SafeGov.org security experts have been questioning whether or not Google has a sufficient level of security surrounding their cloud services, for the protection of government information that it hosts. According to PRN, recent incidents have prompted SafeGov to speculate that Google indeed does not maintain adequate control measures over certain aspects of it’s cloud services.
SafeGov experts Karen Evans, Richard Falkenrath, Jeff Gould and Douglas Miller call for Google to take these proactive steps to reassure government customers that their information is fully secure:
(1) Create an audit program to ensure that their government-specific privacy policies are effectively implemented by Google’s cloud products and service delivery organization. By publishing the audit program results, Google would show to Congressional oversight and the American taxpayers that they are meeting the terms and conditions of their federal government contracts.
(2) Publish the results of the audit program so that Federal, State and Local government customers and the American taxpayers can be confident that Google’s privacy policies are sophisticated enough to protect government information. Furthermore, the audit would give adequate assurances that Google is not monitoring or sharing sensitive government information without explicit consent.
With Google’s new privacy policies going into effect on March 1st, sans any opt-out user control, SafeGov asserts that immediate action to improve security should be taken. SafeGov goes on to suggest that any government agencies using cloud services should likewise take the same measures they have suggested to Google.