Gemini Now SOC Compliant: What it Means for Your Data Security

With data breaches in the headlines regularly, security is an unavoidable, constant concern. Most recently, a breach by National Public Data could have exposed billions of personal records. Cyber groups have set up websites for people to search and find out if their personal data was affected: NPDBreach.com and NPD.pentester.com.
Google Services Now SOC Compliant
Organizations of all types and sizes are rightfully concerned and must remain vigilant to avoid being in the headlines for the next breach. They rely on Google to deliver innovative security technologies alongside workplace productivity and collaboration tools – again, rightfully so! With the reliability we’ve come to expect, Google recently announced that Gemini for Google Workspace is now Service and Organization Controls (SOC) 1, SOC 2, and SOC 3 compliant. This includes Gemini in the side panel of Gmail, Drive, Docs, Sheets, and Slides. Additionally, chatting with Gemini at gemini.google.com is now SOC 2 and SOC 3 compliant. Google plans to achieve SOC 1 compliance later this year.
With this new compliance awarded, customers can be confident that Workspace meets the industry standard for handling financial data, data security, availability, processing integrity, confidentiality, and privacy.
What is SOC Compliance?
American Institute of Certified Public Accountants (AICPA), describes SOC 2 examination as, “a report on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy.” It’s similar to a checkup with an exam to test that the proper controls are in place to keep data safe.
Achieving SOC Compliance
The SOC ‘checkup’ [audit] is always conducted by independent, third-party auditors which in Google’s case are Ernst & Young LLP and Coalfire. Google explains, “The SOC 3 reports are generated by an objective third party attesting to a set of assertions made by Google Cloud about its controls that are in place to protect customer data.”
Google states they are, “proud to provide Google Cloud administrators the peace of mind knowing that their data is secure under the SOC 2/3 auditing industry standards.” You can access the Google Cloud SOC3 public report and also can get a copy of the SOC 2 report from the Cloud Compliance Reports Manager.
How Does Gemini for Google Workspace Protect Your Data?
Google’s support pages provide extensive detail, and I’ve summarized a few highlights.
When Google Workspace commercial customers adopt Gemini for Google Workspace, they get the same robust data protection and security standards that come with all Google Workspace services, with specific protections for businesses, education, and public-sector customers:
- Google isolates all Gemini data that is within your Google tenant. This means that everything that is entered into Gemini, stays within your tenant.
- Users with a Gemini for Google Workspace license get enterprise-grade data protection when they use Gemini. Submissions aren’t used to train models used by other clients and are never reviewed by humans.
- Your interactions with Gemini for Google Workspace stay within your organization.
- Your existing Google Workspace protections are automatically applied.
- Your content is not used for other customers.
Cybersecurity Awareness Month
In 2004, the President of the United States and Congress declared the month of October to be Cybersecurity Awareness Month (CSAM). CSAM began as a collaboration between the U.S. Department of Homeland Security and the National Cybersecurity Alliance. Cybersecurity Awareness Month is supported by corporations, government agencies, schools, and nonprofits working to ensure Americans have the resources they need to stay safer and more secure online.
The National Cybersecurity Alliance lists the 2024 CSAM theme as, “Secure Our World,” to remind us that there are simple ways to protect yourself, your family, and your business from online threats.
The campaign focuses on the top four ways to stay safe online:
- Use strong passwords and a password manager
- Turn on multi-factor authentication
- Recognize and report phishing
- Update software
Watch the Google Security Basics Webinar
CSAM is a great time to conduct your checkup. For a deep dive into the strategies and solutions needed to fortify your cloud-first world, watch our recent webinar, “Google Security Basics: Establishing a Strong Foundation” on-demand.