In this week’s post, I will explore the methods in which one can increase the security and data protection within Google’s G Suite. G Suite for Work is a collection of Google web apps that facilitate business operations, including Google Docs, Slides, Sheets, Forms, Sites, Hangouts, and Calendar. Also, G Suite offers a sophisticated email system, online storage, and video meetings. The many facets of G Suite are available on mobile devices as well, providing the seamless interaction of your organization when sharing data, collaborating on projects, and managing employee communication.
To enhance the protective measures of G Suite, I will discuss methods separated into categories, including Admin, Accounts, Apps, Calendar, Chrome OS/Browser, and Hangouts.
For each category, I will simply list a few recommended settings/practices.
2-Step Verification: Due to the vast amount of permissions super admins possess, it is vital to enable 2-step verification to ensure those who are not authorized to have access, are unable to get into the system.
Security Keys: With the 2-step verification process, utilizing security keys provide the greatest phishing-resistant method of verification.
Restrain Usage: Super Admin accounts should only be used to conduct admin duties, not typical daily activities. Furthermore, ensure that a super admin account is immediately signed out after completing admin tasks. While you want to limit the number of Super Admin accounts, having more than one guarantees that if one loses access, the other can complete typical duties while regaining access to the lost account.
Alerts: One should monitor all admin activity and set up alerts that provide updates to any G Suite changes, such as adding/removing users. Also, utilizing the Admin audit log is an excellent method to ensure accountability.
2-Step Verification: It is vital to enable 2-step verification to ensure those who are not authorized to have access, are unable to get into the system; this should be enabled for all users. As mentioned before, for Admin accounts, using security keys is recommended for this activity.
Passwords: Passwords need to be unique and complicated, governed by strict rules. By using Password Alert, you can ensure that users don’t use their business credentials on other sites. Adding login challenges in the event of suspicious activity/logins should be created so that the user must use an additional verification code to log in.
Data: One should keep a close watch on user alerts and activity reports to ensure the smooth operation of the organization as well as provide enhanced asset protection/recovery.
Access: One should continuously review third-party access to core services and create a whitelist of trusted apps; this is performed by researching and approving apps which the company wishes to use.
Access: A general rule of thumb is to restrict Calendar sharing externally, thus limiting the risk of leaks of data.
Updates: Many Chrome bugs are automatically fixed with updates; when possible, enabling auto-updates is recommended.
Policies: Basic policies will need to be set up in the Admin console, including auto-update, safe browsing, malicious site prevention, and password management. Using Windows Group Policy editor, create sophisticated policies for Chrome OS/Chrome, such as SitePerProcess, AllowedDomainsForApps, AbusiveExperienceInterventionEnforce, AdsSettingForIntrusiveAdsSites, and DownloadRestrictions.
Warnings: Creating a policy that enables chat invitations allows for users to control who they open a chat with, limiting the risk of unwanted and dangerous communication/data. Furthermore, you can turn on a warning that will display if a user chats with someone outside of their domain.
While this isn’t a comprehensive summary of everything in G Suite, as well as the protective measures to take to secure it, I find these categories and methods of hardening to be of great importance.
Security checklist for medium and large businesses (100 users) – G Suite Admin Help. (2019). Retrieved December 13, 2019, from https://support.google.com/a/answer/7587183?hl=en.
Leave a Reply