Introducing Google Workspace security guidance to address Canadian data security requirements
Claudia Navarro Fragoso
Customer Engineer, Public Sector
Customer Engineer, Collaboration, Public Sector
As offices have become more connected, Google’s trusted cloud services, including Google Workspace, have fostered collaborative work environments around the world. The Government of Canada (GC) has set standards for government organizations utilizing cloud services. The newly-released Google Workspace security guidance can help government agencies reach compliance by providing steps they can follow to introduce Google Workspace tools while adhering to the GC standards. The guidance can help Canadian teams collaborate without compromising security.
The Google Workspace security guidance introduces a set of baseline security controls aligned to CIS Benchmarks. They include best practices and implementation information that allow Canadian public sector departments to deploy Google Workspace securely and establish data protection. Data security, privacy, residency, and sovereignty are key pillars supporting an organization's ability to effectively start, manage, and protect a remote work environment. Designed to help customers meet strict cloud data standards, Google Workspace allows departments to retain full control over their data and how it is processed. Google does not use customers’ data for any purpose except to provide them with the relevant Google Workspace service.
The Google Cloud commitment to security
Privacy and compliance requirements for Canada's public sector continue to evolve. In a recent example, changes introduced in the Government of British Columbia's Bill 22 have allowed government departments to store cloud solutions data outside of Canada, so long as certain security measures are in place to guarantee data protection. As compliance standards change, Google Cloud will endeavor to meet you wherever you are. Google Cloud is committed to working to provide secure solutions that conform to compliance standards, information security risk management, and reporting needs.
Implementing the security guidance
The security guidance for Google Workspace is published in this GitHub repo to allow Canadian public sector entities of all sizes to deploy Google Workspace with confidence. The Google Workspace Admin console offers administrators control and centralized management of resources, security settings and Google services for people in an organization. The security guidance documentation includes recommendations on how and where to leverage the security tools offered in Google Workspace.
The Google Workspace security center provides advanced security information, analytics, and added visibility and control to your Google Workspace tools. Within the security center, the security health page provides information for implementing the security controls described in the security guidance. Security administrators can compare their security settings with those recommended on the security health page, making certain they take the right approach and allowing them to act on security and privacy issues as needed.
Data control, protection, and privacy represent a big challenge within the public sector, where agencies need to navigate everything from sensitive data to lagging security standards and data silos. Client-side encryption (CSE) can help meet data sovereignty and compliance needs. Within Google Cloud, all data is encrypted by default, while “at rest” and “in transit,” so it cannot be accessed if it falls into the wrong hands. In the default mode, Google manages cryptographic keys on behalf of customers, but our public sector customers need greater levels of control to meet their security needs. CSE for Google Workspace gives departments direct control of encryption keys, making customer data indecipherable to any person or entity without the keys, including Google.
Zero Trust approach
Google Workspace leverages a Zero Trust approach to help ensure your collaboration tools meet Zero Trust requirements. Zero Trust implemented within Workspace follows three key principles: eliminate privileged networks, focus on users and devices, and enforce continuous authorization. We couple these with always up-to-date protection against phishing, malware, ransomware, and other cyber attacks to help you collaborate from anywhere with confidence. To further operate with Zero Trust and help improve their security posture, customers can leverage BeyondCorp Enterprise to protect Google Workspace apps and any other corporate resources hosted on Google Cloud, other clouds, or on-premises.
Committed to Canada
Data privacy and security remain top priorities for Google Cloud, and we're committed to providing quality tools to the Canadian Government. Providing Google Cloud security guidance and Protected B Landing Zones for cloud environments are some of the ways we’re helping keep Google tools accessible as Canadian security needs change. We’ve also made Workspace available through the Government of Canada Cloud Framework Agreement.
For the complete list of the Google Workspace security guidance, visit the GitHub repo.