GSA selects Google Email based on SAS 70 certification

December 1, 2010 – US General Services Administration picks Google for Email over Microsoft Outlook in part because of the dynamics of Cloud Computing, and the emphasis Google has placed on maintaining the highest focus on their controls by performing semi-annual SAS 70 audits.

Google has invested heavily in its security in every aspect of their cloud stack — physical infrastructure, network infrastructure, and application security. Google has also invested in defensive measures protecting their virtual machines and in their dynamic filtering implementations. It’s these very reasons that so many businesses and individuals worldwide trust Google with their proprietary and sensitive information. Google knows security.

No doubt Google’s security controls far exceed the requirements of a SAS 70 certification, but SAS 70 is the de facto international standard, currently, and though Google surely exceeds those standards, they appear to understand that performing periodic SAS 70 audits will identify deficiencies, if any.

The SAS 70 audit report is the standard that user and service organizations must rely upon, and in this case it appears that the Federal government leaned in Google’s favor over Microsoft in part because of the SAS 70 compliance report.