Google Apps for Business compliance with industry security and privacy standards is certified by official authorities. These include SAS 70 Type II certification, the US-EU and US-Swiss Safe Harbor agreements and ISO 27001.
Google's security procedures encompass the three following chief components:
Google employs a data security team comprising of the foremost international experts in the fields of information, application and network security. This team operates around the clock. It is responsible for the implemented on-site security systems, the assimilated security infrastructure of Google installations, the security of the company’s premises, as well as the development, documentation and implementation of Google security guidelines and standards.
Security is at the heart of every Google application, from its very inception. Google applications undergo several complex security audits within the framework of the Secure Code development process. The development environment for applications is strictly screened and thoroughly monitored in order to guarantee maximum security. In addition, external service providers perform regular detailed security audits of the processes in order to be able to rule out the possibility of security risks. In this way the system’s running performance is not impaired and the clients’ data is not disclosed.
Google Apps encrypts and distributes data in individual sequences to a multitude of servers and data storage media. This system guarantees that the individual data segments may not be stored contiguously, thereby preventing external parties or groups from assembling the data segments or decoding them. The system distributes file names randomly and this means that it is not possible to generate a file list of every client and that the individual data segments are not decipherable and can’t be reconstituted. The data is replicated over several data processing centres, whereby redundancy and constant availability are safeguarded. In order to minimise further security risks, each Google server is specially configured according to its individual function and exclusively equipped with the software components necessary for that purpose. The homogenous server architecture enables rapid updating and configuration changes over the entire network when the need arises.