Obviously the #1 question about using Google Apps for email and documents is security and compliance. The #1 benefit, of course, is it’s price tag: Free
I’d love to hear from compliance people, bank people, any people.
Here’s a starting point to read up on Google Apps and security
Courtney T.
An examiner is going to want to see a SAS70 from Google, and the page doesn’t mention it, so there might be some issues there.
However, the bank can always choose to accept the risk based on the information provided (assuming the bank is satisfied that it meets internal security requirements). That said, the bank should be prepared to go head to head with an examiner that might disagree with their choice.
Henry E.
My take is that the bank should not be sending confidential items via outside email, period. If they are, they are violating GLBA. That being said, if the bank has a written policy that says that “NO” confidential email is sent via outside email then there should be no reason not to use Google Apps and a SAS70 should not be required.
There should be a test, at least annually, to make SURE your employees are NOT violating your policy. This needs to happen, either way.
JB D.
“My take is that the bank should not be sending confidential items via outside email, period. If they are, they are violating GLBA. That being said, if the bank has a written policy that says that “NO” confidential email is sent via outside email then there should be no reason not to use Google Apps and a SAS70 should not be required.” – Henry E.
I agree to disagree… I have a client that I do IT work for on the side and his office loves google apps and not to mention its saving them a ton of money by not purchasing MS Office licenses. However from a banking stand point you would technically be violating GLBA with using google apps because if you send a email to Mary over in bookkeeping about customer XYZ and account 1234567 you have just transmitted confidential customer information to a outside email source even though it never left your domain, its still transmitted outside the network of the bank. Something else to think about is that by default google mail doesn’t use SSL encryption, the support for it is there but its treated like a extra feature that you have to turn on….
Thats my rant, but I still love google apps.
Courtney T.
JB D.,
Definitely love google apps, too.
From the FTC’s website:
“The GLB Act provides no opt-out right in several other situations: For example, an individual cannot opt out if:
I’ll grant that I may be reading into this, but it seems that the GLB Act acknowledges that some service providers are going to have access to this information, and if its a significant service, there’s not much the customer can do other than withdraw their business if they so choose.