The Cloud Security Alliance industry organization launched the Trusted Cloud Initiative to assist cloud service providers in developing industry-recommended, safe, and interoperable identity, access, and compliance management settings and practices.
The Trusted Cloud Initiative was developed by the Cloud Security Alliance to help cloud service providers achieve secure identity access and compliance practices.
Certification Against Criteria
Within cybersecurity, it is important to have standards against which you can certify that a product or service, such as that from a cloud provider, is being delivered responsibly. While these standards are covered in more detail in the course on compliance, it is important to familiarize yourself with cybersecurity standards and those specific to cloud computing.
- ISO/IEC 27001 is perhaps the most widely known and accepted information security standard.
- ISO/IEC 27017 offers guidelines for the provision and use of cloud services.
System/Subsystem Product Certifications
Two additional standards that play a role in certifying the security of a service or product are the Federal Information Processing Standard number 140 (FIPS 140) and Common Criteria. FIPS is a government standard, and compliance with it is designated as anywhere from 1 (easiest level to achieve) to 4 (most stringent level). Requirements or certification is often expressed like FIPS 140-2, meaning level 2 certification.
Common Criteria (CC) is a set of international standards for how to evaluate security features and capabilities of cybersecurity products.
Delivering most trusted cloud
Google Cloud is a security leader, and with recent discoveries about software supply chain threats affecting governments and other organizations, consumers need to have faith in the providers to whom they entrust their mission-critical operations and information assets.
At Google Cloud, we protect your data from threats and fraudulent activity by using the same infrastructure and security services that we use for our own operations, giving you access to advanced capabilities that would otherwise be unavailable to all but the most well-resourced global organizations.
where security technologies are incorporated into platforms and products, where security operations as a silo may vanish and your important security personnel can be less strained, and, finally, where risk is considerably reduced.