If you’re a Google Workspace administrator or user selecting an application from the Google Workspace Marketplace, your first task is to make sure an application does the job you want completed as easily as possible. Beyond that, you might use the following four indicators from a Google Workspace Marketplace listing (Figure A) to prioritize your list of potential applications.
Figure A
Jump to:
- What does the Independent Security Verification badge indicate?
- Is a Google Workspace Marketplace application popular?
- How favorably do reviewers rate a Google Workspace Marketplace app?
- How actively does a vendor maintain their Google Workspace Marketplace app listing?
What does the Independent Security Verification badge indicate?
Google offers an Independent Security Verification badge for applications in the Google Workspace Marketplace. The badge is intended to help Workspace administrators and users select applications from the Marketplace to work alongside the core Google Workspace apps.
The Independent Security Verification badge signals that an application vendor was willing to submit to a third-party security review of their systems. As Google puts it, the application has been “validated by an independent security assessor to meet … integration and security requirements, as outlined in Tier 3 of the Cloud Application Security Assessment.”
When selecting applications, if all other things are equal, you should prefer an application with the Independent Security Verification badge (Figure A) over one that lacks it. The badge shows that a vendor values security sufficiently to dedicate resources to the task. Any application that lacks the badge may merit additional investigation to ensure that appropriate security systems and procedures are in place. Any application with the Independent Security Verification badge should vault to the top of your list when evaluating options in the Marketplace.
Google requires vendors to pass an annual independent security assessment to be listed in the “Recommended for Workspace category” in the Marketplace. To even be considered, an application vendor must conduct regular vulnerability scans and application penetration tests, among other things.
Once eligible, the vendor must undergo the Cloud Application Security Assessment, which covers a long list of requirements. CASA authorized assessors include GDS Ltd-An Aon Group, Bishop Fox, KPMG, Leviathan Security, NCC Group, NetSentries Technologies, Orange Cyberdefense South Africa (Pty) LTD, Prescient Security LLC, TAC Security, DEKRA and PWC.
Is a Google Workspace Marketplace application popular?
Each Google Workspace Marketplace listing includes the number of application installations, which can serve as a general indicator of a solution’s popularity. Numbers that indicate more than 500,000 installations (i.e., 658K+ shown as popularity in Figure A) indicate reasonably significant levels of use. In general, you might first try an app with the greatest number of installations, such as an app with 1M+ installs rather than 5K+.
How favorably do reviewers rate a Google Workspace Marketplace app?
Google Workspace Marketplace listings include star reviews that signal general customer sentiment toward an app. Star ratings range from zero to five stars, such as the slightly more than four star satisfaction rating shown in Figure A. The Reviews tab displays comments alongside star ratings; take the time to read at least a few of the comments, because they can give you an idea of potential problems or issues with an application.
In addition, star ratings can help you prioritize your testing sequence: Given a similar number of ratings, try applications with a four or five star rating before you evaluate apps that receive three or fewer stars.
How actively does a vendor maintain their Google Workspace Marketplace app listing?
The Listing updated date in the Google Workspace Marketplace signals how attentive the vendor is to maintaining their app in the Marketplace. Any date older than one year prior to today should be a cause for concern because it means the vendor isn’t actively engaging with the application listing in the Marketplace. As long as updates occurred within the past year, such as the date shown in Figure A as Maintained, the precise date of the update isn’t critical.
Mention or message me on Mastodon (@awolber) to let me know how the Google Workspace Marketplace indicators of security, popularity, satisfaction and maintenance help you choose cloud solutions that complement your Workspace apps.