The 4 Founding Stones of Google Workspace Security

If we had to sum up Google Workspace security in four words, those would be Audit, Alert, Manage, and Automate.

Over the past years, we’ve been lucky enough to help thousands of organizations worldwide ramp up their Google Workspace security out to the edge of the Cloud.

With that, our approach has always been, ‘Stay prepared’. 

This approach has paid off in spades during the trickiest of times. Be it a pandemic, targeted waves of cyberattacks, dealing with an internal security threat, and more.

GOOGLE WORKSPACE SECURITY: HOW TO STAY PREPARED?

To stay ahead of surprises you first need to identify the specific security risks associated with using Google Workspace at your organization. 

This will depend on your organization’s size, cloud activity, business sector, etc.

Ask yourself, do users deal with sensitive data in Google Workspace? How is this data protected? Do they share Drive files externally? Install risky 3rd party apps? etc.

From there you can identify security vulnerabilities and build a bullet-proof Google Workspace security strategy targeting those risks using the four founding stones below.

 

THE 4 FOUNDING STONES OF GOOGLE WORKSPACE SECURITY

1. AUDIT YOUR GOOGLE WORKSPACE

So, admins, it all starts with auditing!

Auditing is key to catching unusual activity early on, and accurately deploying your Google Workspace security defenses accordingly.

While every organization’s security needs may differ, below are some areas we usually recommend auditing:

-AUDIT DRIVE FILE SHARING AND ACTIVITY:

You need to understand what your users are sharing outside your organization, and what’s being shared into your domain.

This is pivotal to spot and avert data leakage attempts or outsider attacks in their tracks.

One simple way to do that is by regularly reviewing the File sharing exposure report in your Google Workspace admin console.

Another activity to check is Google Drive events involving external users in your audit logs.

You can also use GAT+ to dig beyond the admin console for granular file sharing and Drive activity insight 👇

-AUDIT USER DOWNLOADS: 

Downloads are another area that can bring in security hazards.

Think of users downloading malicious or unsafe files that can wreak havoc across your domain.

SEE: How to Manage Domain-Wide Download with GAT Shield. 

 

-AUDIT IDENTITY AND ACCESS MANAGEMENT: 

Your domain’s access doors need to be carefully monitored and safeguarded.

Always check failed log-in attempts in your Login attempts report and review the Login audit log as you go. 

You’ll also want to keep an eye on logins from unexpected geolocations as this is one of the tell-tale signs of a compromised Google account.

Finally, don’t forget to audit third-party apps and synced devices. They may involve risky access permissions into your domain or sensitive data.

 

2. ALERT ACROSS GOOGLE WORKSPACE

Alerts complement your auditing efforts as they enable you to detect security issues on time and act fast.

Below are examples of a few alerts admins find life-saving:

-GOOGLE WORKSPACE USER BEHAVIOUR ALERTS  (Alerts on suspicious user activities like login failures, new IP addresses, changed passwords, etc.)

-GOOGLE DRIVE DLP ALERTS (Alerts for things like spikes in Drive download activities or Real-time DLP alerts for when specific Drive content is shared externally)

-DOWNLOADS ALERT RULES (Alert rules to curb unsafe downloads across your domain).

-GMAIL ALERTS (Alerts for external email forwarding or email delegation).

These are just a few of the many alerts you can set up based on your Google Workspace security needs.

 

3. MANAGE GOOGLE WORKSPACE

Then comes the need for powerful Google Workspace management capabilities to act on those alerts and insights.

Let’s explore this with a few use cases:

-MANAGE DRIVE FILE SHARING

You can manage Drive sharing by setting different sharing permissions across your organization.

You also need a way to replace file-sharing permissions on Google Drive files to amend any sharing violations.

Perhaps even take granular Drive management actions like creating a policy for any given file or folder to stop sensitive information from being shared out.

 

-MANAGE DRIVE FILE OWNERSHIP:

File ownership is core to Google Workspace security goals like Drive Data Loss Prevention (DLP). 

You need to be able to take powerful Drive management actions there like changing ownership of sensitive files or an entire folder tree to better protect its data. 

SEE: The Admin’s Google Drive Management Playbook

 

-APP MANAGEMENT:

Control access to less secure apps for your domain and define which apps can access Google Workspace data.

You can even set policies for apps running in your domain using a third-party Google Workspace security tool like GAT+.

 

4. AUTOMATE GOOGLE WORKSPACE SECURITY TASKS

Finally, if you can automate it, you can better audit, manage and secure it.

Below are a few examples of how you can use automation to better manage and secure your Google Workspace domain:

-SCHEDULED GOOGLE WORKSPACE REPORTS:

These reports help you stay on top of your Google Workspace auditing game without having to manually review everything.

You can create scheduled reports for things like Drive activity or email activity.

 

-AUTOMATE GOOGLE DRIVE SECURITY ACTIONS:

This is another example of how automation can improve your Google Workspace security management tasks. 

You can set up automated actions to remove file-sharing permissions after a certain number of days, or based on when a file was “last accessed”. 

 

– AUTOMATE GOOGLE WORKSPACE USER OFFBOARDING

User offboarding is another important security task given the security implications it entails. 

Think of potential angry leavers and data protection obligations.

Automating your user offboarding operations in Google Workspace helps you consistently cover the most important security areas while saving time and effort.

Automated offboarding workflows can be triggered by an event (such as when a new user is added to a Group or OU), or be recurrent or scheduled for a future date.

TO SUM UP:

By Auditing the Google Workspace Security areas that matter the most, you can set up the right Alerts, prompt timely Management actions, and save time by Automating relevant user management tasks.

Want to dig more into Google Workspace Security? Check out our Admin’s 10 Google Workspace Security Practices.