Google employs more than 550 full-time security and privacy professionals, who are part of our software engineering and operations division. Our team includes some of the world’s foremost experts in information, application and network security.
-
Employee background checks
-
Security training for all employees
-
Internal security and privacy events
-
Dedicated security team & privacy team
-
Internal audit and compliance specialists
-
Collaboration with the security research community
Operational Security
Google helps tens of millions of people every day to protect themselves from harm by showing warnings to users of Google Chrome, Mozilla Firefox and Apple Safari when they attempt to navigate to websites that would steal their personal information or install software designed to take over their computers.
-
Vulnerability management
-
Malware prevention
-
Monitoring
-
Incident management
Technology with Security at Its Core
Google’s IP data network consists of our own fiber, public fiber, and undersea cables. This allows us to deliver highly available and low latency services across the globe.
Google’s data centers are geographically distributed to minimize the effects of regional disruptions such as natural disasters and local outages.
-
State-of-the-art data centers
Powering our data centers
Environmental impact -
Custom server hardware and software
-
Hardware tracking and disposal
-
A global network with unique security benefits
-
Encrypting data in transit, at rest and on backup media
-
Low latency and highly available solution
-
Service availability
Independent Third-Party Certifications
Google’s customers and regulators expect independent verification of our security, privacy, and compliance controls. In order to provide this, we
undergo several independent third-party audits on a regular basis.
-
ISO 27001
-
ISO 27017
-
ISO 27018
-
SOC 2/3
-
FedRAMP
Regulatory compliance
Our customers have varying regulatory compliance needs. Our clients operate across regulated industries, including finance, pharmaceutical and manufacturing.
-
Data processing amendment
-
EU Data Protection Directive
EU model contract clauses -
Children’s Online Privacy Protection Act of 1998 (COPPA)
-
U.S. Health Insurance Portability and Accountability Act (HIPAA)
-
U.S. Family Educational Rights and Privacy Act (FERPA)
Data Access and Restrictions & Data Usage
We believe the public deserves to know the full extent to which governments request user information from Google. That’s why we became the first company to start regularly publishing reports about government data requests.
-
Administrative access
-
For customer administrators
-
Law enforcement data requests
-
Third-party suppliers
-
Table of Contents
-
Our philosophy
-
No advertising in G Suite
Empowering Users and Administrators to Improve Security and Compliance
G Suite also offers administrators full control to configure infrastructure, applications and system integrations in a single dashboard via our Admin console — regardless of the size of the organization.
-
User authentication/authorization features
-
Data management features
-
Email security features
-
eDiscovery features
-
Securing endpoints
-
Data recovery
“G Suite administrators can require that email to or from specific domains or email addresses be encrypted with Transport Layer Security (TLS).”
“Administrators can enforce policies over mobile devices in their organization, encrypt data on devices, and perform actions like remotely wiping or locking lost or stolen devices.”
“An administrator can restore a user’s Drive or Gmail data for up to 25 days after date of deletion. After 25 days, Google permanently deletes the user data, and it can’t be restored, even if you contact technical support.”