Google Workspace, formerly known as G Suite, is a productivity suite that includes a wide range of collaboration tools such as Gmail, Calendar, Meet, Chat, Drive, Docs, Sheets, Slides, Forms, Sites, and more. According to Statista, as of October 2020, Google Workspace holds approximately 60% of the market, with Microsoft’s Office 365 holding approximately 40% of the market.
What Security Features Does Google Workspace Provides?
When it comes to regulatory compliance, Google is well ahead of the game. Thus far, they have earned ISO/IEC 27017 and ISO/IEC 27002 for their cloud services. They have also earned ISO/IEC 27018, which focuses on the protection of personal data in the cloud. Google is also compliant with regulations such as HIPAA, GDPR, PCI DSS, FISC, and FedRamp. In addition to these achievements, Google Workspace provides their customers with the following security features:
Auditing and reporting
In order to keep track of suspicious activity, Google provides detailed and accessible audit logs for all products in Google Workspace. The logs are usually kept for 6 months, although the retention period can vary between products. Customers also have the ability to find out if any of the Google staff are accessing their data. Google also provides a Data Protection Insight Report which provides a summary of who is accessing what sensitive content and when. The report will also provide recommendations to help you improve your security posture, which includes suggesting rules to improve your Data Loss Prevention (DLP) strategy.
Region-specific storage options
Under the GDPR, controllers and processors are prohibited from transferring personal data outside of the EU, unless adequate levels of data protection can be ensured. Many other data privacy regulations, such as the CCPA and the Texas Privacy Act have similar rules in place. To make it easier for businesses to comply with these rules, Google allows its users to select the region in which their data is stored. However, it should be noted that this feature is only available in specific editions of Google Workspace. Customers can apply their selection to their entire organization, or to specific groups. Currently, it is only possible to choose between ‘The United States’ or ‘Europe’.
Google Workspace provides various authentication methods, which you can configure in the Admin Console. You have the option to enable multi-factor authentication (MFA), as well as the option to enforce the use of hardware keys. Using OAuth 2.0, you can also specify which third-party applications are allowed to connect with your Google Workspace environment.
Data Loss Prevention
Google Workspace uses a variety of Data Loss Prevention (DLP) techniques to help prevent data leakage. The first is “Domain-based Message Authentication, Reporting, and Conformance (DMARC)”, which is an email authentication, policy, and reporting protocol designed to prevent spoofing and phishing. Google Workspace also uses machine learning techniques to identify sensitive data in outbound network traffic. In specific editions of Google Workspace, you have the option to encrypt sensitive documents, both at rest and in transit, although a more secure method would be to use a third-party encryption service to ensure that Google employees don’t have access to your data or keys.
Google Workspace Security Challenges
As you can see, Google Workspace provides a number of tools to help you keep your data secure. However, we must always bear in mind that most security incidents are, in some way or another, caused by our own employees – a problem which cannot currently be solved using technology alone.
Google Workspace provides many collaboration tools, which are both a blessing and a curse. Such tools can make it a lot easier for teams to communicate and stay up to date with what’s happening within their organization.
On the flip side, the flexible data sharing options and complex permission structures can make it a nightmare for security teams to keep track of where sensitive data resides within their environment.
It is imperative that you not only have as much visibility as possible into how your data is accessed and used, but you must also continuously monitor the data and receive real-time alerts every time a document containing sensitive data is accessed, moved, modified or removed.
How Can Lepide Help to Keep Your Google Workspace Secure?
As mentioned previously, the open sharing nature of Google Workspace makes it very hard for security teams to keep track of where their unstructured sensitive data resides. The Lepide Data Security Platform will scan your Google Drive (and other repositories) and classify sensitive data as it is found. It can even classify sensitive documents at the point of creation and modification.
Keeping track Google Workspace logins
A core part of data security is knowing who has access to which user accounts, and when. The Lepide Data Security Platform will give you visibility into all login attempts, which the administrator can scrutinize via an intuitive dashboard. It can also detect and respond to anomalous failed login attempts using a technique known as “threshold alerting”.
Monitoring changes to sensitive data
Naturally, in order to protect your critical assets, you will need to know exactly who is accessing your data, what they are doing with it, why and when. The Lepide Data Security Platform will display a detailed list of all relevant changes to the files and folders stored in your Google Drive via the dashboard. It also uses machine learning techniques to identify anomalous user behavior and alert the administrator of such activities in real-time.
Monitoring administrative changes in Google Workspace
In addition to monitoring access to sensitive documents, it is also crucially important that you monitor all administrative activities, including access controls, system configuration changes, updates, installations, and more. You will also need to keep a close eye on any out-of-hours administrative activities.
In addition to the above, the Lepide Data Security Platform comes with a mobile app that can be used to receive important updates about potentially suspicious behavior. It also provides pre-defined security and compliance reports, password expiration reminders, SIEM integration, and more.