As an increasing number of businesses and government agencies begin relying on Google's cloud services, the company is going to increasing lengths to prove the security of things like Google Apps. In an interview with Wired, enterprise security director Eran Feigenbaum compares Google to early banking systems. "It’s very similar to the situation banks were in hundreds of years ago," he says. "They had to convince us to give them our money, to take the money out from under the mattress and put it in the bank."

In order to do that, Google has passed through several rounds of external security testing, most recently the highly-regarded ISO 27001 certification process. The traditional certification model, however, has caused problems, says Feigenbaum. "A lot of these certifications don’t fit into the cloud model. They’re thinking of traditional enterprise software that has release dates and release versions, and that’s not what the cloud is about." Its competitors have also zeroed in on potential security concerns: Microsoft called Google Apps "what happens when the world's largest advertising business tries to sell productivity software on the side." A group of US attorneys general, meanwhile, has expressed concerns about how Google's new privacy policy could affect the use of Apps. Google has said that its system has attracted 4 million businesses, but these privacy questions may not be answered even by tough security tests.