Google Cloud achieves new public sector authorizations: Google Workspace earns FedRAMP High, key Google Cloud Platform services receive DoD IL4
Governments across the globe want to make life easier for their citizens—they want to enable businesses to thrive, increase public safety, and tackle society's most pressing challenges. Modernizing legacy public sector IT infrastructure is foundational to achieving this, and the right security is a prerequisite for digital transformation.
With so much at stake, governments often take direct ownership of defining security requirements and programs to ensure their data is protected in the cloud. In the United States, the FedRAMP and NIST frameworks set the bar for the security of society’s most vital systems—from general administration, to emergency services, to healthcare systems—protecting every citizen and society at large. The weight of this responsibility is reflected in the high bar that must be met to receive FedRAMP High authorization.
Google Workspace now is authorized at FedRAMP High
Today, we’re proud to announce that Google Workspace has achieved FedRAMP High authorization. This is a major milestone in our longstanding commitment to serving the needs of the public sector, and to making the world a safer place for everyone.
The U.S. federal government has made its ambition for multi-cloud solutions clear, but in many cases has remained strapped to legacy offerings. Having this new choice of a full suite, cloud-first productivity vendor isn't just a great thing for procurement and security; it also benefits our civil servants, empowering them with access to modern tools and technologies that help them seamlessly connect, create, and collaborate. And with this authorization, our federal customers can access the latest and greatest collaboration and security capabilities that Google Workspace offers without delay.
Security is at the forefront of everything we do; it’s infused in every layer of our product design to provide customers with always up-to-date protections against phishing, malware, ransomware, and other cyberattacks. With FedRAMP High authorization across Workspace’s public cloud offering, any customer can rest assured that they are collaborating at this high level of security, without having to purchase and deploy a separate “gov cloud” instance. It also means they can operate seamlessly with relevant government agencies without additional overhead.
Additional FedRAMP High authorized products bring Google Cloud capabilities to more public sector agencies
Google Cloud continues the steady growth of our catalog of FedRAMP High authorized services, including seven cloud regions. Recently, an additional four new products have also received FedRAMP High authorization, expanding on the authorizations we announced in April:
Admin Console is central to building, deploying and scaling applications, along with websites and services—and includes access to Google Cloud's cloud-native security, plus advanced features in services architecture and data analytics at scale.
Cloud Identity is a services-oriented solution to centrally manage both individual users and groups. It enables administrators to manage access and compliance, while ensuring the broadest possible freedom for individuals to work and collaborate, including federated management between Google and other identity providers.
Identity and Access Management provides a unified identity, access, app and endpoint management platform for any cloud project. Users gain better and faster access through single sign-on, while multi-factor authentication and endpoint management enables policy enforcement across all devices.
Virtual Private Cloud provides managed networking across Google Cloud resources, allowing both the flexibility to scale and assured control of workload connectivity, regionally and globally—without repetitive connectivity and administrative hassles.
Google Cloud earns Department of Defense Impact Level 4 Provisional Authorization
Another key security standard at the federal level is the Impact Level 4 (IL4) designation, which applies to controlled unclassified information (CUI). Today, we’re proud to announce that Google has earned IL4 authorization from the Defense Information Systems Agency (DISA), allowing CUI to be stored and processed across key Google Cloud services, including our compute, storage and networking offerings, data analytics, virtual private cloud, and identity and access management technologies, when used with Assured Workloads.
Unlike other providers, who offer limited authorized services on a small number of isolated “government cloud” regions, Google Cloud has obtained this authorization for our US public cloud regions, ensuring that customers always have access to and seamless compatibility with our latest, most innovative cloud services.
The result of substantial engineering work, this authorization will allow organizations who require an IL4 designation, including those in other industries like financial services and healthcare, to be compliant, while taking advantage of Google’s modern cloud technology. The configuration is supported in all seven U.S. regions, and ensures IL4 workloads are supported by U.S. personnel while being stored and processed in the United States.
Our new IL4 and FedRAMP authorizations join other Google Cloud data privacy and security features that allow customers to comply with the FBI's Criminal Justice Information Services (CJIS) standard and the IRS' Publication 1075 (IRS 1075).
Supporting government customers through evolving regulations
Expanding our list of compliance certifications and adding security and compliance resources is a critical part of Google Cloud's mission to deliver agile, open architectures, unified data and analytics, and leading security solutions—along with productivity tools that support an increasingly hybrid workforce.
While these are exciting developments for us, we are most excited about what it means for our public sector customers, who are working hard to achieve their missions and can now use cloud-first solutions to deliver on their mandates.
For the latest information on our ongoing compliance efforts across the globe, visit our Compliance Resource Center.