| It can be difficult to assess which apps are secure, reliable, high-performing and well-integrated with G Suite products used most. And many businesses have neither the time nor the capability to do this assessment across all of the apps they might consider. |
| Recommended for G Suite makes this journey easier for you through Google recommending apps from other application providers. These apps are reviewed by Google and an independent third-party security firm to make sure the applications are safe, reliable, and meet our requirements for high quality integrations. Google may have a commercial relationship with some of these application providers. |
How are Recommended for G Suite applications reviewed?
Google reviews Recommended for G Suite applications based on a set of integration and security requirements. Google conducts a review of the application every 12 months to ensure ongoing reliability for our G Suite customers. For more information on our evaluation process, please click on the sections below:
Recommended for G Suite Apps Integration EvaluationGoogle performs manual testing on Recommended for G Suite applications to ensure G Suite APIs best practices are met. Testing includes, but is not limited to, the following:
G Suite Integration. The application provider:
- Monitors Daily Google APIs Quota Consumption.
- Implements Backoff Retry Strategy for HTTP 4xx and 5xx errors.
- Follows Google OAuth, OpenID, Google APIs and SSO best practices.
- Follows Google Cloud best practices if deployed on Google App Engine and Compute Engine.
Application Deployment. The application provider:
- Supports regionally diverse deployments.
- Supports deployment on several browsers and devices.
- Develops a rollback plan for any major deployment.
- Maintains a staging environment for testing and debugging.
- Implements a deployment strategy that can scale 10x of its current user base.
- Maintains an on call rotation of engineers in the event of customer deployments, product errors, failures, and outages.
For more information about the G Suite APIs best practices use, please visit the Google developer site.
Google collaborates with third party security penetration testing firms on a formal information security evaluation of each Recommended for G Suite application. Additionally, Google assess Recommended for G Suite applications based on their security policies and compliance.
Security Policies. The application provider:
- Implements an Information Security policy that is periodically reviewed, approved by the provider's Senior Management, and communicated to all employees.
- Implements an Incident Response & Risk Management policy that is periodically reviewed, approved by the provider's Senior Management, and communicated to all employees.
- Implements a vulnerability disclosure program.
Security Compliance. The application provider:
- Conducts frequent internal network and application penetration tests.
- Engages accredited third-parties to periodically audit internal security controls.
In collaboration with a third party firm, Google evaluates the security of each Recommended for G Suite application with a focus on vulnerabilities outlined in the OWASP Top 10 Program.
Since the application is reviewed on an annual basis, application providers and customers should conduct an internal or external network and web-application vulnerability scan prior to the release of any major upgrade of the application.
