Google Cloud Apps Admins

2 New Security Features Introduced for Google Apps Admins

Written by Joey Allen (Google Admin) | May 31, 2016

With the May update to the Google Apps suite, employees and admins alike are enjoying a wide variety of new features and fixes coming to Google Apps. Here at Coolhead Tech, we're covering all sides of this update, including the rollout of two new security features for Google Apps Admins to enjoy.

Better Managed Device Monitoring in the Admin Console

With a compatible Google Apps Unlimited license, admins can now collect Mobile Audits from iOS and Android devices that are managed by Google Apps.

Activities recorded by these Mobile Audits include:

  • Changes to applications. Changes to apps on the device, including installations, uninstallations and updates. This is compatible with both Android and iOS.
  • Compromised (rooted) devices. If a device is rooted, this status is shown. Root in itself isn't necessarily a compromise but it opens the route to installing applications with Root access, unlocking the phone's bootloader and flashing the device. If you don't want your users rooting their Android devices, enable this feature.
  • OS/Build/Kernel Updates. Simply monitors updates to the OS, build number, kernel version and baseband version. On iOS, this only monitors OS and Build.
  • Failed password and login attempts. Counts if someone makes five or more failed attempts to unlock a device. You can tweak this number manually. Exclusive to Android.
  • Changes to device settings. This monitors three settings in particular: Developer options, Unknown sources, and USB debugging. Developer options allows users to tweak certain performance and UI features, Unknown sources allows user to install non-Play Store applications, and USB debugging offers access to ADB, rooting, and other advanced features. These are settings you want to keep track of, and are Android exclusive.
  • Suspicious activity. On Android devices, this monitors changes to the device model, serial number, Wi-Fi MAC address or device policy app privelege. iOS only records changes to the MAC address for now.

 

The goal of these Audits is to keep Apps Admins better-informed about what's going on with a device. Google poses the example of someone making failed attempts to log into a device or changing its serial number. The Apps Admin will be able to block the device, rendering it entirely unusuable, instead of just wiping it, which would allow the thief to start using the device, albeit without any of the old data. With these Mobile Audits, Admins can better secure their devices.

 

Data Loss Prevention in Gmail Improved With Better PII

Google's Data Loss Prevention program is a key focus in their Apps package, as businesses and enterprises typically can't afford to lose vital personal information. For Google Apps users with compatible Unlimited licenses, DLP for Gmail has been updated with new Personally Identifiable Information detectors. These include passport numbers for most countries, as well as CURP codes for Mexico. Other things that can be saved with PII include social security numbers, driver's license numbers, CUSIP codes, Taxpayer Identification Numbers and more, depending on your country.

With better PII detectors, Google hopes to protect your valuable data from being lost in case of accidental deletion or system failure.

Learning More

If you and your business operates in or around the Austin, Texas area, you can contact us here at Coolhead Tech for a free consultation. We can help you with Apps and RingCentral installations, large network deployments and more.

In this article, we only covered two new security features for the Admin Console. To learn more about the May update to the Google Apps suite, head over to our blog for more of our posts explaining the new features and fixes for admins and users alike. You can learn more about Google Apps in general and other cloud-powered work solutions like RingCentral there, too.