Your security and privacy

Two of the most common topics of questions regarding Google in general, and Google Apps specifically, are security and privacy. We take both topics very seriously and truly believe that our offerings are a great option for customers on both fronts. Our business is built on our users' trust: trust in our ability to properly secure their data and our commitment to respect the privacy of the information they place in our systems by not giving that information to others or using it inappropriately.

In order to help answer some of the many questions we receive and to dispel some common misconceptions we encounter; we have created this FAQ and a corresponding Google Apps security site. We hope this helps to answer some of your questions about Google's position on these important issues!

If you need to report an abuse issue, learn more about reporting abuse issues to our team.

Privacy

Who owns the data that organizations put into Google Apps?

To put it simply, Google does not own your data. We do not take a position on whether the data belongs to the institution signing up for Apps, or the individual user (that's between the two of you), but we know it doesn't belong to us!

The data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things.

  1. We won't share your data with others except as noted in our Privacy Policy.
  2. We keep your data as long as you require us to keep it.
  3. Finally, you should be able to take your data with you if you choose to use external services in conjunction with Google Apps or stop using our services altogether.

 

When can Google employees access my account?

Google may only access data in your account in strict compliance with our Privacy Policy and your Customer Agreement. For purposes of providing technical support, an administrator from your domain may choose to grant the Google Support team permission to access accounts in order to resolve a specified issue.

Which of my users can gain access to my Google Apps administrative account?

Only the owner and managers of the domain name can create a Google Apps administrative account. Upon signing up, a Google Apps administrator is asked to verify control of the domain by making a change to the DNS records. Without this verification, Google will not allow an administrative account to be opened. None of the Google services can be actively managed for a domain until domain ownership is verified.

After an administrator has verified ownership, other usernames in the account may be granted administrative privileges at the discretion of any administrator.

Non-administrative users on the domain may also contact the Google Apps Support team to request administrative access. The normal domain verification process will take place to ensure that the requestor has domain management rights.

Lastly, any individual who has access to your registered secondary email address can initiate a password reset and access the primary administrator account.

Which of my end-users can gain access to other end-users' accounts?

Per your domain’s Customer Agreement, Google Apps administrators for a domain can access all end-user accounts and the associated data, as described in our Privacy Policy.

As a domain administrator, you have control of all user names and passwords within your domain. You may access your users' accounts in conformity with the Customer Agreement. We do require that you have a policy about such actions that is published to your end-users.

Does Google give third parties access to my organization's data?

Google may only share information with third parties in conformity with our Privacy Policy and your Customer Agreement. Google does not share or reveal private user content such as email or personal information with third parties except as required by law (see the Google Transparency Report), on request by a user or system administrator, or to protect our systems. These exceptions include requests by users that Google's support staff access their email messages in order to diagnose problems; when Google is required by law to do so; and when we are compelled to disclose personal information because we reasonably believe it's necessary in order to protect the rights, property or safety of Google, its users and the public.

For full details, please refer to the "Information Sharing" section of our Privacy Policy.

What kind of scanning/indexing of user data is done?

Our systems scan and index emails and some other user data for multiple purposes; this scanning is 100% automated and cannot be turned off. Scanning enables us to, for example, perform spam and malware detection, sort email for features like Priority Inbox, and return fast and powerful search results when users search for information in their accounts. The scanning and indexing that our systems run also enable us to display contextually relevant advertising, including in Gmail. If your domain disables ads, we will not use your data to display such advertising to your users. Domains using the free Standard Edition of Google Apps cannot disable ads.

For more information, see our detailed Privacy Policy, Privacy Principles, and our Google Apps Terms of Service (Google Apps free edition, Google Apps for Business, Google Apps for Education).

How long does Google keep my organization's data?

We believe that you should have control over your data. Google maintains multiple backup copies of users' content so that we can recover data and restore accounts in case of errors or system failure. When you ask us to delete messages and content, we make reasonable efforts to remove deleted information from our systems within a commercially reasonable amount of time. Learn more.

How does Google handle law enforcement requests?

Please see the Google Transparency Report for information regarding government requests for user data.

How does Google process objectionably illegal content?

Google will take down malware, pornography, child sexual abuse imagery, copyrighted or trademarked content when notified by a third party, or if our systems detect these types of content on Google servers.

Google will contact the primary account administrator in the event content is taken down.

Need to report abuse? Please see our Reporting Abuse Incidents page.
Is my organization compliant with the European Commission Directive on Data Protection if we use Google Apps?

Google adheres to the U.S. Safe Harbor Privacy Principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement, and is registered with the U.S. Department of Commerce’s Safe Harbor Program.

Generally, an organization must decide whether its use of Google Apps is compliant with any regulations it may be subject to.

Where can I find more information on Google's Privacy Policy?

Please see our Privacy Center for more information: http://www.google.com/privacy.html.

Security

What does a Google Apps SSAE 16/ISAE 3402 Type II audit mean to me?

An independent third party auditor issued Google Apps an unqualified SSAE 16 and ISAE 3402 Type II audit opinion. Google is proud to provide Google Apps administrators the peace of mind knowing that their data is secure under the SSAE 16 and ISAE 3402 auditing industry standards.

The independent third party auditor verified that Google Apps has the following controls and protocols in place:

  • Logical security: Controls provide reasonable assurance that logical access to Google Apps production systems and data is restricted to authorized individuals
  • Privacy: Controls provide reasonable assurance that Google has implemented policies and procedures addressing the privacy of customer data related to Google Apps
  • Data center physical security: Controls provide reasonable assurance that data centers that house Google Apps data and corporate offices are protected
  • Incident management and availability: Controls provide reasonable assurance that Google Apps systems are redundant and incidents are properly reported, responded to, and recorded
  • Change management: Controls provide reasonable assurance that development of and changes to Google Apps undergo testing and independent code review prior to release into production
  • Organization and administration: Controls provide reasonable assurance that management provides the infrastructure and mechanisms to track and communicate initiatives within the company that impact Google Apps
What does a Google Apps SAS70 Type II audit mean to me?

An independent third party auditor issued Google Apps an unqualified SAS70 Type II certification. Google is proud to provide Google Apps administrators the peace of mind knowing that their data is secure under the SAS70 auditing industry standard.

The independent third party auditor verified that Google Apps has the following controls and protocols in place:

  • Logical security: Controls provide reasonable assurance that logical access to Google Apps production systems and data is restricted to authorized individuals
  • Privacy: Controls provide reasonable assurance that Google has implemented policies and procedures addressing the privacy of customer data related to Google Apps
  • Data center physical security: Controls provide reasonable assurance that data centers that house Google Apps data and corporate offices are protected
  • Incident management and availability: Controls provide reasonable assurance that Google Apps systems are redundant and incidents are properly reported, responded to, and recorded
  • Change management: Controls provide reasonable assurance that development of and changes to Google Apps undergo testing and independent code review prior to release into production
  • Organization and administration: Controls provide reasonable assurance that management provides the infrastructure and mechanisms to track and communicate initiatives within the company that impact Google Apps
Where is my organization's data stored?

Your data will be stored in Google's network of data centers. Google maintains a number of geographically distributed data centers (see location information). Google's computing clusters are designed with resiliency and redundancy in mind, eliminating any single point of failure and minimizing the impact of common equipment failures and environmental risks.

Access to data centers is very limited to only authorized select Google employees personnel.

Is my organization's data safe from your other customers when it is running on the same servers?

Yes. Data is virtually protected as if it were on its own server. Unauthorized parties cannot access your data. Your competitors cannot access your data, and vice versa. In fact, all user accounts are protected via this virtual lock and key that ensures that one user cannot see another user's data. This is similar to how customer data is segmented in other shared infrastructures such as online banking applications.

Google Apps has received a satisfactory SSAE 16 and ISAE 3402 Type II audit. This means that an independent auditor has examined the controls protecting the data in Google Apps (including logical security, privacy, Data Center security, etc) and provided reasonable assurance that these controls are in place and operating effectively.

How are Google passwords generated for Google Apps user accounts?

To generate passwords for new user accounts, Google uses a mixed pattern of symbols, upper and lower case letters, and numbers. The length of the password will be the greater of the required minimum (8), or the minimum password length you've set for your domain.

An administrator/end-user deleted a number of email messages, how can I recover them?

Once an administrator or end-user has deleted any data in Google Apps, we delete it according to your Customer Agreement and our Privacy Policy.

Data is irretrievable once an administrator deletes a user account. See the Help Center for best practices for deleting users.

If you need to recover email messages, Google offers additional archiving products that can complement Google Apps for Business, Government and Education editions. For non-email data recovery solutions, please consult the Google Apps Marketplace where one of our partners may have a solution suitable for your needs.

How do you protect your infrastructure against hackers and other threats?

Google, an established provider of web-based services has gone to great lengths to protect against threats. Google runs its data centers using custom hardware running a custom OS and filesystem. Each of these systems has been optimized for security and performance. The Google Security Team is working with external parties to constantly test and enhance security infrastructure to ensure it is impervious to external attackers. And because Google controls the entire stack running our systems, we are able to quickly respond to any threats or weaknesses that may emerge.

Google maintains a number of geographically distributed data centers. Google’s computing clusters are designed with resiliency and redundancy in mind, eliminating single points of failure and minimizing the impact of common equipment failures and environmental risks. Access to our data centers is restricted to authorized personnel.

How do you prevent and resolve security flaws in your applications?

Google products and services go through a series of security reviews. If a security flaw is found in an application or infrastructure component, we evaluate the risk and respond accordingly. Because we are hosting the applications in our own data centers, we can quickly deploy fixes to all our systems without requiring any action on your part.

We enjoy working with an array of researchers to improve Google security. We also have the Google Vulnerability Reward program designed to encourage new researchers and the types of reports that help make our users safer.

How do you protect against machine failures or natural disaster?

The application and network architecture run by Google is designed for maximum reliability and uptime. Google's computing platform assumes ongoing hardware failure, and robust software fail-over withstands this disruption. All Google systems are inherently redundant by design, and each subsystem is not dependent on any particular physical or logical server for ongoing operation. Data is replicated multiple times across Google's clustered active servers, so, in the case of a machine failure, data will still be accessible through another system. We also replicate data to secondary data centers to ensure safety from data center failures.

Is it safe for my organization to access Google Apps over the internet?

Google Apps services provide the ability to access all data using HTTPS encrypted tunnels. Customers can choose to require this option for their users, which helps ensure that no one except the user has access to his or her data. This is true for access to Gmail, Galendar, and Chat, Drive and Sites data via our web applications. The mobile email client also uses encrypted access to ensure the privacy of communications. We do not offer encryption on the Start Page or Google Video service at this time. We also require encryption for access to your mail data by third-party email clients.

I'm being asked to sign in at a different page. Why?

To help protect you against identity theft, we don't allow unauthorized non-Google webpages to collect your Google username and password. Otherwise, a malicious website that wanted to steal your password could more easily pose as a friendly site. This form of fraud is called phishing.

If you're ever in doubt, take a look at the internet address that's displayed in your browser's address bar. If the address isn't a Google website, don't enter your Google username and password.

One exception to this policy is the single sign-on feature offered in Google Apps for Business. Administrators can integrate Google services with existing web pages to provide a smooth user experience. Learn more

How do you protect my organization against spam, viruses and phishing attacks?

Google has one of the best spam blockers in the business, and it's integrated into Google Apps. Spam is purged every 30 days. We have built in virus checking, and we enforce checking of documents before allowing a user to download any message. Most computer viruses are contained in executable files, so standard virus detectors scan messages for executable files that appear to be viruses. Google helps block viruses in the most direct possible way: by not allowing users to receive executable files (such as files ending in .exe) that could contain damaging executable code; even if they are sent in a compressed (.zip, .tar, .tgz, .taz, .z, .gz) format.

Google supplies Chrome™ and Firefox® users with constantly updated filters against phishing and malware.

By combining advanced algorithms with reports about misleading pages from a number of sources, Google downloads to your browser a list of information about sites that may engage in phishing or contain malicious software. Safe Browsing is often able to automatically warn you when you encounter a page that's trying to trick you into disclosing personal information.

Need to report abuse? Please see our Reporting Abuse Incidents page.
What is CAPTCHA?

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a type of security measure known as challenge-response authentication. It is a login verification test that only a human can complete, protecting your account from spam, password decryption, and other forms of unauthorized digital account access. Google uses CAPTCHA to strengthen the security around the most sensitive account access points. Read more about CAPTCHA.

How do I prevent spammers from spoofing my domain name?

Publishing your SPF records will secure your domain name from anyone attempting to spoof your domain.

SPF allows a domain owner to use a special format of DNS TXT records to specify which machines/hosts are authorized to transmit email for their domain, making it difficult to forge From: addresses.

We strongly encourage you to publish SPF records for your domain.

Need to report abuse? Please see our Reporting Abuse Incidents page.
How does Google respond to users in my domain who are sending spam?

If Google identifies a Google Apps email user who is spamming, we reserve the right to immediately suspend the user. If the spam is domain-wide, we reserve the right to suspend the entire account and deny administrator access to all the Google Apps services. This is in accordance with the Google Apps Acceptable Use Policy.

We will notify the registered secondary email address of any spam violations.

Need to report abuse? Please see our Reporting Abuse Incidents page.
Can my organization use our own authentication system to provide user access to Google Apps?

Google Apps integrates with standard web single sign-on systems using the SAML 2.0 standard. Organizations can do the integration themselves, or work with a Google partner to accomplish this.

Does Google Apps offer SSL/TLS connectivity?

Yes, SSL (Secure Sockets Layer)/TLS (Transport Layer Security) connectivity is available for all Google Apps customers and is enabled by default for new customers.

SSL/TLS is a protocol that provides secure communications on the internet for such things as web browsing, email, instant messaging and other data transfers. If you enable HTTPS (Hypertext Transfer Protocol Secure) connections, Google will force HTTPS when your users access most services in Google Apps. HTTPS varies by service and is available for Gmail, Google Calendar, Google Drive, Google Sites, and Chat. For more information on enabling SSL, see the Help Center.

What is FISMA?

The Federal Information Security Management Act of 2002, or "FISMA", is a United States federal law pertaining to the information security of federal agencies' information systems. FISMA applies to all information systems used or operated by U.S. federal agencies -- or by contractors or other organizations on behalf of the government. Google Apps has received an authority to operate at the FISMA-Moderate level -- the standard level for Federal email systems -- from the U.S. federal government.

If you want to learn more about FISMA, there is a very thorough entry on Wikipedia.

Does Google Apps use opportunistic TLS when sending outbound emails?

Yes, Google Apps support SSL/TLS for SMTP communications and will use TLS to send outbound emails if the recipient party offers TLS.