<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=986590804759414&amp;ev=PageView&amp;noscript=1">
G Suite Admins Blog > Security and Governance

Looking for Cloud Security? Google's Got your data and users covered.

Woman with a rifle in the militaryToday, data is the most valuable resource in the world.  If you want to protect your company, then you need to defend the information that you're gathering and using every day. It's no wonder that security features are built into a huge selection of the products that we rely on. Fortunately for those interested in the world of cloud computing, Google has an incredible experience to offer in terms of security and support.

Whether you're moving your resources entirely to the cloud, or you're embracing a hybrid structure, Google began in the cloud environment, making it the most knowledgeable and experienced company out there when it comes to achieving scalable security. Because the services you get from Google run on the same infrastructure as the search engine giant themselves, it's safe to say that you're getting exceptional defense. The global Google network allows Google to push ahead of the curve with constant innovation and evolution. You're always one step ahead of the criminals.

From a hardware perspective, Google also has security tapped with their exceptional data centers. They know how important data is to the modern economy, so Google has built their physical security model with a range of safeguards, including bespoke custom electronic cards, metal detectors, and perimeter fencing. Google also uses cutting-edge systems like laser-based detection fields and biometrics to ensure that no-one gets to touch your information but you.


The Most Resilient Network on the Cloud Block

While many companies in the modern world are looking for ways to make their systems more secure, it's safe to say that Google has put security at the heart and center of everything they do. The Google data centers run using custom-designed hardware, and Google's network and application architecture have been carefully built for absolute reliability in terms of uptime. Even if a machine fails, Google has built in numerous safeguards to keep your systems running every day.

One of the most impressive elements of the Google experience is its focus on data encryption. Thanks to a highly private, software-defined network that runs around the world, Google can provide its customers with a higher level of control, security, and versatility than most of the other cloud providers available today. The Google network connects a range of data centers using public fiber, Google Fiber, and cables that run under the sea too! All in all, the result is a highly resilient and low-latency service that supports customers around the globe and minimizes the risks that come with leaving your data on the public Internet.

No matter what you're doing with your data on Google, from storing it on a disk, to placing it on your backup media devices, or even moving it over the internet, G-Suite customers can rest assured that their information is safe and private. Encryption makes up a critical component of the G-Suite strategy for security, as the brand wants to make sure that your chats, emails, and Google Drive files are safe and secure at all times. In fact, Google is so dedicated to the security environment, that they actively work to protect the wider Internet community.

If you haven't heard of the Google "Project Zero" strategy before, it's basically a Google team focused on discovering the most significant vulnerabilities in widely-used Google products. We commit to doing our work more transparently to keep everything in the online environment moving as smoothly as possible.


A Brand with a Culture of Security

Perhaps one of the things that makes Google a leader in the security space is the fact that they put data protection at the heart of their community culture. From the moment a new employee joins the Google team, they're required to think about their work from a security-first perspective. Those rules apply to everyone in the Google community, including over 700 full-time privacy and security professionals, and some of the world's experts in information, network security, and application development.

To keep the Google experience protected and safe, Google incorporates a secure mindset into all of their development processes, from having security experts conduct code reviews to find potential security vulnerabilities, to having an on-board incident management team ready to work at a moment's notice. It's this forward-thinking approach to security that has allowed Google to stay ahead of the security Curve to some degree. They're committed to setting the bar higher than ever before, and that means pursuing:

  • Perfect forward secrecy enablement: Google was the first global cloud provider to support the perfect forward secrecy standard, which keeps content safe and encrypted as it moves between company servers and Google servers. Thanks to perfect forward secrecy, the private keys in a connection cannot be retroactively decrypted. Now, countless industry peers have since followed in Google's footsteps.

  • Complete email encryption: All of the messages sent and received on G-Suite are fully encrypted as they travel between data centers. The purpose of this is to ensure that messages are kept safe wherever they end up, even when the data is moving internally throughout servers that belong to Google.

  • High-quality encryption: Speaking of encryption, Google also leads the market with their encryption key lengths. All the way back in 2013, the company doubled their RSK lengths to 2048 bits, and they still change the codes every couple of weeks to support a minimal chance of successful intrusion.

Tailor-Made Data Protection for Every Business

As a security market leader, G Suite gives administrators in mid-market enterprises the access, they need to completely control concepts like system configuration and application settings, in a dashboard that's simple and streamlined from end to end. You can choose the G-Suite system that suits you, but rest assured that it will come with features like:

  • High-level authentication: Thanks to 2-step verifications, the risk of unauthorized access to files in G-Suite is incredibly low. This is because users are asked for additional proof to protect their identity when they sign in. With the security key enforcement from Google, there's an additional layer of protection keeping today's users safe. The key comes with an encrypted structure, and it's designed to work exclusively with certain sites, which helps to protect users against the risk of phishing.

  • Cloud Access Management: To help give admins as much control over their data as possible, Google provides a centralized environment for cloud access management. The G-Suite system comes with support for single sign-on, which means that you can enjoy access to other cloud applications in your enterprise without having to worry multiple passwords and usernames.

  • Suspicious login monitoring: Google, as a master of the machine learning space, has also implemented smart cognitive processes to help detect logins that might be deemed as suspicious or dangerous. When a dangerous login is discovered, admins are notified immediately, so that accounts can be quickly secured and protected.

Worried about your mobile workers? Google has that covered too. With operational control and integrated device management features, you're always the first to know about any suspicious device activity in your network. You'll be able to enforce mobile policies, encrypt the data on lost or stolen devices, and remote wipe phones, tablets, and laptops too.

Google's unique authentication control setup also ensures that administrators have complete control and visibility over any third-party applications in their framework too. OAuth offers next-level security for corporate data access and authentication. Additionally, information rights management solutions are pre-established in Google Drive to ensure that you have complete control over your most sensitive data.


Countless Ways to Protect your Data

When it comes to protecting data, Google knows that there's no one-size-fits-all solution. That's why they've implemented a range of services to protect the modern mid-sized enterprise. For instance, G-Suite administrators have the opportunity to set up a data loss prevention policy to protect the sensitive information that companies deal with through their Google Drive and Gmail accounts every day. Thanks to a predefined content detector library, setting up your data loss prevention strategy is simple, and once your DLP is set up, you're ready to go.

Google's data loss prevention strategy can push Gmail to automatically look through all of your outgoing mail to check for sources of sensitive information, to protect you against leaks, and quarantine emails for reviews. With optical character recognition, simplistic rules, and other important setups, administrators can even audit the files that contain sensitive content for today's common compliance measures. Other methodologies that Google offers to protect user data include:

  • Spam detection: With machine learning algorithms at their core, Gmail's systems now have a 99.9% accuracy when it comes to detecting spam and blocking sneaky messages that might try to make their way into your system. Apparently, less than 0.1% of the email in a standard Gmail inbox is spam, and filtering mail to the spam folder incorrectly can make your business harder to run.

  • Protection from phishing: G-Suite also uses it's AI and machine learning background to offer greater protection for users attempting to avoid phishing attacks. The machine learning models available with Google today perform similarity checks between new systems and previously classified phishing sites to flag up issues before you appear on the site. When patterns are found online, Google can quickly adapt their systems to suit.

  • Detecting Malware: Malware is another common problem that today's security admins need to protect their businesses against. Fortunately, to help with protection against malware, Google can automatically scan each attachment on your email and download systems for viruses, using multiple engines. The Gmail system can even check for viruses that might be queued in your attachments. This next-level malware management strategy helps to prevent the consistent spread of malware across the internet highway today.

  • Defense against brand phishing: Finally, to prevent the abuse of brand assets in a phishing attack, G-Suite takes advantage of the current DMARC standard, which gives domain owners the chance to determine how Gmail and other providers should handle emails from a certain domain. The right policy ensures that users and reputations around the world remain protected.

Support for Industry Best Practices

In a world of nervous and cynical customers, there's no room for error in any security strategy. Companies in the current marketplace need to meet with the most stringent security standards for their industry, otherwise they risk their clients avoiding them at all costs. Fortunately, with G-Suite, you don't have to worry about your tools being as secure and durable as your business is. G-Suite is designed to meet compliance and reporting standards across a range of formats including:

  • ISO 27001: Probably the best-known and most widely-accepted independent security standards system on the market, Google has ISO 27001 certification for all the processes, technologies and data centers responsible for keeping G-Suite up and running. You can even see the certificates for yourself.

  • ISO 27017: Want better security in the cloud? Google can help with that. ISO 27017 is the international standard used for information security around cloud services. Google earned their compliance certificate with Ernst & Young - a certification body associated with the Dutch Accreditation Council.

  • ISO 27018: Another example of Google's intensive commitment to data protection and privacy standards, G-Suite's ISO 27018 compliance guidelines demonstrate their transparency when it comes to data storage. G-Suite won't use the data on G-Suite for advertising purposes, which means that the information you gather on the Google platform is yours to use as you see fit - provided your strategies comply with data laws.

  • SOC 2 and SOC 3: The American Institute of Certified Public Accountants created SOC (Service Organization Controls) 2 and 3 to establish criteria for the integrity, availability, confidentiality, and security of data. Google has achieved both SOC 2 and SOC 3 reports.

  • FedRAMP: Products on G-Suite are compliant with the requirements of the Federal Risk and Authorization management program, which is otherwise known as the ultimate cloud security standard used by the US government.

  • PCI DSS: G-Suite customers who have to hold onto the card payment data and information provided by their customers for transaction purchases can enjoy the comfort of a Google experience that's completely PCI DSS compliant. For Drive, you can even set up Vault to run audits of your information on your behalf, and make sure that no unnecessary card data is stored.

  • HIPAA: G-Suite users who need to be HIPAA compliant, and want to use their G-Suite system for PHI processing can sign an associate amendment with Google and ensure a stronger online strategy.

Using Google for eDiscovery and Archiving

Speaking of Google Vault, Google also offers exceptional security for its users by giving them a state-of-the-art strategy for archiving and eDiscovery. With Google Vault, companies can easily retain, search, and export organizational email for their compliance records. What's more, because Vault is completely web-based, there's no need to maintain or install additional software. Vault allows companies to search through their Drive, Gmail and Groups data, set policies for custom retention, and place user accounts on hold too. As a critical component of Google's security network, Vault allows mid-sized enterprises to:

  • Export evidence: Export recorded chats, emails, and files into standard formats for review and processing. Everything is available in a format that supports common legal standards and chain-of-custody requirements.

  • Protect business data: Hold onto critical information with safe retention policies for critical content. You can set your legal holds and archiving strategies to run on specific units in your organization, or keep the system running across your entire domain.

  • Achieve Better Compliance: With G-Suites monitoring tools, you can scan through critical email messages using analytics and machine learning to find objectional content and specific patterns. It administrators can even create rules to specifically deliver emails with modifications attached or reject certain emails that may be suspicious.

With Vault to hold onto critical information, compliance and auditing measures are easier for any company to come to terms with. G-Suite even gives administrators the option to track specific actions launched by users and set up alerts in G-Suite for behavior that spans across Admin Console, Gmail, Calendar, Drive, Groups, and third-party apps.

Once you've got all your data loaded into a safe place, G-Suite offers the opportunity to create simple interactive reports that minimize your company's exposure to security issues. Thanks to a selection of available APIs, you can also build out custom tools to suit your environment.


Google's Approach to Trust and Transparency

When cloud computing first emerged in the modern world, a lot of enterprises and companies seemed to panic about the security of their data. They didn't know whether they could be certain their data was secure in the cloud - as there was nothing tangible there to keep other people locked out of their infrastructure. The sheer anxiety that accompanied the move to cloud computing was one of the biggest roadblocks for companies seeking a solution with more versatility and scalability.

Fortunately, the cloud has evolved a lot since those initial days of uncertainty, and many major cloud providers can now prove that security isn't an issue.

Perhaps one of the biggest things to have an impact on the way that today's companies feel about the Google or G-Suite experience is the level of transparency that the search engine giant commits to. Trust is at the heart of everything that Google does. The organization knows how important it is to remind their clients that they own their data and maintain complete control over it.

If you're worried about Google using your data for something untoward, you can even get a detailed "Data Processing Amendment" from the organization which fully describes the brand's commitment to deleting sensitive data from their systems within at a maximum of 180 days after you delete the information from your version of the G-Suite service.

Combine this general promise of data privacy with the fact that Google's always active online, providing users with insights into what's going on behind the curtain, and you've got a network that's much easier to trust. When you sign up with G-Suite, you stay in the know. Whether it's a real-time overview of what Google is doing with their G-Suite strategy or the results of a recent audit, you can find all of the information you need freely posted online.


Google Cloud Security Updates in 2018

As the nature of security continues to evolve, the strategies that Google embraces to protect G-Suite users transform with it. In 2018, we've already seen a slew of security features hitting the market for G-Suite and Google Cloud Platform users. For instance, from a GCP perspective, we recently saw the launch of the new VPC service controls designed to protect API-focused services. As multi-cloud environments and custom computing strategies grow more popular, a service that protects extensibility could be critical for Google users.

Additionally, to defend against the rising threat of DDoS attacks, Google also announced their new "Cloud Armor" service. Cloud Armor offers scalable defense for larger enterprise users who are worried about the threat of DDoS attacks. Armor comes with all the blacklisting and whitelisting tools you'd expect from a DDoS strategy, and it integrates with Google's Global Load Balancing service too.

Other recent updates to the Google Cloud Platform include upgraded logging tools for data transparency and new tools to ensure that only the right team members get to access your GCP resources. As for the G-Suite community, Google recently launched a few new charts to help you monitor your performance on various tools, and you can also customize your dashboard too.

Since the start of 2018, Google now automatically turns on features like email flagging to ensure that you're less likely to start your G-Suite strategy without the right protection. Your G-Suite service can even warn you of emails that might try to spoof employee names using domains similar to yours.

While the updates to G-Suite and GCP security are sure to keep coming in the months ahead, one thing remains certain: Google takes security seriously.

Want to start your secure Google strategy? Reach out to Coolhead Tech today!