It is common for cloud computing vendors often promote their security credentials, and doing so gives prospective customers valuable information about the vendors’ security operations and capabilities.
If your vendor is still promoting their SAS 70 Type II certifications, however, they are a little bit out of date.
As of June 15, 2011, the American Institute of CPAs replaced SAS 70 with SSAE 16, a much more rigorous standard for service provider security audits and attestations. SSAE 16 is also in line with a separate, international security audit and attestation standard, ISAE 3402.
If you use Google Apps, Google Postini Services, Google App Engine, and/or Google Apps Script, you are in good shape. Google is one of the first cloud computing vendors to move to the new, more rigorous, standards.
Google has attained SSAE 16 Type II and ISAE 3402 Type II certifications for these services. SAS 70 Type II certifications are still valid for audits conducted before June 15, 2011.
While third party audits are part of the security and compliance benefits of Google Apps and Google App Engine products. Google’s security efforts go well beyond audit requirements. You can learn more about Google’s security by reviewing the current security white paper and watching this data center video tour.
Want to know more? Contact us. We would be happy to discuss your needs.