If we had to sum up Google Workspace security in four words, those would be: Audit, Alert, Manage and Automate.
Over the past years, we’ve been lucky enough to help thousands of organisations worldwide ramp up their Google Workspace security out to the edge of the Cloud.
With that, our approach has always been, ‘Stay prepared’.
GOOGLE WORKSPACE SECURITY: HOW TO STAY PREPARED?
To stay ahead of surprises you first need to identify the specific security risks associated with using Google Workspace at your organisation.
This will depend on your organisation’s size, cloud activity, business sector, etc.
Ask yourself, do users deal with sensitive data in Google Workspace? How is this data protected? Do they share Drive files externally? Install risky 3rd party apps? etc.
From there you can identify security vulnerabilities and build a bullet-proof Google Workspace security strategy targeting those risks using the four founding stones below.
THE 4 FOUNDING STONES OF GOOGLE WORKSPACE SECURITY
1. AUDIT YOUR GOOGLE WORKSPACE
So admins, it all starts with auditing!
Auditing is key to catching unusual activity early on, and accurately deploying your Google Workspace security defences accordingly.
While every organisation’s security needs may differ, below are some areas we usually recommend auditing:
-AUDIT DRIVE FILE SHARING AND ACTIVITY:
You need to understand what your users are sharing outside your organisation, and what’s being shared into your domain.
This is pivotal to spot and avert data leakage attempts or outsider attacks in their tracks.
One simple way to do that is by regularly reviewing the File sharing exposure report in your Google Workspace admin console.
Another activity to check is Google Drive events involving external users in your audit logs.
You can also use use GAT+ to dig beyond the admin console for granular file sharing and Drive activity insight 👇
-AUDIT USER DOWNLOADS:
Downloads are another area that can bring in security hazards.
Think of users downloading malicious or unsafe files that can wreak havoc across your domain.
-AUDIT IDENTITY AND ACCESS MANAGEMENT:
Your domain’s access doors need to be carefully monitored and safeguarded.
You’ll also want to keep an eye on logins from unexpected geolocations as this is one of the tell-tale signs of a compromised Google account.
2. ALERT ACROSS GOOGLE WORKSPACE
Alerts compliment your auditing efforts as they enable you to detect security issues on time and act fast.
Below are examples of a few alerts admins find life-saving:
-GOOGLE WORKSPACE USER BEHAVIOUR ALERTS (Alerts on suspicious user activities like login failures, new ip addresses, changed password, etc.)
-DOWNLOADS ALERT RULES (Alert rules to curb unsafe downloads across your domain).
-GMAIL ALERTS (Alerts for external email forwarding or email delegation).
These are just a few of the many alerts you can set up based on your Google Workspace security needs.
3. MANAGE GOOGLE WORKSPACE
Then comes the need for powerful Google Workspace management capabilities to act on those alerts and insights.
Let’s explore this with a few use cases:
-MANAGE DRIVE FILE SHARING
You can manage Drive sharing by setting different sharing permissions across your organisation.
You also need a way to replace file sharing permissions on Google Drive files to amend any sharing violations.
Perhaps even take granular Drive management actions like creating a policy for any given file or folder to stop sensitive information from being shared out.
-MANAGE DRIVE FILE OWNERSHIP:
File ownership is core to Google Workspace security goals like Drive Data Loss Prevention (DLP).
You can even set policies for apps running in your domain using a third party Google Workspace security tool like GAT+.
4. AUTOMATE GOOGLE WORKSPACE SECURITY TASKS
Finally, if you can automate it, you can better audit, manage and secure it.
Below are a few examples of how you can use automation to better manage and secure your Google Workspace domain:
-SCHEDULED GOOGLE WORKSPACE REPORTS:
These reports help you stay on top of your Google workspace auditing game without having to manually review everything.
-AUTOMATE GOOGLE DRIVE SECURITY ACTIONS:
This is another example of how automation can improve your Google Workspace security management tasks.
You can set up automated actions to remove file sharing permissions after a certain number of days, or based on when a file was “last accessed”.
– AUTOMATE GOOGLE WORKSPACE USER OFFBOARDING
User offboarding is another important security task given the security implications it entails.
Think of potential angry leavers and data protection obligations.
Automating your user offboarding operations in Google Workspace helps you consistently cover the most important security areas, while saving time and effort.
Automated offboarding workflows can be triggered by an event (such as when a new user is added to a Group or OU), or be recurrent or scheduled for future date.
TO SUM UP:
By Auditing the Google Workspace Security areas that matter the most, you can set up the right Alerts, prompt timely Management actions, and save time by Automating relevant user management tasks.
Want to dig more into Google Workspace Security? Checkout our Admin’s 10 Google Workspace Security Practices.
Stay in the loop
Sign up to our newsletter to get notified whenever a freshly baked blog post is out of our content oven.