Admin Insider: top questions (and answers) on data security in G Suite
G Suite helps take the complication out of data security by giving IT admins simple, streamlined ways to manage their users, control devices and stay compliant. After all, security tools are only useful if you deploy them.
We meet with customers frequently and hear many of the same concerns when it comes to data security. In the spirit of RSA this week, we want to provide answers and best practices based on these top questions so you can continue to keep your organization’s data secure.
Question #1: What configurations should I use to best protect my data?
While your organization should have a specific set of security policies, here are a few pointers to help you strengthen them.
- First, basic device management. It’s automatically enabled for your mobile devices that access G Suite as soon as someone adds their G Suite account. This means that admins can use basic security controls, like password enforcement and account wipe, to cover employee devices without needing employees to install profiles on iOS and Android. It’s a good idea to make sure this hasn’t accidentally been disabled.
- Second, once you’ve fully deployed basic device management, consider taking it a step further by setting up advanced mobile management. This Help Center article walks you through the setup process step-by-step.
- Third, enable advanced phishing and malware protections to better identify suspicious content. By integrating with technologies such as Safe Browsing, Gmail already prevents more than 99.9 percent of spam, Business Email Compromise (BEC) threats, and phishing emails from ever reaching your inbox. Additionally, it’s a good idea to enable advanced protections we offer you. This Help Center article tells you how.
Lastly, take advantage of security health recommendations in the Admin console. If you’re a G Suite Enterprise customer, we analyze your specific environment and give custom advice to help you secure users and data better, ranging from details on how your files are shared, information on how to better store your data, and recommendations on mobility and communications settings.
These are just a few pieces of advice to get you started. Since you know what works best for your organization, consider going through these recommendations to think of ways to best deploy based on your specific security needs.
Question #2: What should I do when I see suspicious activity?
We want to help you stay ahead of threats. The alert center in your Admin console can help. It includes notifications for both security threats and critical system alerts when they happen. Insights around these alerts can help you better assess how much your organization has been exposed to security issues at both a domain and user level.
In addition, if you’re a G Suite Enterprise customer, you can use the security center to dig deeper into why a device was compromised, whether any suspicious emails were sent or received, and even suspend users, all from within the security center investigation tool.
Question #3: How can I detect and remediate data exfiltration?
If you use G Suite, there’s a dedicated dashboard in the security center to help you monitor file exposure, providing a snapshot of files that have been shared externally or that have publicly listed links. Make sure to check that dashboard regularly.
With the security investigation tool, you can go even further and see specific file shares and audit file permissions.
You can also set IRM controls on multiple files and disable specific users from accessing those files.
Question #4: How can I make sure G Suite satisfies my organizational policies?
Because our data centers are globally distributed, we can help reduce latency for multinational organizations. Some organizations, however, have requirements around where their data is stored, and we’re committed to meeting those needs, too. With data regions, customers can designate the region in which primary data for select G Suite apps is stored when at rest—globally, in the US, or in Europe. Setting up data regions is quick and easy. There are no minimum seat requirements and you can change your covered data’s location at any time.
Additionally, if you are a G Suite Business or Enterprise customer, you can also use Vault to set retention policies for your entire organization or specific organizational units with custom date ranges and specific query terms to keep track of what matters.
If you are attending RSA San Francisco this week, we’re hosting the third edition of Google Cloud Security Talks at Bespoke in Westfield San Francisco Centre, a five-minute walk from Moscone Center. In addition to presentations and panels, we’ll feature several interactive demos that showcase how Google prevents phishing and ransomware attacks and how partners integrate with our services. Check them out!