A: To put it simply, Google does not own your data. We do not take a position on whether the data belongs to the institution signing up for Apps, or the individual user (that’s between the two of you), but we know it doesn’t belong to us! The data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things. We won’t share your data with others except as noted in our Privacy Policy.

We keep your data as long as you require us to keep it. Finally, you should be able to take your data with you if you choose to use external services in conjunction with Google Apps or stop using our services altogether.

Q: Where is my organization’s data stored?

A: Your data will be stored in Google’s network of data centers. Google maintains a number of geographically distributed data centers, the locations of which are kept discreet for security purposes. Google’s computing clusters are designed with resiliency and redundancy in mind, eliminating any single point of failure and minimizing the impact of common equipment failures and environmental risks.

Access to data centers is very limited to only authorized select Google employees personnel.

Q: Is my organizations data safe from your other customers when it is running on the same servers?

A: Yes. Data is virtually protected as if it were on its own server. Unauthorized parties cannot access your data. Your competitors cannot access your data, and vice versa. In fact, all user accounts are protected via this virtual lock and key that ensures that one user cannot see another user’s data. This is similar to how customer data is segmented in other shared infrastructures such as online banking applications.

Google Apps has received a satisfactory SAS 70 Type II audit. This means that an independent auditor has examined the controls protecting the data in Google Apps (including logical security, privacy, Data Center security, etc) and provided reasonable assurance that these controls are in place and operating effectively.

Q: What does a Google Apps SAS70 Type II audit mean to me?

A: An independent third party auditor issued Google Apps an unqualified SAS70 Type II certification. Google is proud to provide Google Apps administrators the peace of mind knowing that their data is secure under the SAS70 auditing industry standard.

The independent third party auditor verified that Google Apps has the following controls and protocols in place:

• Logical security: Controls provide reasonable assurance that logical access to Google Apps production systems and data is restricted to authorized individuals

• Privacy: Controls provide reasonable assurance that Google has implemented policies and procedures addressing the privacy of customer data related to Google Apps

• Data center physical security: Controls provide reasonable assurance that data centers that house Google Apps data and corporate offices are protected

• Incident management and availability: Controls provide reasonable assurance that Google Apps systems are redundant and incidents are properly reported, responded to, and recorded

• Change management: Controls provide reasonable assurance that development of and changes to Google Apps undergo testing and independent code review prior to release into production

• Organization and administration: Controls provide reasonable assurance that management provides the infrastructure and mechanisms to track and communicate initiatives within the company that impact Google Apps

Q: Can my organization use our own authentication system to provide user access to Google Apps?

A: Google Apps integrates with standard web single sign-on systems using the SAML 2.0 standard. Organizations can do the integration themselves, or work with a Google partner to accomplish this.

Q: What is FISMA?

A : The Federal Information Security Management Act of 2002, or “FISMA”, is a United States federal law pertaining to the information security of federal agencies’ information systems. FISMA applies to all information systems used or operated by U.S. federal agencies — or by contractors or other organizations on behalf of the government. If you want to learn more about FISMA, there is a very thorough entry on Wikipedia.

Appstraction - Apps for Businesses on the Move