Addressing the UK NCSC’s Cloud Security Principles

As your organization adopts more cloud services, it's essential to get a clear picture of how sensitive data will be protected. Many authorities, from government regulators, to industry standards bodies and consortia, have provided guidance on how to evaluate cloud security. Notably, the UK National Cyber Security Centre offers a framework built around 14 Cloud Security Principles, and we recently updated our response detailing how we address these principles for both Google Cloud Platform (GCP) and G Suite. Google Cloud customers in the UK public sector can use the response to assess the suitability of these Google Cloud products to host their data with sensitivity levels up to “OFFICIAL,” including “OFFICIAL SENSITIVE.”

The UK National Cyber Security Centre was set up to improve the underlying security of the UK internet and to protect critical services from cyber attacks. Its 14 Cloud Security Principles are expansive and thorough, and include such important considerations as data in-transit protection, supply chain security, identity and authentication and secure use of the service.

The 14 NCSC Cloud Security Principles allow service providers like Google Cloud to highlight the security benefits of our products and services in an easily consumable format. Our response provides details about how GCP and G Suite satisfy the recommendations built into each of the principles, and describes the specific best practices, services and certifications that help us address the goals of each recommendation.

The NCSC also provides detailed ChromeOS deployment guidance to help organizations follow its 12 End User Device Security Principles. With an end-to-end solution encompassing GCP, applications and connected devices, Google Cloud provides the appropriate tools and functionality to allow you to adhere to the NCSC’s stringent security guidelines in letter and spirit.

Our response comes on the heels of GCP opening a new region in London, which allows GCP customers in the UK to improve the latency of their applications.

We look forward to working with all manner of UK customers, regulated and otherwise, as we build out a more secure, intelligent, collaborative and open cloud.