Admin Insider: top questions (and answers) on data security in G Suite

By Anonymous -

G Suite helps take the complication out of data security by giving IT admins simple, streamlined ways to manage their users, control devices and stay compliant. After all, security tools are only useful if you deploy them.
We meet with customers frequently and hear many of the same concerns when it comes to data security. In the spirit of RSA this week, we want to provide answers and best practices based on these top questions so you can continue to keep your organization’s data secure.

Question 1: What configurations should I use to best protect my data?


    While your organization should have a specific set of security policies, here are a few pointers to help you strengthen them.

    • First, basic device management. It’s automatically enabled for your mobile devices that access G Suite as soon as someone adds their G Suite account. This means that admins can use basic security controls, like password enforcement and account wipe, to cover employee devices without needing employees to install profiles on iOS and Android. It’s a good idea to make sure this hasn’t accidentally been disabled.
    • Second, once you’ve fully deployed basic device management, consider taking it a step further by setting up advanced mobile managementThis Help Center article walks you through the setup process step-by-step.

    1_mobile_management.png

    • Third, enable advanced phishing and malware protections to better identify suspicious content. By integrating with technologies such as Safe Browsing, Gmail already prevents more than 99.9 percent of spam, Business Email Compromise (BEC) threats, and phishing emails from ever reaching your inbox. Additionally, it’s a good idea to enable advanced protections we offer you. This Help Center article tells you how.
    2_links.png


    • Lastly, take advantage of security health recommendations in the Admin console. If you’re a G Suite Enterprise customer, we analyze your specific environment and give custom advice to help you secure users and data better, ranging from details on how your files are shared, information on how to better store your data, and recommendations on mobility and communications settings.
    These are just a few pieces of advice to get you started. Since you know what works best for your organization, consider going through these recommendations to think of ways to best deploy based on your specific security needs.

    Question 2: What should I do when I see suspicious activity?

    We want to help you stay ahead of threats. The alert center in your Admin console can help. It includes notifications for both security threats and critical system alerts when they happen. Insights around these alerts can help you better assess how much your organization has been exposed to security issues at both a domain and user level.


    3_suspicious_activity.jpg



    In addition, if you’re a G Suite Enterprise customer, you can use the security center to dig deeper into why a device was compromised, whether any suspicious emails were sent or received, and even suspend users, all from within the security center investigation tool.

    4_security_investigation.png



    Question 3: How can I detect and remediate data exfiltration?

    If you use G Suite, there’s a dedicated dashboard in the security center to help you monitor file exposure, providing a snapshot of files that have been shared externally or that have publicly listed links. Make sure to check that dashboard regularly.




    5_file_exposure.png


    With the security investigation tool, you can go even further and see specific file shares and  audit file permissions.
    You can also set IRM controls on multiple files and disable specific users from accessing those files.

    6_permissions.png


    Question 4: How can I make sure G Suite satisfies my organizational policies?

    Because our data centers are globally distributed, we can help reduce latency for multinational organizations. Some organizations, however, have requirements around where their data is stored, and we’re committed to meeting those needs, too. With data regions, customers can designate the region in which primary data for select G Suite apps is stored when at rest—globally, in the US, or in Europe. Setting up data regions is quick and easy. There are no minimum seat requirements and you can change your covered data’s location at any time.





    7_data_regions.png

    Additionally, if you are a G Suite Business or Enterprise customer, you can also use Vaultto set retention policies for your entire organization or specific organizational units with custom date ranges and specific query terms to keep track of what matters.
    If you are attending RSA San Francisco this week, we’re hosting the third edition of Google Cloud Security Talks at Bespoke in Westfield San Francisco Centre, a five-minute walk from Moscone Center. In addition to presentations and panels, we’ll feature several interactive demos that showcase how Google prevents phishing and ransomware attacks and how partners integrate with our services. Check them out!








    Reena Nadkarni
    Group Product Manager, G Suite, G Suite

    Sam Lugani
    Security Product Marketing, G Suite






    Comments

    Post a Comment

    Popular posts from this blog

    Google Partner in Bangladesh

    By Anonymous -
    Image
    We are honored to join Google Partners in Bangladesh In order to guarantee that your team makes the most of this robust collection of corporate collaboration tools , Finetech is a licensed Google Workspace, Google G Suite Enterprise for Education partner/reseller in Bangladesh. We provide comprehensive implementation, installation, training, and ongoing support. To set up, move, or receive help with Google Workspace, contact us . With the single objective of advancing your company, we have the potential to work together with you. We are one of the most trusted Google Workspace resellers in Bangladesh, with years of expertise helping businesses of all sizes and types with Google Workspace support. By treating your business prospects with Google Workspace for business, we assist you in achieving your goals. As a reputable Google Cloud partner for Google Workspace Business in Bangladesh, we have the expertise to harness Google Workspace's power and offer all of its benefits to your
    Read more

    Refresh BigQuery data in Sheets using Apps Script and Macros

    By Anonymous -
    Recently the BigQuery data connector was released to enable clients to effectively import information from bigger datasets into Sheets. Presently, you can utilize devices like Apps Script and the large macro recorder to plan automatic updates inside Sheets to the associated BigQuery data. Reasons to use it Remain over the best in class information crucial to your business via automatically refreshing the BigQuery information in your sheet. For instance, you can set sales data to automatically refresh with the goal that it's prepared for analysis toward the start of every day. You can likewise auto-refresh information in preparation of key meetings or introductions that happen on a weekly or monthly basis. Or on the other hand you could set a trigger to auto-refresh your information each time you open the spreadsheet. This feature will be ON by default. When you compare data in Sheets and BigQuery, the following procedure should be adopted. To compare data, you mig
    Read more

    Use Vault for Gmail Confidential Messages and Jamboard Files

    By -
    Image
    Google vault will be supporting two new formats in the future, Gmail confidential mode emails & Jamboard files stored in Google Drive. Google Vault gives you a chance to retain, hold, search, and export data to support your organization’s retention and eDiscovery needs. This dispatch includes support for new information types with the goal that you can thoroughly oversee your association's information. What happens when individuals in your association sends confidential messages? Vault can hold, retain, search, and export all confidential mode messages sent by users in your association. Messages are constantly accessible to Vault, notwithstanding when the sender sets a termination date or denies access to private messages. Here’s an example of what admin@ink-42.com will see in Vault when they search for sam@ink-42.com and preview this email sent by lisa@ink-42.com . But It’ll not work vise versa. Admins can hold, retain, search and export message headers and s
    Read more