Secure remote working with Google Workspace

08 October 2020

Using Google Workspace to keep your data secure and business protected.

We use Google Workspace in many ways to keep our organisations thriving, more now than ever before. Netpremacy is here to support your Google Journey, and in doing so, we support the security of your operations. With this in mind, we have put together some guidance and information to help you optimise your security posture.

There is a global shift now in adapting to a new way of working, ensuring our employees are productive, collaborating, and driving business whilst operating in a secure environment all whilst working remotely. Securing cloud environments is what we are dedicated to providing.

By delivering Security Workshops, webinars, regular updates, and articles we are ensuring that our Google Cloud customers are utilising their cloud investment to the highest level. Enterprise-level security, such as DLP, endpoint security, MDM, and log analysis are all available with Google Workspace. However, many security failures have been a result of the person or the process and not the technology. With all this in mind, we are investing our time and resources into ensuring all points of failure are assessed and mitigated against using Google Cloud Technologies and our expertise, whether that is the person, policy, process, or technology.

If you are operating the newly transformed Google Workspace, you will be aware of the vast security features available at your fingertips. With the majority of our workforce now facing remote working as a somewhat permanent measure, we need to look at securing not only the perimeter but the user, the endpoint, the access control, and ensuring data loss is no issue. Previously, working from home policies seemed alien to most security pods, posing unmanageable risks. However, as we are heavily invested in enterprise-level cloud solutions like that of Google Workspace, these security concerns are met with mitigating controls and processes to ensure peace of mind whilst staying compliant to regulating bodies and guidelines.

Google Workspace

As discussed, the user has been given a bad press in former years due to lack of due diligence, mistakes, or failure to provide multiple authentications leading to significant breaches. Ensuring your users have a seamless process to access the services and documents they need to fulfil their employment duties is a must. Overcomplicating authentication and access controls can lead to user dissatisfaction and shadow IT. Authentication is heavily used across all Google Workspace features, having a strong authentication process ensures that the right data is being accessed by the right person on the correct device. 

2 step verification reduces this risk greatly, by using the features available in Cloud Identity you can ensure all your users are providing additional verification processes and lowering your risk of unauthorized access to your company data. Google also provides security key enforcement offering another layer of security. This is a physical security verification process and sends an encrypted signature that only works with the access that it is provided, helping G Suite administrators to manage and monitor security keys at large and without having to install many different types of security software.

Moving on from the user, we look towards securing the device. If organisations have not already, there has been seen to be a huge uptake on device management solutions. Solutions on the market that are available to ensure the safety of company data when employees are remote working or using devices that are not owned by the company themselves, such as a BYOD policy. Being able to control what applications a user can utilise, to be able to lock the device down and wipe sensitive content if the device is lost or stolen has provided another layer of security to those companies who can operate outside of the traditional network structure. Google MDM is available in both Business and Enterprise SKUs, with a significant feature enhancement when looking into Enterprise, this provides what is usually a heavy investment with an alternative MDM provider included in your license commitment. Google was named a 2018 Gartner Peer Insights Customers Choice for Enteprise Mobility Management Suites.

There are many other features that enhance your cloud security posture with Google’s Suite, however, whilst security features are fundamental, regulated organisations need these security features to adhere to strict guidelines so their business can operate and expand. GDPR and ISO27001 are by far the most commonly adhered to guidelines in today’s data society. Google Cloud is compliant to GDPR guidelines as in most commonly known cases the data processor. Customers that utilise either Google Workspace or Google Cloud Platform take the role of the data controller, owning the data and must adhere to the data controller guidelines. GDPR has in essence given data protection and privacy and a dual-action approach, ensuring that cloud providers give assurances that data is protected in their environments and on the other hand the data controller ensures that the security processes around that environment are compliant with these regulations. 

Google has recently announced new security features, one of these features being data protection insights. This is a step forward in being able to classify data, the location of that data, and in turn be able to report on that to make informed decisions surrounding protecting your organisation’s data and can be of assistance when complying with regulations such as ISO27001. ISO 27001 is an internationally recognised data protection standard, which looks at all areas of data protection, from the virtual, physical, software, policy, and process. Many organisations wanting to work with the central government or organisations that hold extremely sensitive information will be asked to adhere to this framework. However, this is usually not light work, with some projects taking longer than 6/12/18 months to complete and become certified. When using any Google Service, you will adhere to these guidelines automatically and your data in that environment will be continually monitored and improved under the ISO 27001 regulations.

In addition, Google has also recently announced that Google Workspace has received ISO 27701 certification alongside their 27001 and alternate data protection and privacy certifications. This being part of the ISO 27001 family, aligns directly with data privacy and provides guidance for implementing, maintaining, and continuously improving a Privacy Information Management System (PIMS). This relays back to GDPR considerably when looking into data protection laws and guidance. You can read more about the recent updates and security certifications here.

Although this article merely touches lightly on some of the features available to you with Google Cloud Services, there are many more. We carry out regular Security Workshops with our customers to ensure their environments are optimised to the highest level of security standards available.

We will be discussing this further on our Google Workspace Security Webinar which will take place on the 12th of November, covering a variety of security topics that have been highlighted in this article. We welcome customers and non-customers alike to join us to discuss this further.

Please contact me if you have any further queries around security: