherever they are. This fast, easy, mobile access to Gmail allows us to run extended, remote teams with very little IT support.

Gmail capabilities such as message threading and integrated chat allowed us to improve our customer support process. This led to a 38% reduction in the average number of responses needed to resolve a customer issue, and an increase in single-response resolutions. The impact on IT support costs is equally dramatic. By taking Exchange out of the equation, as well as making our processes more efficient, we decreased our IT operating budget by about 28%.

Our relationship with Google extends well beyond Google Apps. Ticket River and our sibling site TicketPrinting.com use Google AdWords as part of our inbound marketing model and we are heavily search engine optimized. We see Google as a huge enabler of startups and small businesses. Harlowton is a rural town of only 1000 people, yet Google's products are helping us build a thriving international business that provides great jobs.

Google Apps helps reduce the risk of data breaches

Adam Swidler — Tue, 15 Nov 2011 17:00:00 +0000

Posted by Adam Swidler, Senior Manager, Google Apps Team

Editors note: This is the final post in a series that explores the top ten reasons why customers trust Google with their business data. A complete top ten list can be found here.

It’s important for all businesses regardless of size or industry to assess the risk of potential data breaches and take steps to prevent them, especially in the area of information technology. The use of laptops, smartphones, tablets and other mobile devices is increasing as users demand anytime, anywhere access to email and documents. This can increase the risk of a data breach if you’re using traditional applications which store a local copy of the data on the device and the device gets lost or stolen.

Google Apps can help reduce the risk of a data breach by limiting the data that is stored on your devices. When you check email or work on a document in a browser with Google Apps, the data is stored in our data centers, not on your device. That means that if your device gets lost or stolen, there is lower overall risk of a data breach. Similarly, if you collaborate with others in Google Docs, you don’t need to send them a copy of the document. You can enable and disable access to the document with a simple set of sharing controls and your collaborators access it from their browser. The document does not need to be stored locally on their device for them to collaborate on it.

For those times when you want to access Google Apps but you don’t have an Internet connection, we recently released an offline capability for Gmail and for Google Docs. The offline capability does involve some local data storage on devices. The amount of stored data is likely to be smaller as only a limited amount of documents and email are synchronized to the device for offline access. If you decide that this local data storage poses a risk, you can easily disable offline access.

For additional security and data protection information, including a video tour of a Google data center, you can visit our Google Apps security page.

Cloud Computing and Internet Governance

Adam Swidler — Mon, 31 Oct 2011 17:40:00 +0000

Posted by Patrick Ryan, Policy Counsel, Open Internet and Sarah Falvey, Sr. Policy Analyst

We recently returned from the Internet Governance Forum (IGF) in Nairobi, Kenya with Vint Cerf and several others to talk about the future of the Internet, with more than 2,000 representatives from 125 governments, civil society, academia, and private industry in attendance. We hosted a panel on Putting your Trust in the Clouds, and we participated in other workshops and showcased our economic studies on the value of the Internet to economies worldwide. The IGF isn’t just a conference; it was set up by the United Nations as the primary place for governments, civil society and the private sector to discuss the future of the Internet.

This year, one of the hottest topics was cloud computing. Attendees increasingly showed an understanding that the “cloud” and the Internet are intertwined -- changes to one ultimately impacts the other. We recently detailed the same principles discussed at IGF in a paper presented to the Telecom Regulatory Authority of India, where we also outlined some principles for cloud regulation.

We're encouraged that participants at the IGF are increasingly realizing that regulation of the cloud and regulation of the Internet are essentially the same thing. After all, cloud computing involves almost any two-way interaction between users and computers, and it's virtually impossible to regulate cloud computing without regulating the Internet itself. Legislation in any country that takes a one-size-fits-all approach to the cloud (and thus, the Internet) is not the solution. A lighter touch can help promote innovation while allowing users to take advantage of reduced costs.

Google Apps and government requests: enhanced transparency

Adam Swidler — Thu, 27 Oct 2011 15:16:00 +0000

Posted by Marc Crandall, Senior Manager of Global Compliance, Google Enterprise

More than 4 million businesses and 40 million users trust us with the data they store in Google Apps. We work to be responsible stewards of that data, and transparency is one important aspect of that. Last year, we posted a Transparency Report to provide the Internet community with more insight about how often governments ask for user data. Earlier this week, we published an update to the report. For the first time, we’re not only disclosing the number of requests for user data, but we’re showing the number of users or accounts that are specified in those requests, too.

We would like other cloud providers to join us in the effort to provide more transparency. We hope the Transparency Report will not only be insightful for Google Apps users concerning the number of requests we receive, but also provide customers with information they need to help trust their data with Google Apps.

Google’s information security team – working to protect your data

Adam Swidler — Wed, 26 Oct 2011 20:57:00 +0000

Posted by Sam Srinivas, Product Management Director, Google Information Security Team

Editors note: This post is part of a series that explores the top ten reasons why customers trust Google with their business data. A complete top ten list can be found here.

As you compose a message in Gmail or collaborate on a document in Google Docs, you probably don’t often think about what we do to protect the data in that email or document. But behind the scenes we have an information security team that makes protecting your information its highest priority.

Information security is something that is important to every business. As Internet use has become widespread in the business world, attacks on applications and systems are becoming pervasive and sophisticated. Increasingly, monitoring and protecting applications and users against these attacks requires a great deal of infrastructure and technical expertise — usually more than one person or a small team can manage. Our information security team includes hundreds of full-time members working in close cooperation with the engineers developing Google applications. Some of the world's leading security researchers are members of our team, allowing Google to stay at the forefront of detection, response, and security software best practices.

We monitor our applications and systems continuously, using sophisticated automated systems that are designed to detect unusual activity and block it or flag it for immediate analysis by our monitoring team. We provide end-user features including 2-step verification, which defeats many common attacks such as trying to break into an account using a stolen password. Our Safe Browsing service helps protect users against malware and phishing. All of this technology and expertise comes together to enhance the security of your Google Apps data, allowing your IT staff to focus more of their attention on your business’s strategic needs.

“As the threats in the external environment change, [Google is] at the forefront of preventing, responding and anticipating. That’s one of the great things about partnering with Google - you have some of the best minds in the world working on those problems, which really frees me up to work on the problems that are unique to me and that I can really specialize in.”

- Todd Pierce, CIO of Genetech

Finally, we work to educate users about online safety. To that end, one of the most important things you can do to improve the security of your Google Apps accounts is to start using 2-step verification. We encourage you to set it up and start exploring other ways to better protect your information.

Cloud Services and International Trade

Adam Swidler — Thu, 13 Oct 2011 19:10:00 +0000

Posted by Patrick Ryan, Policy Counsel, Open Internet

This year, Google is a private sector, Platinum Sponsor of the Asia-Pacific Economic Cooperation (APEC), the premier economic organization in the Asia-Pacific region which includes trade ministries from 21 member economies that account for 55 percent of global GDP. Like most trade-related organizations, APEC has traditionally focused on trade in goods -- things like manufactured products and agriculture that are shipped across borders. Free trade builds on the law of comparative advantage: that trading partners mutually gain from free, nontariff trade of goods and services. Increasingly, cloud computing is getting attention as a trade matter. At the most recent APEC meeting, on September 20, 2011, U.S. Ambassador Phillip Verveer talked about the economic advantages that cloud computing can bring to small and medium-sized enterprises, and encouraged governments to be careful about the effect of regulations that could slow adoption of the cloud:

“In these circumstances, we would expect every economy to welcome cloud services without regard to the national origin of their producers. But there are complications. One of the big ones is the limitations on trans-border data flows . . . [i]t is very important, however, that we not unnecessarily sacrifice the economic advantages inherent in cloud computing in our arrangements to protect personal privacy. Stated more directly, we should not let our quest for effective privacy mechanisms become a barrier to international trade in cloud services.”

We applaud Ambassador Verveer for his statements on cloud and we are encouraged that cloud computing is increasingly considered in the trade context. We agree with Ambassador Verveer that protections of personal privacy are important, and that’s why we offer our users clear information on our data security and privacy page. While privacy is critical to any environment -- it shouldn’t be used a trade barrier in favor of local industry and prevent small and medium-sized enterprises from taking advantage of the enormous cost savings that cloud services can provide. By analogy, under free trade principles, a country shouldn’t condition the sale of rice in their country on the purchase of a rice farm in that country. Similarly, it could be a trade barrier to condition the provisioning of cloud services in a country on the purchase of a server farm in that country. That’s not how the Internet was designed, and we hear at APEC and elsewhere an increased appreciation for broader transnational data flows--coupled with enhanced appreciation for privacy and security--and are encouraged by that movement.

Google Apps opens the door to savings for Mid-Atlantic Door Group

Adam Swidler — Wed, 12 Oct 2011 20:00:00 +0000

Posted by Lena Furr, MIS Director, Mid-Atlantic Door Group. and Tom Ronayne, General Manager AIRO Tech.

Editors note: Today’s guest bloggers are Lena Furr, MIS Director for Mid-Atlantic Door Group and Tom Ronayne, General Manager of AIRO Tech, a technology services subsidiary of Mid-Atlantic Door Group, a 38-year-old specialty contracting company based in Washington, DC area. A PDF version of their case study is also available.

At Mid-Atlantic Door Group, we distribute and install everything from industrial overhead doors, door operation systems and loading dock equipment for commercial customers to garage doors and retractable awnings for residential customers. We have approximately 240 associates and operate together with our subsidiaries in Washington DC, Maryland, Virginia and Pennsylvania. In 1987 we created a technical services company, AIRO Tech, which designs and develops web-based business applications for outside specialty contracting companies as well as our own.

Recently, we were looking for ways to reduce IT license and maintenance costs and we wanted to get to our data easily from different devices, especially mobile ones. We had some experience building our own operational applications and our focus had been on clean, optimized interfaces developed for speed and mobility. So when it came time to upgrade our email and productivity applications we looked for solutions that embraced those elements.

Our previous environment included Microsoft® Exchange, Outlook and Office, but we found ourselves spending too much time and money on licenses and server maintenance. We had different versions on different machines and we were continually updating software on our desktops and laptops. Google Apps allowed us to to break free from those high-cost, high maintenance applications.

Our users are getting their email on a variety of devices and we’ve seen effective use of Google Docs especially for collaboration between our users. It’s just so easy to use, the collaboration comes naturally since it’s built right in. We also deployed Google Message Discovery, an email archive that provides an audit trail for our compliance needs.

By deploying Google Apps we were able to avoid $43,000 in upgrade costs we were facing in our old environment. The ability to access email in a browser also allowed us to transition many of our users to Linux-based desktops which also helped reduce our costs. Together with other license and application reductions, we saved nearly $60,000 in total.

Google Apps gives us the ability to work from anywhere on a wide variety of mobile devices. We are looking at deploying more mobile devices including smartphones, Chromebooks and tablets in the near future. Based on our encouraging experience so far, we anticipate that our Google Apps deployment will make it easy for us to do that.

Protecting your data with encrypted connections

Adam Swidler — Mon, 10 Oct 2011 17:21:00 +0000

Posted by Adam Swidler, Senior Manager, Google Apps

Editors note: This post is part of a series that explores the top ten reasons why customers trust Google with their business data. A complete top ten list can be found here.

Google Apps allows you to be productive anywhere. For example, you may want to check your email or work on a document in a coffee shop, airport or hotel using a public wireless network. Google Apps protects your data in these situations by establishing an encrypted connection while you work. Without it, an unauthorized person could potentially hijack your session and gain access to your account. Using an Internet standard known as HTTPS, we encrypt your data as it travels from your browser to our servers. This makes it much harder for an imposter to access your account this way. We’ve supported encrypted connections from the day Google Apps launched over five years ago, and we made it the default setting for all users at the beginning of last year.

October is National Cyber Security Awareness Month and we’ve introduced a new Google Security center with more information on encrypted connections and other ways you can stay safe online.

Google Apps data protections – verified by third parties

Adam Swidler — Thu, 29 Sep 2011 22:13:00 +0000

Posted by Eran Feigenbaum, Director of Security, Google Enterprise

Editors note: This post is part of a series that explores the top ten reasons why customers trust Google with their business data. A complete top ten list can be found here.

We believe our customers should have lots of visibility into how we protect the data that is stored in Google Apps. And while it’s one thing for us to tell you how we protect the data, as we do in our blog posts and security white paper, it’s also helpful when independent third parties perform inspections and audits.

Cloud computing companies use the the SSAE 16 Type II audit, and its international counterpart ISAE 3402 Type II audit, to document and verify the data protections in place for their services. These auditing standards are defined by the The American Institute of Certified Public Accountants (AICPA) and the the International Auditing and Assurance Standards Board (IAASB), respectively. These audit standards have replaced the SAS 70 Type II audit, which Google Apps first completed in 2008. In our audits, we specify the confidentiality, integrity and availability controls that our customers are most concerned about, which are then verified by our auditors. We recently announced that we’ve successfully completed the SSAE 16 and ISAE 3204 Type II audits for Google Apps, Postini services, Google Apps Script, Google Storage for Developers and Google App Engine.

Google Apps for Government has also received Federal Information Security Management Act (FISMA) certification from the U.S. Government. The FISMA certification includes a rigorous evaluation of the security processes and data protections in place in Google Apps for Government and is required by U.S. federal government customers, who must comply with FISMA by law.

Third party audits are only part of the security and compliance benefits of Google Apps. For more information visit our Google Apps security page.

New apps status dashboard improves visibility

Adam Swidler — Tue, 27 Sep 2011 16:08:00 +0000

Posted by Sumeet Pannu, Site Reliability Engineer Manager

Editors note: This post is part of a series that explores the top ten reasons why customers trust Google with their business data. A complete top ten list can be found here.

People expect their email and productivity tools to just work, and we’re very proud of the reliable services we’ve been able to give our customers. Last year, Gmail was up and running 99.984% of the time, and in the first half of 2011 we’ve delivered 99.99% availability—that’s less than 5 minutes of downtime, on average, per month.

But we aren’t perfect, so providing you with information on how our apps are performing is very important to us, and we’re committed to being transparent with you in the event that something goes wrong.

To this end, we’ve developed a new Apps Status Dashboard that we believe will give you accurate information faster. The former day-by-day design will be replaced by the new dashboard which gives a more clutter-free status with a single, continuous timeline.

The new dashboard shows only service disruptions and outages. The size of the dot will indicate the length of outage and the color will indicate the severity. The dot to the left of the service name will show the current status of the service.

When you click on one of the yellow or red dots in the timeline, you’ll see a single transcript that will display all the status messages until final resolution—even if the outage spanned more than a single day. There will now be a single URL that describes the issue and resolution for the entire outage.

As before, the dashboard is visible to everyone on the web—there’s no username or password required. We hope you’ll find this new presentation of Google Apps status to be even more accessible and useful, and please share your feedback in the comments below.

Disaster recovery – built right in to Google Apps

Adam Swidler — Thu, 22 Sep 2011 21:42:00 +0000

Posted by John Collins, Senior Global Trust PM, Google Apps

Editors note: This post is part of a series that explores the top ten reasons why customers trust Google with their business data. A complete top ten list can be found here.

Technology failures and natural disasters can significantly impact your business. Planning for them can be cumbersome and expensive. In a typical on-premise IT environment disaster recovery often means redundant infrastructure, backup tapes or storage area networks and a lot of IT complexity. Some businesses even build and manage duplicate data centers, specifically for disaster recovery, and those data centers sit idle the majority of the time.

The effectiveness of a disaster recovery plan is commonly measured in two ways: Recovery Time Objective (RTO) and Recovery Point Objective (RPO). RTO measures how long before users can access systems in the event of a failure. RPO measures how much of a time gap exists when the data is restored. Businesses that have invested lots of time and money in disaster recovery preparation are typically able to set RTO and RPO goals at a few hours or less for critical systems, with the cost increasing as those timeframes decrease. For other businesses that haven’t invested at that level, RTO and RPO can stretch into hours or days. And in extreme cases, if disaster strikes, some businesses just have to start over.

Google Apps offers a better way, with robust disaster recovery capabilities built right in. Our RPO design target is zero data loss and our RTO design target is instant failover. This means that if there is a disaster or disruption that affects one of our data centers, we are able to shift users to an alternate data center, so they can can continue working uninterrupted. And while no disaster recovery solution from any provider is perfect, we are proud of the benefits our customers gain.

In the words of Mark Switalski, Macomb County Circuit Court Chief Judge, and Carmella Sabaugh, Macomb County Clerk:

“We know that when a disaster happens, our system will not go down and because our data is in the cloud, it is protected and accessible from anywhere. After a rare tornado hit last summer, briefly disrupting power and some network services, the clerk’s Google service remained accessible via cell phone and other networks.”

Planning for disasters is a big challenge, but with Google Apps you have fewer things to worry about. Your email and documents will be accessible so your business can continue despite the disaster. It’s one of the main reasons that businesses trust Google Apps with their data.

Our commitment to the Safe Harbor privacy framework

Adam Swidler — Wed, 21 Sep 2011 15:48:00 +0000

Posted by Patrick Ryan, Policy Counsel, Open Internet

As a global cloud provider, we’re often asked by our customers how we protect customer data within the frameworks of local privacy laws, and in particular in the EU. Our approach, just like over 2,500 other US companies that offer services in Europe, is guided by the US - EU Safe Harbor Agreement, which is designed to ensure that transatlantic data transfers remain protected according to seven core EU-like privacy principles. In practice, for Google, Safe Harbor means our users in both Europe and the US can be sure they’re getting not just the same level of service, but also the same level of privacy protection.

You can learn more about our commitment to this legal framework from our recent European Public Policy Blog post and find additional information on what this means to your business on our data protection page.

Strong authentication to protect business user accounts

Adam Swidler — Fri, 16 Sep 2011 17:20:00 +0000

Posted by Rishi Dhand, Product Manager, Google Apps

Editors note: This post is part of a series that explores the top ten reasons why customers trust Google with their business data. A complete top ten list can be found here.

We recently announced that more than 4 million businesses run on Google Apps and 5,000 more are signing up every day. Many of these business “go Google” for enhanced security features. One example is 2-step verification, an opt-in security feature that we added to Google Apps last year.

2-step verification adds an additional layer of protection to your account and significantly reduces the risk of unauthorized access. With 2-step verification, you sign into your account with both your password and a one time verification code you get on your phone. You can generate the code with a mobile app (on Android, iPhone and Blackberry), or get it in an SMS text message or a voice call.

This feature helps ensure that only you can sign in to your account. It also helps protect you if your password gets stolen via phishing attempts, keyloggers or other malicious software, or from another website where you might have used the same password. Without the verification code, hackers can’t access your Google Apps account—even if they have your password.

While two-factor authentication is not a new concept, many businesses have historically struggled with deploying it due to cost, IT complexity and usability issues associated with requiring users to carry separate token generators. Google Apps includes 2-step verification at no additional cost, using existing phones to make it simple and easy to deploy. It’s available in over 40 languages and in more than 150 countries.

We also support Security Assertion Markup Language (SAML)-based Single Sign-On (SSO) for businesses that already use separate authentication technologies and would like to continue using them. Google Apps for Business supports the SAML 2.0 specification and allows businesses to apply custom security features, password management policies, and their own two-factor authentication solution. This SSO capability is an alternative to the 2-step verification feature that is included with Google Apps.

Protecting your accounts with strong authentication mechanisms is a great way to help ensure your information remains safe online. If you are an existing customer, you can easily configure 2-step verification, once your administrator has enabled the feature for your domain.

Supporting Europe’s Efforts for More Cloud Adoption

Adam Swidler — Tue, 13 Sep 2011 00:34:00 +0000

Posted by Marco Pancini, Senior Policy Counsel, Europe

In May, the European Commission launched a Public Consultation on cloud computing to collect stakeholders’ input on opportunities and barriers to the adoption of cloud computing. Ms. Neelie Kroes, the Vice President of the European Commission and European Digital Agenda Commissioner, summarised Europe’s ambition quite well when she declared in a recent speech, that “the goal is to make Europe not just cloud-friendly but also cloud-active.”

At Google, we fully support the European Commission’s efforts in this area. Cloud computing is gaining traction in Europe and elsewhere. The cloud saves users money and it creates jobs. According to a recent study from Professor Federico Etro of the University of Venice, cloud computing in the EU will contribute 0.4% of GDP and create a million jobs by 2016. Similarly, in the United States Vivek Kundra, previously the Obama administration’s Chief Information Officer, recently pointed out in the New York Times that U.S. government agencies can gain significant economic benefits by moving their IT services to the cloud. And, as we said in July, the United States has reached out to industry for input. We’re thrilled that governments in Europe and the United States are so enthusiastic about cloud computing.

For these reasons, Google has submitted its contribution to this important debate in Europe. In particular, we have provided our point of view on what we consider key issues, namely:

The legislative framework: We suggest proposals to facilitate cloud adoption and to remove the legislative and administrative barriers service providers are facing in Europe, and still preserve consumer values and data protection.
Embracing interoperability and data portability: Google has put a lot of effort into tools and solutions aimed at giving users control over their data in the cloud and making data genuinely portable.
Public sector clouds: the public sector should lead by example in important fields like security and procurement, at the EU, national and local levels (similar to the “Cloud First” strategy in the United States).
Global solutions for global problems: one of the advantages of the cloud is scalability, which needs to be fostered by setting global standards, in particular in the areas of data protection and security.

At the end of the day, the European Commission has a great opportunity to come up with a proposal that modernizes the EU legislative framework and especially the EU data protection regime. The cloud offers the possibility to truly leverage the digital single market to the benefit of all Europeans, both users and providers, and we at Google hope our proposals will help the Commission take the right steps going forward.

A different approach to patch management

Adam Swidler — Thu, 08 Sep 2011 20:33:00 +0000

Posted by Eran Feigenbaum, Director of Security, Google Enterprise

Editors note:This post is part of a series that explores the top ten reasons why customers trust Google with their business data. A complete top ten list can be found here.

In the previous post in this series, we described how Google’s cloud data centers are designed and built to protect the data that customers store in Google Apps. One of the benefits of this architecture is that our customers don’t have to maintain the systems that run Google Apps, we do it for them. This reduces both costs and risks for our customers.

One of the risks organizations face comes from malicious software (a.k.a. “malware”) that attempts to exploit vulnerabilities in operating systems and applications. As vulnerabilities are exposed, technology vendors issue patches to fix them in what has become a seemingly never-ending routine. This can be costly and time consuming as it becomes a race to patch vulnerabilities before they’re exploited. When organizations support multiple versions and types of operating systems and applications, the challenges increase rapidly. Using Google Apps eliminates servers and reduces the number applications that need to be patched, which helps reduce risk.

Customers such as Brian Hobbs, IT Director for Hunter Douglas have this to say about patch management in Google Apps: “The company saves money but even more importantly, I save time in administering licenses, installations, security patches, and training.”

Many organizations that I talk to describe how they have developed a proficiency in deploying patches in their legacy environments. They’ve done so out of necessity - there really was no choice. But these proficiencies carry high costs in terms of human resources and 3rd party patch management systems. Google Apps allows organizations to change this mindset and reduce the number of IT resources and 3rd party systems dedicated to the patch management process.

Andrew Murrey, Vice President of IT Infrastructure at Cinram North America, had this comment: “we calculated that we could be saving 60% on email alone by moving to Google Apps for Business – a clear winner when it came to price per user – but we also knew we’d save serious time on IT management, freeing my team up to do more strategic work.”

IT security professionals often ask me how we address patching. In our data centers we take a different approach to patch management. Rather than many different types of systems, we have a very homogeneous architecture that allows us to be highly efficient in deploying patches. The data center machines are specifically designed and identically configured in ways that reduce the potential number of vulnerabilities within our systems compared to traditional on-premise, so called “private cloud” and hybrid technologies. When a patch is required, our architecture allows us to deploy it very quickly across all our systems. And it’s seamless and invisible to our customers, which allows them to take a different approach to patch management as well: one that reduces risk and cost.

In the next post in the series we’ll look deeper into strong authentication. In the meantime, for more information about the data protections in place for Google Apps, please visit our Google Apps Trust page.

Pure and proven cloud architecture

Adam Swidler — Tue, 06 Sep 2011 16:53:00 +0000

Posted by John Collins, Senior Global Trust PM, Google Apps

Editors note: This post is part of a series that explores the top ten reasons why customers trust Google with their business data. A complete top ten list can be found here.

When users think of Google Apps, they often think of their Gmail inboxes or collaborating on documents in real time with others. They often don’t think of what’s going on behind the scenes. Our cloud computing data centers offer our customers scalability and reliability across all of our products and websites, supporting millions of businesses on Google Apps and over 1 billion Internet searches every day. Our pure and proven cloud offers Apps customers significant data protections that would be hard for those customers to achieve on their own. It’s also the infrastructure that we use to run our own business.

As we’ve grown, we’ve developed an expertise around building data centers and protecting the data stored in them. The machines in the data centers that run our applications are built to our own specifications, including ones focused on security. The hardware is limited to what is necessary for the applications to run, and eliminates unnecessary components such as peripheral connectors or video cards. Similarly, the software that we run on the machines is a specialized, stripped-down version of the Linux operating system leaving out any unnecessary software code such as device drivers. This approach helps provide a computing environment that is less prone to vulnerabilities, compared to typical on-premise, so called “private cloud” or hybrid IT environments.

The services we offer are first and foremost Internet-based applications and platforms. We were born on the Internet, not on a single computer or server. We've published some of our core underlying technologies such as BigTable, the SPDY protocol, Google FIle System (GFS) and MapReduce. The last two of which have gone on to inspire Hadoop, the Apache open source framework that underpins many leading cloud or big data applications. Googlers Luiz André Barroso and Urs Hölzle even wrote a mini-book about some of Google’s approaches, entitled “The Datacenter as a Computer: An Introduction to the Design of Warehouse-Scale Machines”.

Lots of users leads to lots of network traffic that allows us some significant advantages in terms of security. For instance, the spam filtering in Gmail gains rapid visibility into emerging and evolving spam and virus threats, which in turn helps us to block the vast majority of them. This kind of large scale Internet infrastructure also typically provides better protection from denial of service type attacks. It also puts us in a position to spot malicious traffic and help protect users from malware.

Unprecedented global scale would not matter without the ability to reliably deliver business critical services. That is another powerful feature of Google’s technology and process discipline. We’ve built our platform to withstand expected hardware failure, relying on software and highly automated processes in order to support a 99.9% uptime SLA that has no maintenance window. In 2010 Gmail uptime was 99.984% and we are over 99.99% for the first half of 2011. This is an approach you fundamentally can’t take with traditional on premise IT systems.

Running data centers at this kind of scale takes energy, but as a carbon-neutral company we strive to use as little as possible - in fact, our facilities use half the energy of a typical data center. You can read more about our efficiency efforts and our approach to purchasing renewable energy.

In just the 4.5 years I’ve been at Google, I’ve seen quite a few generational changes in the kit we run, be it “simple” things like sheet metal for servers to something more complex like our motherboards, or something even more fluid and complicated like our various software layers. Through all those upgrades, build outs, and migrations, the focus on reliability remains. This is something that keeps me coming back to work day after day, and drives me to help others understand the value we can add to protecting their data and powering their businesses.

Powerful administration tools give you control of your data

Adam Swidler — Tue, 30 Aug 2011 17:34:00 +0000

Posted by Jaideep Mirchandani, Google Apps Product Manager & Parag Samdadiya, Google Apps Engineer

Editors note: This post is part of a series that explores the top ten reasons why customers trust Google with their business data. A complete top ten list can be found here.

One of the myths surrounding cloud computing is that you lose control of your data when it’s stored in the cloud. In fact, the opposite is true. When information is stored in Google Apps, administrators have access to management tools that give them the visibility and control they need without having to manage IT infrastructure. The Google Apps control panel offers a host of management tools, and over the past year alone we’ve added capabilities that let administrators manage multiple domains, configure specific administrative roles, and set user policies, to name a few (a complete list is here).

Starting today, the Google Apps control panel will also provide access to an audit log which permits an administrator to view details of administrative changes that have been made to their Google Apps domain. Some examples are:

Changes made to users, aliases and organizations
Changes made to various application settings in Gmail, Google Docs
Changes made to mobile settings
Changes in delegated administration

To save administrators time and make it easier for them to find reports, we’ve also moved the reporting section (including the audit log) to the top-level of the Control Panel. This section is now immediately visible within the Control Panel.

Debbie Farley, a Business Analyst with Caraustar, Inc. comments: “The Admin Audit capability provides our company with insight into key administrative tasks such as who is creating users and changing passwords. We also appreciate the new location of the Reports tab. It makes it easy to get to the audit log.”

David Cifuentes with Eforcers.com added, “With the Admin Audit feature we were able to gain visibility into changes that are taking place in the admin panel of our Google Apps domain, in a very easy and informative way. It even displays the changes that have happened months ago, letting us filter by action, date and administrator. The ability to export the information in a file was also helpful, in order for us to analyze the data deeper outside the panel.”

These reports are available today to users of Google Apps for Business, Education and Government. Together with other Google Apps APIs these tools give administrators the visibility and control they need to effectively manage their Google Apps instances.

Top ten reasons why customers trust Google Apps with their business data

Adam Swidler — Mon, 29 Aug 2011 17:53:00 +0000

Posted by Adam Swidler, Senior Manager, Google Apps Team

Over three million businesses have moved to Google Apps, and several factors have driven this transition. While improved productivity and cost savings have long been at the top of the list, more and more customers are choosing Apps for its security and reliability benefits. Our pure and proven cloud is designed to protect our users’ data and deliver reliability at levels that are very difficult or impossible for many organizations to achieve on their own. Even on-premises, so called “private cloud” and hybrid technologies are challenged to deliver the data protection and reliability that comes with Google Apps.

Here are the top 10 data protection and reliability advantages that we hear about most frequently from customers (in no particular order):

1. Powerful administration tools give you control of your data
When business data is stored in Google Apps, administrators have powerful tools to help them manage things like users, documents and services. Reports also provide visibility into how the applications are being used and what data is in them so that administrators have the control they need without having to maintain the infrastructure.

2. Pure and proven cloud architecture
Our datacenter server infrastructure is specifically designed and built for our applications and does not include unnecessary hardware or software code such as peripheral ports or device drivers. This reduces the number of potential vulnerabilities that could be targeted.

3. Patch management
Downloading, testing and deploying patches has become a significant pain for many IT departments. Google Apps reduces this pain because there are no servers for customers to patch. We manage the servers and take care of all updates.

4. Strong authentication
Google Apps includes 2-step verification for all user accounts - at no additional charge. Businesses and organizations can easily deploy an extra layer of protection for their user accounts using devices they already have. This makes strong authentication available to many organizations that did not have it before. Google Apps also integrates with existing Single Sign On (SSO) mechanisms via open standards.

5. Disaster recovery
Google Apps offers robust disaster recovery capabilities which are commonly measured by Recovery Time Objective (RTO) and Recovery Point Objective (RPO). RTO measures how long before users can access systems in the event of a failure and RPO measures how much of a gap there is in the data when it is restored. Google Apps is designed with RTO and RPO goals of zero. Emails, documents and data are saved every few seconds and replicated in multiple data centers. This means that if one of our data centers becomes unavailable, we seamlessly switch the user to another data center and because it has been replicated there is no loss of data and users can continue working uninterrupted.

6. Third party verifications
Google Apps and our data centers are SSAE 16 Type II audited and have achieved the U.S. Federal Government’s FISMA certification. SSAE 16 is an auditing standard where a third party auditor evaluates the controls in place for numerous areas including physical and logical security, privacy, incident response and more. The Federal Information Security Management Act or FISMA is the law defining security requirements that must be met by all US Federal government information systems. While FISMA certification is required for U.S. Government agencies, it is also a strong validation in the private sector of the technologies and processes we use to protect the data in Google Apps.

7. Information security expertise
We employ an information security team of over 250 people with a wealth of expertise not found in most organizations. Many have advanced degrees and are thought leaders in information security. The security team regularly publishes research and contributes open source tools to the security community. They monitor our global network of datacenters and applications 24x7x365.25 (they don’t rest on leap years).

8. Secure connections for users
We automatically encrypt browser sessions for Google Apps users without the need for VPN’s or other potentially costly and cumbersome infrastructure. This helps protect your data as it travels between users’ browsers and our data centers.

9. High availability
Google Apps has zero maintenance windows or planned downtime. While we offer a 99.9% uptime SLA, Gmail exceeded this guarantee in 2010 and achieved 99.984% uptime. We did this while delivering more than 30 new features and adding tens of millions of users. The status of Google Apps is visible to administrators and users on our publicly available status dashboard.

10. Reduced risk of data breach
Google Apps allows users to work securely on their data wherever they are, using a wide range of devices. The data is stored centrally in Google’s cloud which greatly reduces the need for users to take their data with them using USB drives or similar devices, which can be easily lost or stolen. This can help reduce the risk of a data breach, something that is on the mind of many organizations these days.

Over three million businesses trust Google to protect the data they store in Google Apps and make it reliably accessible. Over the next few weeks we’re going to dive deeper into each one of these areas to provide more details why Google Apps customers trust us with their business data.

Security First: Google Apps and Google App Engine complete SSAE-16 audit

Adam Swidler — Fri, 05 Aug 2011 22:13:00 +0000

Posted by Eran Feigenbaum, Director of Security, Google Enterprise

One of the ways our customers can be are assured their data is protected is through third-party audits and certifications. Since 2008, Google Apps has successfully undergone annual SAS 70 Type II audits. This year the SAS70 Type II audit has evolved into the SSAE 16 Type II attestation and its international counterpart, ISAE 3402 Type II. We’re happy to announce that Google is one of the first major cloud providers to be certified for compliance to these new audit standards.

Over the past few weeks, Google has successfully completed the audit process for the SSAE 16 and ISAE 3402 standards for Google Apps and Postini services. In addition, we expanded the audits to include Google App Engine, Google Apps Script, and Google Storage for Developers. Together with the SAS 70 Type II (covering dates prior to June 15th, 2011), these third party audits provide additional assurance to customers that their data is well protected.

Third party audits are only part of the security and compliance benefits of Google Apps and Google App Engine products. We protect our Apps customers’ data by employing some of the foremost security experts, by executing rigorous safety processes, and by implementing cutting-edge technology. These protections are highlighted in our security white paper and data center video tour. For more information visit our Google Apps Trust page.

We take extensive measures to protect our users’ data and we are constantly innovating to develop new features and capabilities in these areas.

Security First: Google at the Security Confab Conference

Adam Swidler — Tue, 19 Jul 2011 08:42:00 +0000

Posted by Adam Swidler, Sr. Manager, Google Apps Team

Last week the Google Enterprise team participated in the 5th Annual Security Confab in Monterey, CA, from July 12-14. The Confab event brought together information security leaders from public and private sector organizations to discuss thought-provoking topics around information and cyber security issues.

At the conference, John Collins, Google’s Sr. Global Trust Product Manager, presented a talk entitled “Private Insecurities and Public Transparency.” John compared the attributes of public clouds and so-called private clouds in an attempt to dispel the myth that private clouds offer cost and productivity benefits without security concerns. In fact, the opposite is true: private clouds do not deliver the same benefits as public clouds, but they still require significant investment to secure and protect.

For more information about how we protect the data our customers store in Google Apps, visit our Google Apps Trust page. Many of the protections are highlighted in our security white paper and data center video tour. We take extreme measures to protect our users’ data and we are constantly innovating to develop new features and capabilities in these areas.

Security First – A Chat with Google Apps Security and Privacy Experts

Adam Swidler — Mon, 15 Nov 2010 20:00:00 +0000

Google Apps customers experience both cost savings and productivity benefits, and more than 3 million of businesses have made the switch to Google Apps. To answer some of the questions businesses often ask about the security and privacy of data that is stored in Google Apps, we released the Google Apps Security Whitepaper in June. And to provide further visibility into how we protect the data in Google Apps, we are hosting a webcast on November 18th, 2010. Register today to attend this webcast.

In the webcast, Eran Feigenbaum, Director of Security for Google Apps, will describe some of the challenges of securing traditional on-premise IT infrastructure and explain how Google’s cloud computing architecture can offer an improved security model. John Collins, Google Enterprise Trust Product Manager, will then talk about how Google protects the privacy of the data that is stored in Google Apps.

We will take questions from the audience, so if your business or organization is considering a move to Google Apps, this session will be a great opportunity.

Register to attend this webcast, Thursday, November 18th at 11:00 AM PST / 2:00 PM EST / 19:00 GMT.

Posted by Adam Swidler, Google Apps team

Security First: Google at the Cloud Security Institute Conference

Adam Swidler — Tue, 26 Oct 2010 20:20:00 +0000

The Google Enterprise team is excited to be participating in the Computer Security Institute Annual Conference, CSI 2010, taking place in National Harbor, Maryland, from Tuesday through Friday, October 26-29. CSI2010 brings together security and IT professionals from around the world to discuss and share best practices in computer security, risk management and compliance. The event features keynote presentations, workshops, panel discussions and customer case studies. Google’s Adam Swidler will be presenting a session entitled “Is Your Organization’s Data Safer in the Cloud?” at 11:15 AM EDT on Friday, October 29.

If you'll be at the conference, please join us for Adam’s presentation to hear about information security, privacy, and data protection in the cloud from Google’s perspective. If you can’t attend the conference, please visit our website for more information about about the security and privacy of data in Google Apps.

Posted by Ashley Chandler, Google Apps team

Google Message Security recognized for excellence

Adam Swidler — Mon, 27 Sep 2010 21:37:00 +0000

Google Message Security, powered by Postini, is a leader in cloud-based email security and we are honored that it has recently been recognized with several significant awards:

Google Message Security (GMS) was was selected as the Gold award-winner of the “Messaging Security Products” category by the readers of Information Security magazine and is featured in the September issue.

GMS also recently won the Top Provider award in the “Security as a Service” category of the recent 2010 Nemertes Pilot House Awards. GMS scored the highest of all vendors in every category including “Technology, Customer Service and Value.”
In addition, GMS was the top-rated product across all 12 categories that were evaluated, earning GMS the 2010 PilotHouse Admiral Award.

At Google, we focus intensely on the user experience, so we are especially proud to receive these awards that are voted on by security and technology experts who are Google Message Security users.

Thanks go to Information Security magazine, Nemertes Research and especially to the many users who voted for Google Message Security. We'd also like to congratulate our fellow nominees and award-winners and acknowledge their contributions to the field of online security.

For more information on Google Message Security and the Postini suite of security and archiving products, please visit, www.google.com/postini

Posted by Adam Swidler, Google Postini team

Join us! Live Google Postini webinar featuring Enterprise Holdings on 9/28

Adam Swidler — Thu, 23 Sep 2010 00:33:00 +0000

Enterprise Holdings is the largest rental car company in North America and operates Alamo Rent A Car, Enterprise Rent-A-Car and National Car Rental. They manage over 1.1 million cars, 68,000 employees and 7,600 locations around the world. When Enterprise Holdings wanted to add more security to their corporate e-mail, they chose Google Postini Services.

Join us for a free webinar on September 28, where Michael Preuss, Manager of Windows Engineering for Enterprise Holdings, will discuss why his company chose a cloud-based message security solution and how Postini’s powerful spam filtering technology was able to help them address their email security challenges. Adam Swidler, Senior Manager with Google Enterprise, will also provide an overview of Google’s security solutions and facilitate a deep-dive discussion into best-in-class practices for organizations interested in enterprise-grade protection.

A live Q & A session will follow. We hope you can join us!

Message Security in the Cloud
Tuesday, September 28th, 2010
10 a.m. PDT / 1 p.m. EDT / 6 p.m. GMT
Register here

Posted by Adrian Soghoian, Google Postini Services team

A more secure cloud for millions of Google Apps users

Adam Swidler — Mon, 20 Sep 2010 08:55:00 +0000

Cloud computing is about making your information easily accessible from anywhere, on any device. Until today, organizations looking to secure their information beyond a password have faced costs and complexities that prevented many of them from using stronger security technologies. Today we are changing that with the introduction of a more secure sign-in capability for Google Apps accounts that significantly increases the security of the cloud: Two-step verification. For the first time, we’re making it possible for organizations large and small to use this technology in just a few clicks for free. In the coming months, we’ll also be offering this same security to our hundreds of millions of individual Google users.

Two-step verification is easy to set up, manage and use. When enabled by an administrator, it requires two means of identification to sign in to a Google Apps account, something you know: a password, and something you have: a mobile phone. It doesn’t require any special tokens or devices. After entering your password, a verification code is sent to your mobile phone via SMS, voice calls, or generated on an application you can install on your Android, BlackBerry or iPhone device. This makes it much more likely that you’re the only one accessing your data: even if someone has stolen your password, they'll need more than that to access your account. You can also indicate when you're using a computer you trust and don't want to be asked for a verification code from that machine in the future.

Two-step verification is built on an open standard designed to allow integration with other vendors’ authentication technologies in the future. We are also open sourcing our mobile authentication app so that companies can customize it as they see fit.

Two-step verification continues Google’s stream of security innovation. In early 2009, we added the ability to view password strength and set minimum password length requirements for Google Apps accounts. Later in the year we were the first to provide HTTPS encryption to millions of users, and in 2010 Google Apps was the first cloud messaging and collaboration service to gain US government security certification.

Administrators for Google Apps Premier, Education, and Government Editions can activate Two-step verification from the English version of the Admin Control Panel now, and Standard Edition customers will be able to access it in the months ahead. Once enabled by their administrator, end users can set it up in the Accounts tab in Gmail settings.

Posted by Eran Feigenbaum, Director of Security, Google Apps