Security is our priority.
Google Cloud combines a robust, world-scale infrastructure that is secure by design with a unique capability to innovate and stay ahead of the curve in security.
Raising the bar in security and privacy.
By designing and operating our entire computing stack, we control our production environments and can respond to issues, globally, at light speed. No other cloud provider we know of offers this kind of comprehensive security, reliability, and operational autonomy. With over 700 of the world’s best security engineers behind Google’s cloud, we bring more resources and advanced expertise to bear than on-premise solutions.
The number of Google engineers dedicated to your security.
Why choose Google?
We’ve always been driven to solve big problems, and we tackle security with the same spirit. We provide advanced, transparent, user-centric security to help you keep your organization’s data safe. Here’s how we do it:
Protection built into every step.
We control our entire technology stack. This allows us to detect threats quickly, respond effectively, and even anticipate incidents. By scaling advanced technologies like encryption and data replication over our entire operation, we’ve created a secure and self-healing system. And when it comes to deploying software updates at scale, Google’s culture of rigorous code review, coupled with our company-wide continuous testing infrastructure, eliminates vulnerabilities and optimizes for uptime whenever new software is deployed.
Streamlined security management.
Google manages your cloud infrastructure so you don’t have to worry about critical, but time-consuming, tasks like system monitoring, patching, and upgrading. We offer a rich set of security controls to help you implement your enterprise security policies and accomplish your business objectives. Google Cloud offers administrators extensive control and visibility over system and application security settings, including:
- Identity and Access Management (IAM), including Two Factor Authentication and Identity-as-a-Service (IDaaS)
- Data Loss Prevention (DLP)
- e-Discovery and Archiving
- Information Rights Management (IRM)
- Mobile Device Management (MDM)
- Spam & Malware Detection
- Forward Secrecy
- Anomalous Behavior Detection
Your data, in your control.
Google only uses your data to provide the service you’ve purchased from us. We don’t use your data for advertising. We give you the tools you need to manage your company’s information at all times — like our Admin console or our reports, logs, and APIs — so you can always see how we handle your data. And our Transparency Reports clearly outline our policies on sharing data with government agencies.
Learn more about how Google gives businesses control over how their data is used and shared
Advance the state of the art.
Google invests billions of dollars to continually evolve and improve our security. Our Cloud customers benefit directly from these improvements, and Google experts regularly share the security innovations we develop to help raise the bar for the industry. Our Project Zero regularly finds and drives fixes of 0-day vulnerabilities, not just in Google products, but in software used by our users. BeyondCorp shared how we approach perimeter-less security. We’ve also open sourced internal tools for forensics and vulnerability assessment.
Certifications, audits, and compliance.
To ensure our users’ security, we regularly undergo independent verification of our security, privacy, and compliance controls.
Our certifications from third-party auditors may include ISO 27001, ISO 27017, ISO 27018, AICPA SOC 1, SOC 2, SOC 3, and PCI DSS v3.1.
Google Cloud Platform supports customers covered by the U.S. Health Insurance Portability and Accountability Act (HIPAA) by entering into a Business Associate Agreement.
For our customers subject to European Data Protection Regulations, we offer EU model contract clauses as an additional means of meeting some of the adequacy and security requirements of the European Parliament. We adhere to the EU-US Privacy Shield Framework.
Google Cloud is committed to compliance with the EU General Data Protection Regulation (GDPR) across Google Cloud Platform services when the GDPR takes effect on 25 May 2018. We’ve created this page to serve as a resource for Google Cloud customers who will be required to comply with the GDPR.
Our certifications from third-party auditors may include ISO 27001, ISO 27017, ISO 27018, AICPA SOC 1, SOC 2, SOC 3, and FedRAMP.
Many G Suite products support our customers’ compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA), which governs the safeguarding, use, and disclosure of protected health information.
For our customers in Europe, we provide capabilities and contractual commitments designed specifically to help address EU data protection requirements, as interpreted by the guidance provided by the Article 29 Working Party. G Suite offers EU Model Contract Clauses and a Data Processing Amendment. We adhere to the EU-US Privacy Shield Framework. Additionally, G Suite has been assessed as appropriate for use with the UK government’s Security Principles for information classified as OFFICIAL (including OFFICIAL-SENSITIVE).
Google Cloud is committed to compliance with the EU General Data Protection Regulation (GDPR) across G Suite services when the GDPR takes effect on 25 May 2018. We’ve created this page to serve as a resource for Google Cloud customers who will be required to comply with the GDPR.
“The management and operational capabilities give us full control. We wouldn’t be able to reproduce this level of data protection with a competitor’s product.”
Senior Vice President, Advisor Technology Solutions, Charles Schwab
Join the conversation.
We have several programs designed to help us communicate our latest security updates and work closely with our customers and partners to solve specific issues.
Our security leadership is committed to participating in discussion with the global security community by way of regular appearances at summits worldwide, including our own NEXT events.
Google Cloud security workshops are designed to help our partners and customers rethink their security and strengthen their configuration for the future. These workshops include:
- Updates on the latest security developments from Google
- Security reviews: deep dives into security settings and controls
- Advice on how to plan and monitor for incidents
- Guidance for developing a quick and effective response to any incident
The Google Online Security blog provides the latest news and insights from Google on security and safety on the Internet, with frequent contributions from the Google Cloud teams.
Future-proof your enterprise.
Let us know what you’re looking for and we’ll follow up to discuss your needs.Work With Us