Preventing data loss with G-Suite & GCP

07 April 2020

Preventing data loss with G-Suite & GCP

Alix Munroe, speaks about best practices to prevent data loss

For those that have ever attended any information security events, like that of InfoSec Europe or Cloud-Expo, they will understand the broadness and confusion surrounding the concept of Data Loss Prevention (DLP). It seemed at one point, every information security outlet or vendor would pitch that their solution was a silver bullet for preventing data loss. Now, in some terms, this can be correct, any solution which is helping prevent a breach provides some sort of DLP service. In this blog, I want to specifically visit the tools available with Google Cloud Platform and G Suite, and relay these to real-life scenarios or current projects you may have on your radar. I want to touch on some of the inbuilt tools within Google’s portfolio inclusive of DLP directly and access control. We’re all aware of the effectiveness of multi-layered protection, this doesn’t change when it comes to DLP, let’s secure the route into the data and secure the route back out.

Firstly, I think we’ve all been there, having attached the wrong document, or mistakenly sent the wrong email. Now imagine this being a confidential document, sensitive/ personal information or even card data! There have been cases of extraordinary accidents, for example, the HIV firm who accidentally cc’d a group of HIV positive patients instead of blind cc’ing HIV clinic fined £250 for a data breach, Believe it not, this isn’t the first time this mistake has been made, take a look at the NHS HIV mistake only one year after NHS trust fined for 56 Dean Street HIV status leak 9 May 2016. Luckily, this is where G Suite Enterprise and GCP can offer their data classification services, to ensure that the correct classification of data is sent, securing sensitive information and making sure that this information is not sent to external sources, maliciously or by a complete accident. Users are notified and/or restricted from sending data which isn’t meant to be sent – senior management can sleep a little bit better.

FYI – one often overlooked and very simple aspect of what G Suite offers to help prevent accidental data loss without the use of the DLP tools, is to retract/undo emails! Now, simple affective little tools like this can save jobs … I assure you. 

Google Cloud Platform provides customers with confidence with its methods of detection for privacy-sensitive fragments in text, images, and Google Cloud Platform storage repositories. Google Cloud DLP can, therefore, define what is sensitive and ensure you are aware of where this data is and when it is moved and sent. Cloud DLP classifies this data using more than 120 predefined detectors to identify patterns, formats, and checksums, and even understands contextual clues. This service is available for GCP and Google Drive for Enterprise customers. However, Google gives you the option to purchase the API separately and an option for you to try this tool for yourself, click here.

Similarly, G Suite Enterprise essentially provides DLP for Drive and G Mail, preventing data from being exfiltrated or shared incorrectly to external parties. Google provides pre-defined content filters (global credit card numbers, passport numbers, UK drivers licence numbers etc), which are kept up to date with the latest formats, so you don’t have to worry about that. With this in mind, however, you can create your own custom filters using wordlists or regex for more business-specific sensitive data. Along with that, you can put thresholds in such as a minimum number of matches or number of unique matches to ensure you’re not flagging every single file going, this can be applied or excluded to users, using Groups or OU (organisational units), because I am sure there are different use cases for different areas of your business. You can also decide how stringent or firm you want to be on these rules, reporting only on the triggers so no impact to users, warning your users prior to sending or sharing or actually preventing them from sending (how much do you trust your users?).

Furthermore, we’ve covered some of the ways which Google (Google Cloud) DLP elements which can be extremely beneficial to organisations for those users that have already authenticated and have access to sensitive data. I thought a quick touch on how Google can control access to data in a world of BYOD, Remote Working and Cloud Services would be useful before I sign off the blog. 

Usually, customers have concerns about moving to the cloud, specifically SaaS, a key worry being able to control and have visibility of who can access what, where and from what device. Some companies define DLP as any area for potential data exfiltration including; Identity & Access, device management and remote network access. Google has put this concern to bed with their Context-aware Access, anything using a google identity and will authenticate can be controlled under this solution. Based on the zero-trust security model and Google’s BeyondCorp implementation, context-aware access enables you to provide simpler access, enforce granular controls, and use a single platform for both your cloud and on-premises applications and infrastructure resources. If you are looking at a mobile device management solution for your remote workforce and have or are planning on moving to G Suite then this Google endpoint management tool could be massively useful in cost-saving, boasting the essential features: unified admin console, appl control and remote wipe.

Netpremacy are a leading Google Cloud Partner, with deep knowledge and trusted relationships across the Google Cloud portfolio, we are proud to have achieved Premier status for over a decade. 

Supporting over 3,000 customers in over 30 countries Netpremacy pride ourselves on product knowledge combined with service offerings For anyone looking to delve deeper into how Google help secure your data, we are holding webinars focussing on Collaboration, Connectivity and Security. As we’re all in a similar boat right now, working remotely, trying to stay productive and sane!

Sign up to our upcoming webinar – How to keep your data secure when working remotely, to hear from some of our experts on how to best protect your data when using G Suite. 

Happy to take any queries individually to see how we here at Netpremacy can support you: amunroe@netpremacy.com or connect with me on Linkedin

To keep up to date with product announcements, updates, and events subscribe to our newsletter.