THE COMPLETE GUIDE TO GOOGLE APPS SECURITY. Building a comprehensive Google Apps security plan



Similar documents
Google Identity Services for work

Booth Gmail Configuration

IC L05: Security.cloud Configuring DLP on to your flow & Applying security to your Office 365 or Google Apps deployment Hands-On Lab

Administering Google Apps & Chromebooks for Education

When enterprise mobility strategies are discussed, security is usually one of the first topics

Cloudfinder for Office 365 User Guide. November 2013

PORTLANDDIOCESE.ORG - How to Connect Table of Contents

iphone in Business How-To Setup Guide for Users

Egnyte Cloud File Server. White Paper

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

WHITE PAPER NEXSAN TRANSPORTER PRODUCT SECURITY AN IN-DEPTH REVIEW

SECURE MESSAGING PLATFORM

ONE Mail Direct for Desktop Software

Features of AnyShare

SJRWMD Cloud-Based Quick-Start Guide

Zoho CRM and Google Apps Synchronization

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Good Share Client User Guide for ios Devices

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

Configuration Guide BES12. Version 12.2

Strengthen Microsoft Office 365 with Sophos Cloud and Reflexion

WatchDox Administrator's Guide. Application Version 3.7.5

Quick Set Up Guide for Users: Salesforce Authentication & Importing

Introduction to Google Apps for Business Integration

Frequently Asked Questions

CTERA Portal Datacenter Edition

NYS Office 365 Administration Guide for Agencies

Mobile Admin Security

User Guide. Version R91. English

Management Website User Guide. SecureAnywhere AntiVirus SecureAnywhere Internet Security Plus SecureAnywhere Complete

Configuration Guide. BES12 Cloud

Quick View. Folder Details

Configuration Guide BES12. Version 12.1

A NATURAL FIT. Microsoft Office 365 TM and Zix TM Encryption. By ZixCorp

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Advanced Administration

AirWatch for Android Devices

efolder White Paper: 3 Little-Known Risks Associated with Leading Cloud Services

Cloud Services. Migration. Cloud Migration Portal Admin Guide

Policy Based Encryption Z. Administrator Guide

A COMPLETE GUIDE HOW TO CHOOSE A CLOUD-TO-CLOUD BACKUP PROVIDER FOR THE ENTERPRISE

Egnyte App for Android Quick Start Guide

Sophos Mobile Control SaaS startup guide. Product version: 6

Feature List for Kaspersky Password Manager

PORTLANDDIOCESE.ORG - How to Connect Table of Contents

BOTTOM UP THINKING SETUP INSTRUCTIONS. Unique businesses require unique solutions CLIENT GUIDE

Contents First Time Setup... 2 Setting up the Legal Vault Client (KiteDrive)... 3 Setting up the KiteDrive Outlook Plugin Using the Legal Vault

Mobile Device Management Solution Hexnode MDM

Google Apps & Chromebooks for Education Deployment Best Practices

HOW OMEGA COMPARES. Support

Security Overview Enterprise-Class Secure Mobile File Sharing

Quick Start Guide Sendio Hosted

Building a BYOD Program Using the Casper Suite. Technical Paper Casper Suite v9.4 or Later 17 September 2014

Administration Guide. WatchDox Server. Version 4.8.0

Configuration Guide BES12. Version 12.3

eprism Security Appliance 6.0 Release Notes What's New in 6.0

Policy Based Encryption E. Administrator Guide

BUILT FOR YOU. Contents. Cloudmore Exchange

Policy Based Encryption E. Administrator Guide

USER GUIDE for Salesforce

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

Students Mobile Messaging Registration & Configuration

Configuration Information

CHAPTER 1 Exploring Mobile Devices with IMail 1

Mobility Manager 9.5. Users Guide

Configuring Salesforce

Android App User Guide

ControlPoint. Advanced Installation Guide. Publication Date: January 12, Metalogix International GmbH., All Rights Reserved.

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Google Apps for Education at UTK

BTC STUDENT GUIDE

KUIDAS KAITSTA ANDMEID EMC TARKVARAGA?

Soonr Workplace Enterprise Plan Overview

Feature and Technical

Voice. Internet. Apps. Data Center. Wide Area Networks. Business is better in the cloud

The data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things.

Cloud Computing for Education Workshop

GO!Enterprise MDM Device Application User Guide Installation and Configuration for BlackBerry

How To Set Up Dataprotect

Auditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014

E-Guide SIX ENTERPRISE CLOUD STORAGE AND FILE-SHARING SERVICES TO CONSIDER

How To Use Salesforce Identity Features

Save Time and Money with Web-based Messaging and Collaboration for Teams

Office 365 deployment checklists

Installation and Setup: Setup Wizard Account Information

BlackBerry Internet Service. Version: Administration Guide

Configuration Information

BlackBerry Enterprise Service 10. Version: Configuration Guide

Evaluation criteria for Google Apps backup

Salesforce1 Mobile Security Guide

SAS Agent for Outlook Web Access

You will need your District Google Mail username (e.g. and password to complete the activation process.

AlwaysMail. Sector 5. Cloud

NHSmail mobile configuration guide Apple iphone

Encryption Made Simple

HOW HOSTED EXCHANGE COMPARES WITH GOOGLE APPS

Employee Active Directory Self-Service Quick Setup Guide

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Introduction to the EIS Guide

Transcription:

THE COMPLETE GUIDE TO GOOGLE APPS SECURITY Building a comprehensive Google Apps security plan

Contents Introduction................................ 3 1. Secure the core.............................4 Google Apps settings.......................... 4 Security settings............................ 5 Device Management settings...................... 5 Chrome Management settings...................... 6 Review Reports.............................6 2. Enhance email security.........................6 3. Extend data recovery.......................... 7 4. Lock-down document security...................... 8 5. Save Gmail and Docs for compliance...................9 Summary.................................10 THE COMPLETE GUIDE TO GOOGLE APPS SECURITY Building a comprehensive Google Apps security Plan SHARE THIS EBOOK

Introduction The good news is that once your organization switches to Google Apps for Work, Google provides several essential pieces of security. Yet for some organizations, data protection gaps remain. Unaided, Google Apps for Work and even Google Apps Unlimited, which includes Vault may not completely address business needs previously met by traditional on-premise systems. Google s offerings may be sufficient for some organizations, but others require multiple data recovery options, stronger security, or more robust compliance measures. With thoughtful configuration and the right additional services or apps, you can easily strengthen your organization s approach to securing data in the cloud. This guide outlines the kinds of services and technologies offered in the market today that will provide additional protection for your company s data stored in Google. 3 THE COMPLETE GUIDE TO GOOGLE APPS SECURITY Building a comprehensive Google Apps security Plan SHARE THIS EBOOK

1. Secure the core Who s Involved: A Google Apps Admin + Organization Leadership A Google Apps administrator should configure the core Google Apps suite with security settings approved by organizational leadership. The settings must represent an appropriate balance between enabling collaboration and securing data. What Needs to Happen: Ideally, when you migrate to Google Apps for Work, you ll review all available Admin settings in the Admin console (at http://admin.google.com). That will expose you to the entire feature set of Google Apps administrative controls. To secure Google Apps, configure settings, then review reports: Google Apps settings Security settings Device Management settings Chrome Management settings Review reports to maintain security The first three of these are prominent Google Apps Admin console items. If any of those three items aren t visible, select the More controls option at the bottom of the Admin console. While many other settings are important, proper configuration and periodic review of the following items will help you secure the core features of Google Apps. Google Apps settings As an administrator, you can adjust the security of the core Google Apps suite. To do this, you ll need to: Select sharing levels, Determine data storage settings, and Configure features. Select sharing levels Review sharing settings for each of the core Google Apps carefully. Shared calendars simplify scheduling, and shared documents enable collaborative writing and editing. Yet these sharing features also may allow unauthorized sharing. For example, a calendar shared with a colleague may unintentionally reveal sensitive information. A document created in a shared folder will inherit the folder s sharing settings. Review maximum sharing settings carefully for Drive, Calendar, Sites, and Groups, as each of these apps allows sharing options that may expose data to people outside the organization. 4 THE COMPLETE GUIDE TO GOOGLE APPS SECURITY Building a comprehensive Google Apps security Plan SHARE THIS EBOOK

Determine data storage settings Examine offline data storage and sync settings carefully. Arguably, restricting access to Google Apps while connected improves security: a person must log in to their Google Account to access data. However, offline data storage enables offline work, which may be not only convenient, but also necessary. In some organizations, security must take priority over convenience. For maximum security limit offline access and sync of Gmail and Google Drive documents. Make sure your users know whether they may or may not work with this data offline. Configure features For maximum security, disable unused Google Apps. For example, if your organization doesn t use Google Sites or Google Groups, disable the app. In larger organizations, you might selectively disable a feature for a group of users, with Google s organizational units feature. (Learn more about this from Backupify s Google Apps Organizational Units and Permissions Guide.) Organizations subject to HIPAA (health insurance portability and accountability act) may need to disable Apps outside of the core Gmail, Calendar, Drive and/or Vault apps. Allow time to properly configure Gmail, where the options vary from simple to complex. On the simple side, prevent auto-forwarding of email by unchecking the box next to Allow users to forward incoming mail to another address. Reduce the chance of spoofing or spam from your domain, by configuring SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting, and Confirmance) records. This configuration requires several steps to properly configure. (Learn how to configure these items from Google s Prevent Outgoing Spam with DMARC help pages.) Security settings With Google Apps, a password must meet a minimum length requirement. Google allows the minimum to be as low as 8, and the maximum to be as high as 100 characters. We recommend the minimum be increased to at least 12, with higher values for organizations requiring more security. A longer password helps increase security. Leave the maximum value at 100. Google Apps also adds two-step authentication as an option: enter your email address and password, then obtain a six digit number from your phone (either via a text message or an app) and enter it. (If your phone isn t available, a user or an administrator may obtain a backup code.) Allow the use of two-step authentication as an option. In highly sensitive environments, two-step authentication may be required. Device Management settings If your organization uses Android or IOS devices, review the Device Management settings to configure security policies for these devices. Android and ios configuration differs. Enterprise managed Android devices should have the Google Apps Device Policy app installed, while ios devices should connect with Google Sync. Once connected, an administrator may remotely lock, locate, or erase a managed mobile device following the organization s policy to do so, of course. 5 THE COMPLETE GUIDE TO GOOGLE APPS SECURITY Building a comprehensive Google Apps security Plan SHARE THIS EBOOK

Chrome Management settings When users login to a Chrome browser with a Google Apps account, an administrator may configure Chrome policies. These policies manage which apps and extensions may be installed, and control some Chrome settings. (These settings can be somewhat difficult to locate. From the main Admin console, you may need to choose More Controls at the bottom of the screen to bring More Google Apps into view. Select More Google Apps, then scroll through the list and choose Chrome Management.) If your organization has purchased Chrome device management, configure those policies from here, as well. Review Reports Maintain security by periodically reviewing Reports, Marketplace apps, and Admin user settings. Access Reports in the Admin console to view account activity, shared files, and connected apps. Pay special attention to failed login data (available under account activity) to identify attempted unauthorized account access. Review Marketplace apps to ensure that no unauthorized apps have been added and to update or renew app authorizations Finally, look through the User list to verify that only appropriate people have necessary Admin permissions. For the latest news about Google Apps and Security, follow the Google Online Security blog and the Google Apps Release Calendar. 2. Enhance email security Who s Involved: Consult your legal department and organizational leadership to determine if your organization should take additional steps to secure Gmail. What Needs to Happen: Google Apps Email Security By default, Google relies on several tools to secure email. Google secures the connection to Gmail from your browser (i.e., https:// ), and also enables forward secrecy. Google encrypts messages as they move between Google servers. Gmail exchanged among Google Apps and Gmail users remains protected, as are messages exchanged with email providers that support TLS (transport layer security). These measures provide many organizations a previously unachievable level of email security. Enhanced Email Security Google, in partnership with Zix, offers the Google Apps Message Encryption service. The service routes email securely via Zix. The sender triggers this routing with a keyword in the email subject line, such as Encrypt. Recipients access messages in one of three ways: transparently, if their organization uses a ZixGateway; by logging into ZixPort, a web-based portal; or, by unlocking the email with a password, with ZixDirect. 6 THE COMPLETE GUIDE TO GOOGLE APPS SECURITY Building a comprehensive Google Apps security Plan SHARE THIS EBOOK

However, a major security concern remains: Google and/or Zix hold the encryption keys. For optimal security, only the user or an enterprise would have access to encryption keys. In 2014, Google announced initial development work on End-to-End, a Chrome extension. The browser extension promises to secure email messages with OpenPGP, a widely used open encryption standard. Of course, both parties need the extension to be installed and configured to encrypt and decrypt email messages. Solution to Consider for Encryption: For an enterprise, CipherCloud s gateway encrypts data to cloud services, such as Gmail or Salesforce. The gateway encrypts and decrypts traffic between the user and the cloud service, while the encryption keys remain in the organization s control. The system stores sensitive data within the enterprise, and sends a token representing that data to the cloud service. This happens transparently for the user, who views the app and decrypted data in their browser as usual. 3. Extend data recovery Who s Involved: Discuss data recovery and restoration policies with your organization s operations, human resources, and business continuity teams. What Needs to Happen: Google Apps Recovery Options A Google Apps user may recover some deleted items without help. For example, a user can recover deleted Google Drive files or Gmail from Trash for up to 30 days. Similarly, Contacts may be reset to as they existed at any point in the prior 30 days. After 30 days, Google deletes items in Trash automatically. Google allows an administrator to restore a person s Google Drive files for up to 25 days after the file has been deleted from Trash. But not all items may be recovered. Google does not retain Calendar items in Trash, they re deleted immediately. Outside of the 30 day window, deleted email and contacts are not recoverable. Google Vault doesn t restore user data. Instead, Vault traps data for administrative search and export. Vault excludes Calendar items and Contacts. Vault can t recover a user-deleted Drive document that matches hold criteria (as of August 2014). Vault won t capture Gmail that doesn t match an administrator-defined retention policy. 7 THE COMPLETE GUIDE TO GOOGLE APPS SECURITY Building a comprehensive Google Apps security Plan SHARE THIS EBOOK

Solution to Consider for a Secure, Second Copy of your Data Backupify saves and restores all of your Google Apps data: Gmail, Calendars, Contacts, Drive documents. It even saves Google Sites. Backupify securely and automatically backs up your Google Apps data up to 3 times a day. An administrator can export and preserve a complete data set for any or all users so that companies have a secure, second copy of their data. 4. Lock-down document security Who s Involved: Consult your legal department and organizational leadership to determine if your organization should take additional steps to secure documents. What Needs to Happen: To secure documents, you need to control and know who can find and open files. On-site legacy file servers handled this task well: permission settings controlled access to files and folders. File activity logs documented access. People typically shared files outside the organization as email attachments. Google Apps Document Security Google Apps gives administrators and users control of file and folder permissions, as well. A person may share a file either by sending it as an email attachment, or by sharing access to the document. Access options allow a document owner to publish a document to the web, or require authentication to view. Your Google Apps administrator controls whether files may be stored offline or synced to local systems. Google encrypts all Drive files. The company enforces a secure connection from your browser to Google Drive. Files are encrypted when stored on Google s servers, and when conveyed between Google s data centers. Drive document audit options range from simple to complex. Google Apps reports the total number of files shared by each user, but no details. Google Apps Unlimited creates a log entry every time people create, modify, or share documents. 8 THE COMPLETE GUIDE TO GOOGLE APPS SECURITY Building a comprehensive Google Apps security Plan SHARE THIS EBOOK

Solution to Consider for Enhanced Document Security: Third-party solutions enhance cloud document security and audit options. For example, CloudLock helps identify when people share PII (personally identifiable information), PCI (payment card information) or other sensitive information in documents. People may be prompted to remove, restrict sharing, or to password protect (and encrypt) each identified file. 5. Save Gmail and Docs for compliance Who s Involved: Consult your legal department to determine if your organization should take additional steps to retain email and documents for compliance purposes. What Needs to Happen: Google Vault helps legal teams discover and retain sensitive information in Gmail and Google Drive for compliance purposes. Google Vault allows an authorized person to matter and uncover email/documents requested. Specify your matter terms, then Vault will uncover email with attachments that match. Similarly, Vault also allows a keyword search of Google Drive documents. Matching items may be held indefinitely or retained temporarily, according to administrator-defined rules. Identified items may be searched and exported. Vault preserves retained email for 30 days beyond the specified retention period, after which Vault deletes the item. Solution to Consider: Upgrading to Google Vault 9 THE COMPLETE GUIDE TO GOOGLE APPS SECURITY Building a comprehensive Google Apps security Plan SHARE THIS EBOOK

Summary As we said at the start, Google Apps for Work offers the kind of security that might be sufficient for some organizations but we strongly believe that smart configuration of the core Google Apps will provide organizations with secure, world-class collaboration tools. Organizations should defend the core, and extend data protection by adding: CipherCloud to secure email, Backupify to preserve and restore data, CloudLock to protect sensitive documents, and Vault to discover and hold data for compliance purposes. Google Apps, combined with these additional apps, will keep people in your organization working safely and securely in the cloud. 10 THE COMPLETE GUIDE TO GOOGLE APPS SECURITY Building a comprehensive Google Apps security Plan SHARE THIS EBOOK

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information