Google has earned approval to manage some of the federal government’s most sensitive data in its commercial cloud infrastructure.
Google Cloud Platform received the Federal Risk and Authorization Management Program’s (FedRAMP) High authorization to operate for 17 products it can now offer agencies like NASA that face stringent security requirements.
“These new certifications reflect our continued investment and support for customers in the U.S. public sector, and is another example of momentum we’re seeing as government agencies move to the cloud,” Mike Daniels, vice president of public sector for Google Cloud, wrote in a Wednesday blog.
In 2011, the Office of Management and Budget established FedRAMP to authorize and continuously monitor cloud service offerings across agencies. FedRAMP requires cloud service providers like Google Cloud meet minimum security requirements for the data they handle based on the impact its compromise would have on agency operations, assets and people.
The program authorizes offerings at the Low, Moderate and High levels, with high-impact data defined as that which would have a “severe or catastrophic adverse effect” on agencies if its confidentiality, integrity or availability were lost. In other words, high-impact data is the government’s “most sensitive, unclassified data” in the cloud because of its potential impacts on lives and financial ruin, according to the FedRAMP Program Management Office.
With a High authorization, Google Cloud can now support unclassified workloads like health care delivery, emergency response and space operation.
The tech company already provides machine-learning technology to NASA’s Frontier Development Lab, as it works to identify life on other planets, and is helping the Air Force modernize modeling and simulation training infrastructure.
High authorization required extensive documentation of how Google Cloud’s infrastructure and platforms secure data through zero-trust networking among other measures. The FedRAMP Joint Authorization Board ensured Google Cloud’s monitoring, patching and vulnerability scanning met High requirements.
Google Cloud already maintains a Moderate authorization for the platform and G Suite, which was expanded to 64 products across 17 cloud regions, the tech company also announced Wednesday.