The 4 Founding Stones of Google Workspace Security

The founding stones of Google Workspace Security

See GAT Labs
in action

Table of Contents

If we had to sum up Google Workspace security in four words, those would be: Audit, Alert, Manage and Automate.

Over the past years, we’ve been lucky enough to help thousands of organisations worldwide ramp up their Google Workspace security out to the edge of the Cloud.

With that, our approach has always been, ‘Stay prepared’. 

This approach has paid off in spades during the trickiest of times. Be it a pandemic, targeted waves of cyberattacks, dealing with an internal security threat, and more.

GOOGLE WORKSPACE SECURITY: HOW TO STAY PREPARED?

To stay ahead of surprises you first need to identify the specific security risks associated with using Google Workspace at your organisation. 

This will depend on your organisation’s size, cloud activity, business sector, etc.

Ask yourself, do users deal with sensitive data in Google Workspace? How is this data protected? Do they share Drive files externally? Install risky 3rd party apps? etc.

From there you can identify security vulnerabilities and build a bullet-proof Google Workspace security strategy targeting those risks using the four founding stones below.

 

THE 4 FOUNDING STONES OF GOOGLE WORKSPACE SECURITY

1. AUDIT YOUR GOOGLE WORKSPACE

So admins, it all starts with auditing!

Auditing is key to catching unusual activity early on, and accurately deploying your Google Workspace security defences accordingly.

While every organisation’s security needs may differ, below are some areas we usually recommend auditing:

-AUDIT DRIVE FILE SHARING AND ACTIVITY:

You need to understand what your users are sharing outside your organisation, and what’s being shared into your domain.

This is pivotal to spot and avert data leakage attempts or outsider attacks in their tracks.

One simple way to do that is by regularly reviewing the File sharing exposure report in your Google Workspace admin console.

Another activity to check is Google Drive events involving external users in your audit logs.

You can also use use GAT+ to dig beyond the admin console for granular file sharing and Drive activity insight 👇

Google Drive File Sharing Exposure Audit
Example of GAT+’s Drive File Exposure Audit

-AUDIT USER DOWNLOADS: 

Downloads are another area that can bring in security hazards.

Think of users downloading malicious or unsafe files that can wreak havoc across your domain.

SEE: How to Manage Domain-Wide download with GAT Shield

 

-AUDIT IDENTITY AND ACCESS MANAGEMENT: 

Your domain’s access doors need to be carefully monitored and safeguarded.

Always check failed log-in attempts in your Login attempts report and review the Login audit log as you go. 

You’ll also want to keep an eye on logins from unexpected geolocations as this is one of the tell-tale signs of a compromised Google account.

Finally, don’t forget to audit third-party apps and synced devices. They may involve risky access permissions into your domain or sensitive data.

 

2. ALERT ACROSS GOOGLE WORKSPACE

Alerts compliment your auditing efforts as they enable you to detect security issues on time and act fast.

Below are examples of a few alerts admins find life-saving:

-GOOGLE WORKSPACE USER BEHAVIOUR ALERTS  (Alerts on suspicious user activities like login failures, new ip addresses, changed password, etc.)

-GOOGLE DRIVE DLP ALERTS (Alerts for things like spikes in Drive download activities or Real-time DLP alerts for when specific Drive content is shared externally)

-DOWNLOADS ALERT RULES (Alert rules to curb unsafe downloads across your domain).

-GMAIL ALERTS (Alerts for external email forwarding or email delegation).

These are just a few of the many alerts you can set up based on your Google Workspace security needs.

 

3. MANAGE GOOGLE WORKSPACE

Then comes the need for powerful Google Workspace management capabilities to act on those alerts and insights.

Let’s explore this with a few use cases:

-MANAGE DRIVE FILE SHARING

You can manage Drive sharing by setting different sharing permissions across your organisation.

You also need a way to replace file sharing permissions on Google Drive files to amend any sharing violations.

Perhaps even take granular Drive management actions like creating a policy for any given file or folder to stop sensitive information from being shared out.

 

-MANAGE DRIVE FILE OWNERSHIP:

File ownership is core to Google Workspace security goals like Drive Data Loss Prevention (DLP). 

You need to be able to take powerful Drive management actions there like change ownership of sensitive files or an entire folder tree to better protect its data. 

SEE: The Admin’s Google Drive Management Playbook

 

-APP MANAGEMENT:

Control access to less secure apps for your domain and define which apps can access Google Workspace data.

You can even set policies for apps running in your domain using a third party Google Workspace security tool like GAT+.

 

4. AUTOMATE GOOGLE WORKSPACE SECURITY TASKS

Finally, if you can automate it, you can better audit, manage and secure it.

Below are a few examples of how you can use automation to better manage and secure your Google Workspace domain:

-SCHEDULED GOOGLE WORKSPACE REPORTS:

These reports help you stay on top of your Google workspace auditing game without having to manually review everything.

You can create scheduled reports for things like Drive activity or email activity.

 

-AUTOMATE GOOGLE DRIVE SECURITY ACTIONS:

This is another example of how automation can improve your Google Workspace security management tasks. 

You can set up automated actions to remove file sharing permissions after a certain number of days, or based on when a file was “last accessed”. 

 

– AUTOMATE GOOGLE WORKSPACE USER OFFBOARDING

User offboarding is another important security task given the security implications it entails. 

Think of potential angry leavers and data protection obligations.

Automating your user offboarding operations in Google Workspace helps you consistently cover the most important security areas, while saving time and effort.

Automated offboarding workflows can be triggered by an event (such as when a new user is added to a Group or OU), or be recurrent or scheduled for future date.

Automate User Offboarding in Google Workspace

TO SUM UP:

By Auditing the Google Workspace Security areas that matter the most, you can set up the right Alerts, prompt timely Management actions, and save time by Automating relevant user management tasks.

Want to dig more into Google Workspace Security? Checkout our Admin’s 10 Google Workspace Security Practices.

 

Stay in the loop

Sign up to our newsletter to get notified whenever a freshly baked blog post is out of our content oven.

Related Posts

Try this Life-Changing Google Workspace Admin Hack
Admin

Try this Life-Changing Google Workspace Admin Hack

Here’s the one hack every Google Workspace admin needs to know: Automate all the things – Why waste time and effort on tasks that can …

Read More
Admin, are you Monitoring these Cloud Security Risks?
Cloud Security

Admin, are you monitoring these cloud security risks?

Do you know which are the most significant cloud security risks and how to deal with them? In a cloud-centric world of instant data sharing …

Read More
Quick guide to Data Loss Prevention for Google Chrome (1)
Chrome browsing

Quick guide to Data Loss Prevention for Google Chrome

Why is Data Loss Prevention for Google Chrome important — and how can admins get it right? In a browser-centric world of perpetual data sharing, …

Read More
Common Google Drive Problems for Admins
Sites

[Solved] 3 Common Google Drive Admin Problems

Make these Google Drive admin problems simpler with smart fixes Google Drive has completely changed the file sharing, storage and collaboration game over the past …

Read More