Google says the number of paying organizations actively using Google Drive crossed a million earlier this year. The company is taking steps to improve security and privacy protection for Drive as well as Google Apps for Work and Google Apps for Education.
For one, Google Drive is getting enhanced eDiscovery for Google Apps Vault, which gives businesses more visibility and control over employee files. In other words, Drive will fall under the same retention policies and legal hold capabilities available for email and chat. Google says these capabilities will help businesses meet their legal obligations and ensure employee files are archived and available as long as needed, even if employees delete them from their Drive. This is in limited rollout and will be generally available in the coming months.
Google has also updated the Mobile Device Management (MDM) for Google Drive business customers, enabling businesses to monitor usage, enforce strong passwords, and enable device encryption. If a worker loses their phone or leaves the company, the data can be wiped. Business data can we wiped without wiping their personal data. Earlier this year, Google Drive debuted on comScore’s list of the top 25 mobile apps. In August, it was number 16 on the list.
Finally, Google is adding the new ISO/IEC 27018:2014 privacy standard to its compliance framework.
“This audit validates our privacy practices and contractual commitments to our customers, verifying for example that we don’t use your data for advertising, that the data that you entrust with us remains yours and that we provide you with tools to delete and export your data,” explains Google Drive Director of Product Management Scott Johnston.
In a post on the Google for Work blog, Head of Global Compliance Marc Crandall says:
We continuously work with independent auditors to verify our data protection commitments. For example, over the years we’ve completed third-party SOC2 / SOC3 security audits and achieved ISO 27001 certification to provide transparency and accountability around our security procedures.
The 27018 audit also validates that our Google Apps data protection commitments meet a rigorous international privacy and data protection standard. We think that this a great step forward for both our customers and for the industry. While laws and regulations vary from country to country, the principles set forth in the standard are widely recognized.
Independent auditor Ernst & Young has verified Google’s privacy practices and contractual commitments for Google Apps for Work and Google Apps for Education comply with the new standard.