Jump to Content
Security & Identity

Trust Update: December 2022

December 8, 2022
Rani Urbas

Head of Enterprise Trust, Google Cloud

Tanya Popova-Jones

Head of Trusted Cloud Services, Office of the CISO

Hear monthly from our Cloud CISO in your inbox

Get the latest on security from Cloud CISO Phil Venables.


Every day, teams across Google Cloud come together to help address complex and pressing compliance, risk, and privacy requirements that enable customers to accelerate their digital transformation and innovate faster. Let’s take a look at some of our top trust and compliance-related efforts from the last few months: 

Combining data processing terms. In September, we updated and consolidated our data processing terms for Google Cloud, Google Workspace (including Workspace for Education), and Cloud Identity (when purchased separately). The combined terms are now one Cloud Data Processing Addendum (the “CDPA”). The updated terms maintain the previous benefits while strengthening our data processing commitments. We’ve also incorporated the new international data transfer addendum issued by the U.K. Information Commissioner. Learn more in our updated whitepaper

Seven Trusted Cloud announcements from Google Cloud Next ‘22. In October, we hosted Google Cloud Next ‘22, a global, 24-hour livestream and in-person event. At Next ‘22, we had seven new Trusted Cloud announcements, including Confidential Space, the next solution in our Confidential Computing portfolio. Confidential Space allows multiple parties to securely collaborate on joint tasks such as data analysis and machine learning (ML) model training. Read all of our Trusted Cloud announcements here

Advancing Digital Sovereignty. Also announced at Next ‘22 was our updated portfolio of Sovereign Solutions that help customers address their digital sovereignty concerns. These Solutions align with our 2021 “Cloud. On Europe’s Terms” announcement, and include Sovereign Controls, Supervised Cloud, and Hosted Cloud options. 

Expanding our cloud regions. In recent months, we announced five new Cloud regions, including Sweden and Norway, to support our customers' digital transformation and sustainability efforts. These new regions will help our customers maintain security, data residency, and compliance standards, including region-specific data storage requirements. Keep up to date with our latest Cloud locations here

Validating records retention in Japan. In January 2022, the Japanese government’s revisions of the Electronic Records Retention Law came into effect. To address these changes, the Japan Image and Information Management Association (JIIMA) created a certification for software which complies with the new legal requirements. JIIMA has certified Google Workspace as compliant with this certification that will help our customers meet their regulatory requirements for digital record-keeping in Japan. 

Meeting additional requirements. In other compliance news, our latest U.S. Public Sector compliance authorization, StateRAMP, enables us to support government customers with enhanced data residency and support capabilities via Assured Workloads. In Germany, we updated our Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) offerings, and with support from our trust partner, microfin, we mapped our compliance posture to German requirements for IT (BAIT/VAIT) in banking and insurance. 

The completed Korea Financial Security Institute (K-FSI) audit. To help support a group of leading South Korean financial institution customers, we worked with auditors from K-FSI to complete an audit based on their guidelines. Our customers joined this “pooled audit,” which is an excellent example of industry collaboration that helped increase their confidence in Google Cloud.  

Hot off the press: two new papers. For telecommunications organizations in the U.S., our paper Insights into the U.S. Telecommunications Industry addresses key industry trends, regulatory themes, influences, and how companies can use Google Cloud services to tackle their top-of-mind challenges. In support of the European Commission’s digital transformation vision, Google published a paper and blog outlining a set of security recommendations. The recommendations include driving resilience through “open security” and prioritizing strong encryption. 

Using our compliance developments

Many Google Cloud customers already use our trust resources to facilitate internal and external conversations with their key customers, business partners, and regulators. Visit our Compliance Resource Center or continue the conversation with our sales team.

Posted in