Google has received a seal of approval for Google Apps from the United States government. However, just because Google Apps has been declared secure enough for government data does not mean that SMBs should jump on the Google bandwagon without some due diligence.
A post on the Official Google Blog announces that Google Apps is "the first suite of cloud computing applications to receive Federal Information Security Management Act (FISMA) certification and accreditation from the U.S. government."
Moving messaging and productivity applications to the cloud reduces or eliminates costs associated with maintaining hardware and software, and makes it easier to allocate or redeploy resources as needed, but comes with additional security concerns as well. Google Apps for Government provides the same cost savings, availability, reliability, and disaster recovery features as standard Google Apps, but with additional security controls in place to meet the more stringent data protection needs of local, state, or federal government agencies.
To earn FISMA certification, the Google Apps for Government service incorporates lessons learned from projects like the ongoing implementation of Google Apps for the city of Los Angeles. In order to satisfy security concerns and win the LA contract, Google had to develop new security controls to ensure that data would only be stored on servers in the United States, and that only US citizens with proper clearance and authority are able to access it.
Microsoft is pursuing similar certification for its Web-based Exchange messaging services--putting the two tech giants head-to-head in yet another arena once Microsoft clears the hurdle.
For small and medium businesses, the government seal of approval is reason enough to take a closer look at Google Apps and other cloud-based solutions. However, it is worth noting that the FISMA certification does not include classified information, and that FISMA certification does not necessarily mean that a cloud-based solution like Google Apps meet requirements mandated by other compliance frameworks.
Businesses of all shapes and sizes are governed by various local, state, and federal laws, as well as industry guidelines that outline requirements for protecting data and communications. Before embracing the cloud and moving messaging, productivity, file storage, or any other function to the Web, companies need to consider the security controls in place and whether or not they are sufficient to comply with any applicable requirements.
SMBs can realize a variety of benefits from adopting cloud-based messaging and productivity solutions like Google Apps, and the FISMA certification seal of approval should provide some peace of mind. IT admins just need to carefully consider what data to trust to the cloud and the effect cloud-based services might have on compliance.