Posts

Security Best Practices to Protect Your Admin Accounts

Data Protection & SecurityIn any client environment, it is critical for you to protect your admin account with current security best practices. Most cloud services have multiple levels of admin accounts, including a super admin with the ability to access, manage, and change every configuration and security settings.  In many cloud services, “super admin” accounts also have blanket access to your data.  In effect your super admin and admin accounts hold the keys to your kingdom.

Protecting and managing admin accounts is critical for keeping your data and your business secure.

Here are four security best practices for managing and protecting admin accounts.

1 Multi-Factor Authentification

While we recommend multi-factor authentication (‘MFA”, also known as Two Factor Authentication or Two-Step Verification) for all user accounts, the added protection of MFA is critical for super admin and admin accounts.  MFA helps to protect your admin account by preventing somebody from using stolen or compromised credentials to access your cloud services, your data, and your business.

For Super Admin accounts, consider a FIDO-compliant security key.  These keys, or fobs, are physical devices that provide a timed access code required to log in. Keys provide the most secure method for multi-factor authentication, and are our number one recommendation when it comes to security best practices for administrator accounts.

2Secondary Super Admin Access

Even a super admin account can be lost or compromised.  Should this happen, you need a way to perform critical admin tasks while you recover the super admin account.  You have a few options, as follows.

  • Create a second, dedicated, super admin account.  While this comes with a licensing cost, you are not giving additional privileges to other admins or users.
  • Assign super admin rights to an existing admin or user. You avoid any increased fees, but grant privileges which can be accidentally or intentionally misused. These privileges can include access to sensitive data, archives, and the ability to alter security settings.
  • Engage your cloud partner/reseller. If your cloud partner/reseller has the ability to recover super admin accounts and/or reset super admin passwords, make sure you have a service or support agreement in place that covers admin account password reset and account recovery.

3Force Logout Super Admins

Day to day admin services can and should be performed by Admin accounts with permissions to perform specific sets of tasks.  User your Super Admin account for specific administrative and security tasks not permissioned to other Admin accounts.

As a Super Admin: Log in. Perform the specific task. Log out.

If possible, set your system to automatically log out Super Admin accounts if idle for a short period of time.

4Privileged Access Management

Our final best practices to protect your admin account includes Privileged Access Management, or PAM, which limits access to critical security and administrative functions. Permission is granted to specific functions, upon request by another Admin or the system, for a limited amount of time. Using PAM provides additional tracking of who/when/why for critical settings and tasks.

Call To Action

Take a look at your cyber security. Complete our Rapid Security Assessment (free through June 2023) for a review of your basic security measures.

Contact us or schedule time with one of our Cloud Advisors to discuss your cyber security protections and/or your broader security needs, priorities, and solutions.

About the Author

Chris CaldwellChristopher Caldwell is the COO and a co-founder of Cumulus Global.  Chris is a successful Information Services executive with 40 years experience in information services operations, application development, management, and leadership. His expertise includes corporate information technology and service management; program and project management; strategic and project-specific business requirements analysis; system requirements analysis and specification; system, application, and database design; software engineering and development, data center management, network and systems administration, network and system security, and end-user technical support.

A Better Cloud Admin Solution

BetterCloud Logo
With over 200 new features add yearly, the capability of Google Apps is growing in features and capabilities. Across our customer base, we see adoption and use of these features by individuals and teams growing as well.

You want and need to understand how Google Apps is being used, and working, for your business. With more collaboration and data in the cloud, you want to ensure that documents are properly shared, with appropriate privacy and protections. At the same time, we want to keep administration simple and efficient.

We have a solution:

BetterCloud recently release a new tiered service designed to solve each of these issues, and you can try it for free.

BetterCloud Basic is a Domain Health Center for your Google Apps domain, letting you monitor activity, define alerts, and analyze usage.

BetterCloud Pro is a robust suite of administration and management tools for Google Apps that simply admin tasks with an expanded set of controls that save you time and effort.

BetterCloud Enterprise adds auditing, discovery, compliance, and data loss prevention features, giving you the ability to monitor, manage, and mitigate data permissions and exposures in real time.

 

You can try BetterCloud for free, and without obligation.  Here’s our offer:

We will …

  • Install BetterCloud Basic for free in your Google Apps domain
  • Activate a no-obligation, 30 day trial of the BetterCloud Enterprise and Pro Features
  • Over the course of the free trial, we will highlight and demonstrate key features, including running a basic data security audit report for your review

At the end of the the trial, you decide if the cost/benefit of BetterCloud Pro or Enterprise is appropriate for your domain, and we will keep you subscribed. If not, you can keep using BetterCloud Basic for free.

To keep it simple, you can request the trial with two clicks.  Click here* to open a request email, then click Send.  Our team will promptly respond and activate your free trial.


*If you purchased Google Apps directly from Google, or another partner, we can still provide the trial. We also offer license discounts and other incentives for moving your account over to us. Contact us if you are interested in the savings and/or our services.


 

Google Apps cPanel Gets and Upgrade (Part 2)

This is the second of a two-part series covering the new look and features in the Google Apps Admin Panel.

In addition to being a more uncluttered dashboard, the new and improved Google Admin Console will now make it easier than ever to customize the panel to your benefit.  The panel can now be readjusted to however you so desire by simply dragging and dropping icons onto the main screen, allowing you to access the services and management components you use most often.

You already know what the new interface looks like (see Part 1).  So what else can you do with the new admin panel?

Google Apps Admin Panel (Click to Enlarge)

You can access the other icons and applications by clicking the “More controls” button at the bottom of the screen.

This will provide you with another row of accessible icons.

Additionally, there are even more controls that are available, which can be exposed by using the “>” arrow at the bottom of the screen.

(Click on the image at the right to enlarge)

Let’s say that you want to add the Google “Groups” to your main panel, and more specifically, between the icons for “Company Profile” and “Billing.”  Doing this is as easy as just dragging the icon right up to the main dashboard.

After you drop any icon, it becomes present on the predominant Dashboard.  Just as you can easily add icons to the panel, you can comfortably do the reverse in order to conceal those icons that you do not need front and center.

Want to learn more?

Still looking for more information?

Here is a video that demonstrates the new setup.  The full Console Guide is also available.  The Feature Map is an easy way to see how to perform common tasks.

 

 

 

 

Google Apps cPanel Gets and Upgrade (Part 1)

This is the first of a two-part series covering the new look and features in the Google Apps Admin Panel.

Most interface changes are dreaded by users and implemented with reluctance. However, instead of updating the Google Apps Control Panel to a more complex setup with less or equal function to its predecessor, this new panel is sleek, simple, and user-friendly. It was designed to make your day easier.

Want proof? Let’s go through some of the new features.

Now called the “Google Admin Console,” it has expanded to allow to administer other enterprise features from the panel, including Chromebooks and Map Coordinate, unifying administration and management.  The Admin Console is also available through a simple link: admin.google.com.

dashboard

As you can see, there is a similarity between the panel and the Google+ dashboard. The right section shows user activities, tools, and tasks, and the upper right has icons for alerts/notifications, help, and support.

The icons are pretty self-explanatory. When you open an icon, however, a drop-down appears in the upper left. When you open an icon such as “Company Profile,” the drop-down menu gives options for the profile, communication settings, personalization, custom URLs, and more.

By clicking the “Company Profile” with the drop-down arrow next to it, you can see your other icons from the home dashboard.

If you access “User” from the main menu, you  see the scree, above.

Additionally the new interface allows you personalize which details show underneath the column. You can also use filters to display users by a specific category. Whether assigning them into groups individually or in bulk, all you need to do is check the box next to each one and choose the appropriate action.is:

Profile information appears when opening up a specific user. From there you can reset the user’s password, add the user to groups, rename the user, and more. Hovering over certain areas will make more data appear. For example, when you hover over “Google Apps Enabled” to see what applications are enabled, it might show Google Drive, Google Calendar, Google Contacts, and more.

Whereas back on the dashboard, you can see your available services by clicking “Google Apps.” To manage the usages and settings, click on the app.

There are many useful features in the new Google Admin Console. From managing specific users to navigating the dashboard, all systems have been reworked and improved upon. We are excited to introduce this new chapter in the Google Apps Control Panel and look forward to using it.