Google Cloud Apps Admins

This Google for Work Security and Compliance Whitepaper is Actually Helpful.

Written by Joey Allen (GCP Apps Admin) | September 20, 2016

Many current companies take advantage of the probability and ease of access cloud based computing software offers them. Google’s Apps For Work allow your employees to access mission critical software such as a complete office suite, email, voip/chatting, website creation, and cloud data storage.

 

Cloud computing eliminates many of the disadvantages of traditional localized software. For example software upgrades, data silos, multiple versions of the same software, and lack of real time access to information are all flaws in traditional non cloud software that can be harmful to a business. Not only is such software harmful to front end business but it also stresses internal IT departments due to the time and effort required to keep localized systems current and functional. Cloud computing eliminates this by removing the need for localized configuration and installation.

 

Naturally, despite these advantages questions of security and data safety are not only expected but also prudent. The last several years have seen multiple reports of data breaches from several well known companies in a multitude of industries. Exposure of your company’s data causes not only financial damage but also danger to your clients and damage to your reputation that can take years to recover from. Google is well aware of the realities of cyber crime and are devoted to the security of their products.

The following documentation will show a general overview of the various ways Google Apps For Work keep information secure and employees safe. This includes Google’s overall design philosophy, security features, data storage, certificates, compliance features, and the tools you have as an administrator to customize and control your company’s work environment.

 

Google Apps: Security and Compliance Summary

 

Design Philosophy

 

Google’s company philosophy is one that respects the value of security. This is reflected not just in their products but also their company culture. This starts before an employee is even hired. By use of through background checks Google verifies the background, education, work experience, and references of all potential hires. Once hired all new employees undergo security training and received regular updates concerning security throughout their employment. This philosophy further extends to software design as over 500 security experts work across multiple divisions and strict QA is performed to test security. The independent Privacy Team reviews all products to assure protection of customer data. Lastly, regular audits are performed by the dedicated Audit Team in response to law and international security standards.

 

Security Features in Every Google App

 

Google Apps For Work include security features to combat the most dangerous and common types of security threats. These include protection against data vulnerabilities, protection from malware from its many sources (websites and email attachments) by use of warnings and real time scanning of URLs, monitoring of network activity, and an incident management system that logs all incidents and assigned them a proper priority. Also Google’s security team is available to assist in any and all security concerns 24/7 and offer advice and research as needed.

 

Data Storage Security 

 

One of Google’s key security features are their data centers. Google’s data centers are powered at all hours and cover all aspects of security including at the hardware, software, and end user access level. Access to their database locations requires passing biometrics, security cameras, access card locked doors, metal detectors, security guards and location fencing. Such security measures mean that only authorized personnel can access their data centers. Hardware is specialized for data storage and lacks graphics cards, the ability to attach peripherals (i.e. thumbdrives), and any hardware unneeded to do key tasks is omitted. This increases overall security and keeps data safe. The OS platform is a customized Linux installation that is carefully monitored and any changes to the binary code result in restoration to the Google approved OS coding and configuration. All of this information is also transported over Google's own highly secured IP network.

 

Cyber-Security Certifications for Apps

 

Another key aspect of Google’s security is assuring compliance with several third-party security certifications. Regular audits are performed to assure that Google’s Apps For Work meet the rigorous standards of ISO 27001, SOC 2 and SOC 3 certification. Audits also verify that Apps meet the U.S. Federal Information Security Modernization Act of 2014 (FISMA) and The Federal Risk and Authorization Management Program (FedRAMP) standards as well. It is also worthy of note that Google’s compliance with federal standards is longstanding and they meet the standards the federal government requires for companies providing cloud based services.

 

Compliance Features of Google Apps for Work

 

Google’s Apps For Work are used across several different industries. Due to this widespread use compliance varies greatly depending on the industry a client company provides products and services for. Aside from meeting the above noted third party security standards Goggle also provides detailed documentation on how data is protected, feedback to any client questions or concerns, and client companies also have access to free exporting of their customer data collected by Google Applications at as needed. Google also meets the international compliance standards including the U.S.-Swiss Safe Harbor Frameworks and EU model contract clauses. Other accountability clauses of interest (depending on industry) include HIPAA (U.S. Health Insurance Portability and Accountability Act), The U.S. Family Educational Rights and Privacy Act (FERPA), and The Children’s Online Privacy Protection Act of 1998 (COPPA). By meeting such a wider assortment of domestic and international compliance Google Apps are suitable for a wide assortment of industries around the world.

 

Powerful Apps Admin Tools for Google Apps

 

Google Apps For Work are also designed to allow end user managers a great deal of control to meet daily business needs. Naturally which security tools are needed depend on your unique business situation however, by having access to a robust toolset you are well equipment to meet business needs and make changes as they are required. Security tools include (but are not limited to) the following: 2-step verification, single sign-on (SAML 2.0), use of security keys, use of OAuth 2.0 and OpenID Connect to integrate non Google Apps, Information Rights Management (IRM) to protect data access/copying, and domain whitelisting.

 

Available email tools include enforced TLS, phishing protection, content management, delivery controls, and searchable email databases containing all company email records. Other security tools designed to limit endpoint vulnerabilities include the ability to manage mobile devices, company wide policies for Google Chrome that are independent of the OS platform being used, management of Chrome devices (i.e. Chromebooks), the ability to restore users/user data, and customizable security reports.