Google gains 'FedRAMP High' cloud-services security authorization 

By Justin Doubleday / December 4, 2019 at 3:56 PM

Google's cloud services arm today announced it achieved a "high impact" federal security authorization, clearing the way for the company to host the government’s most sensitive unclassified data.

Google Cloud Platform received a "High" authorization to operate for 17 products in five cloud regions under the Federal Risk and Authorization Management Program (FedRAMP), Google vice president for public sector Mike Daniels wrote in a blog post today. GCP also recently expanded its existing FedRAMP Moderate authorization to 64 products in 17 cloud regions, according to Daniels.

The new security authorization comes as Google looks to ramp up its enterprise services business, especially for public-sector customers.

"These new certifications reflect our continued investment and support for customers in the U.S. public sector, and is another example of momentum we’re seeing as government agencies move to the cloud," Daniels wrote.

Under FedRAMP, "High impact data" usually involves law enforcement and emergency services systems, financial systems, health systems, and any other system "where loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals," according to FedRAMP's website.

Google still lags behind cloud computing giants like Amazon Web Services and Microsoft Azure in its federal security certifications. Its lack of FedRAMP authorizations is one reason the company cited in its decision to forego bidding on the Defense Department’s potential 10-year, $10 billion Joint Enterprise Defense Infrastructure (JEDI) cloud services contract.

Last month, the Pentagon announced Microsoft as the winner of the JEDI contract, although Amazon is challenging the decision in court.

Google has also faced questions about its willingness to work with the federal government and DOD after it pulled out of the Pentagon's "Project Maven" artificial intelligence project last year.

In November, Google senior vice president for public affairs Kent Walker attempted to assuage concerns about whether the company is willing to engage with DOD and the broader national security apparatus. He said Google is still working with DOD on a number of initiatives, including cybersecurity, business process automation and healthcare.

"It is an area where it's right that we decided to press the reset button until we had an opportunity to develop our own set of AI principles, our own work with regard to internal standards and review processes," Walker said about the Project Maven contract.

"But that was a decision focused on a discrete contract, not a broader statement about our willingness or our history of working with the Department of Defense and the national security administration," he added.