Jump to Content
Security & Identity

How Iron Mountain uses Assured Workloads to serve our customers’ compliance needs

January 27, 2023
David Williams

Cloud Manager, Iron Mountain Information Management, LLC

Hear monthly from our Cloud CISO in your inbox

Get the latest on security from Cloud CISO Phil Venables.


Editor’s note: Data storage experts Iron Mountain turned to Google Cloud when they wanted to scale their digital business. David Williams, cloud manager at Iron Mountain, explains in this post how Assured Workloads helped Iron Mountain’s InSight product achieve and maintain compliance with government standards and better protect customer data.  

Businesses need the right information to make decisions that lead to successful outcomes. With so much new data being generated every day, organizations can benefit greatly from information management services with significant data storage and classification capabilities to secure their data in a way that both optimizes value and maximizes compliance.

Iron Mountain has been storing data in one way or another since it was founded in 1951. We are trusted guardians for our customers’ information and assets, working with them to manage the complexity and risks of today and tomorrow by understanding, protecting and transforming what matters most. We now store digital and physical assets for more than 225,000 customers around the world.

Iron Mountain InSight is a content services platform that provides actionable business insights and predictive analytics through machine learning (ML)-based classification of a company’s physical and digital information. InSight adds structure, context and meta-data to information to make it more usable. The resulting enriched content can then enable enhanced automated governance and workflows throughout an organization.

Regulatory requirements are top of mind for our customers

Part of our job as a provider of information management solutions is to stay on top of every requirement for storing, protecting, and managing the data of customers across a range of industries in 58 countries. As policies shift, we need to make sure that we are up to date with support for regulatory requirements. New technologies and other innovations are constantly being added to our business environment and we need to ensure that the regulatory compliance process is keeping up with the pace of innovation.


Google Cloud works with us to help securely manage workloads and meet the requirements of our regulators and customers globally. We chose to deploy with Google Cloud Assured Workloads because it provides us with the security controls we need and helps address a wide range of compliance requirements. Our ability to meet compliance requirements around the globe enables us to grow our business while reducing the overhead and complexities of the complex multinational compliance process.

Data residency is a key requirement for us. Assured Workloads allow us to customize and restrict data storage to certain regions, so we know for sure that the data is where it should be. Building on Google Cloud’s default encryption in transit and at rest, it also gives us a robust set of tools to manage our own and our customers’ encryption keys.

Google Cloud’s global footprint combined with Assured Workloads controls enables us to address compliance at scale. By making use of dedicated folders with specific controls for particular compliance types, there’s a regulated boundary and restricted access where we need it. Assured Workloads allowed for easy repeat deployments while implementing and maintaining tight security controls. It allows us to use the same code base across the entire Google Cloud global platform, including the same services and the same machine learning APIs, so that we can use the latest technology for our customers — without adding more developer or operational teams. 

Our journey to FedRAMP certification using Assured Workloads

Security is one of the core things that Iron Mountain is known for. When we started our journey with Iron Mountain InSight, a key to our success was to get our FedRAMP Authority to Operate (ATO) so we could serve U.S. public sector customers with similarly high security requirements.

We embarked on a 12-month process working through the ISO, SOC, and NIST controls and with each step, we got closer to FedRAMP certification. Partnering with Google Cloud allowed us to scale up faster and enabled us to more quickly achieve FedRAMP certification.

Google Cloud’s shared fate operating model allowed us to reduce the number of controls we were responsible for to help achieve FedRAMP compliance. We were able to inherit key compliance and security controls that were configured by default, so we could focus on implementing additional controls we needed to support our specific business requirements. With Google Cloud doing the heavy lifting, it allowed us to confidently move our federal government business forward while simultaneously strengthening the security posture of our InSight platform. 

The best part is Assured Workloads locks configurations down and eliminates any unwarranted changes to configurations or resources. There’s no room for mistakes in a deployment file, or a manually created resource. Access to support engineers in each geographical region gives peace of mind to us and our customers — and it helped us achieve our FedRAMP ATO in record time.

Securing the future with Google Cloud

We are expanding our InSight service to multiple regions around the world. As Google Cloud has offered Assured Workloads in more global regions, including Europe and Canada, we are able to expand along with it. Plans to expand into APAC regions will help us to scale even further globally.

Compliance can enable your company to grow its business across the globe. Assured Workloads was a starting point for us to enter new regions and scale without the complexities associated with entering a regulated market. It means we can meet multinational compliance needs using a single cloud.

Posted in