Demonstrating our commitment to protecting user privacy and student data

Thinking about cloud security? Join us for a new round of Google Cloud Security Talks
May 31, 2019
Part 3: Architect and Create Cloud Services Organizations for Skyline
May 31, 2019
Thinking about cloud security? Join us for a new round of Google Cloud Security Talks
May 31, 2019
Part 3: Architect and Create Cloud Services Organizations for Skyline
May 31, 2019

Assessing third-party vendors for security risks and data privacy policies is a crucial responsibility of any higher education institution, and this can be a time-consuming and burdensome task for campus IT professionals. To help ease these challenges, the higher education information security community, EDUCAUSE, Internet2, and the Research & Education Networks Information Sharing & Analysis Center (REN-ISAC) created the Higher Education Cloud Vendor Assessment Toolkit (HECVAT). Today we’re demonstrating our core commitment to protecting user data, documenting our extensive platform security capabilities by completing this comprehensive security assessment for Google Cloud Platform (GCP) and G Suite.

Google and a team of campuses recently completed the NET+ service validation to launch a NET+ GCP offering which provides Internet2 higher education members key enhancements to our standard GCP education terms. As part of that rigorous peer-driven review, four universities examined multiple components of GCP, including security, identity management, networking, accessibility, and legal terms, to validate its capabilities. By completing the HECVAT process, we’ve strengthened our support for EDUCAUSE, Internet2, the REN-ISAC, and the global research community.

The HECVAT self-assessments for GCP and G Suite cover our existing certifications (from the ISO 27000 standards, for example) and compliance with industry standards and detail authentication, data encryption methods, disaster recovery plans, and more. By completing this rigorous self-survey, we’re demonstrating our commitment to transparency and documenting the strict security protocols built into our infrastructure.

“The Higher Education Cloud Vendor Assessment Tool (HECVAT) was created by a Higher Education Information Security Council working group, in collaboration with campus participants, EDUCAUSE, Internet2, and REN-ISAC, to help institutions rapidly assess cloud services and reduce the resources needed for assessments,” said Nick Lewis, Program Manager for Security and Identity at Internet2. “Google’s adoption of HECVAT as part of the Internet2 NET+ Google Cloud Platform offering assures campuses of Google’s ongoing commitment to higher education’s unique security needs, advanced higher education information security, and supporting collaborative work.”

You can find Google’s HECVAT self-assessments on REN-ISAC’s Cloud Broker Index. To learn more about how HECVAT works, read the recent blog, What’s Next for HECVAT, from EDUCAUSE.

Leave a Reply

Your email address will not be published. Required fields are marked *