Posts

Assessing Your Google Apps Security Threats

accept button
The power of Google Apps comes from the variety and scope of its collaboration features.  Unfortunately, the same tools we use to share and to work more efficiently can be used against us. When users set permissions, they may accidentally (or intentionally) over-share, resulting in data leaks, disclosures, policy breaches, and regulatory violations.

With the easy to select and connect 3rd party mobile and web apps to your Google accounts in just a few click, employees can easily and unintentionally grant access to non-trustworthy apps.

How do you protect your users from threats they do not know exist?

Assessing and managing information security within Google Apps warrants a multi-faceted approach.

  1. Education. Make sure employees understand your organization’s privacy and security policies, and any regulations and laws you must follow.
  2. Education. Make sure your users understand the basics of how permissions work within Google Drive and Sites, and how to use settings to comply with policies.
  3. Education. Make sure employees know that 3rd party apps can be dangerous and cause problems.

Beyond Education, many organizations look to deploy data protection and security solutions that support policies, that monitor the Google Apps environment for risks and violations, and that can respond and remediate potential data sharing violations.

Before you invest, however, understand your risk.  By reviewing Drive content and permissions and analyzing the inventory of 3rd party apps accessing your Google Apps domain, you can best assess if and when additional security and administrative tools are warranted.  While this can be time-consuming, tools and services exist that can automate the process of gathering and analyzing Google Apps security threat information.

Through September 30, 2014, Cumulus Global is partnering with CloudLock, the Google Apps collaboration security company, to offer a comprehensive Google Apps Security Health Check, which will analyze both Drive content and the risk from 3rd party mobile and web apps.  Normally a service costing $1,000 to $5,000, we are offering the assessment for $300 or less.

Click Here for more information and/or to speak with a Cloud Advisor.

 

Avoiding Real Drive Security Threats


Are Your Users Letting Data Thieves in Through the Front Door?

When most organizations think about protecting files in Google Drive, they focus on Google’s security certifications, whether or not to allow external sharing, and setting up groups to make assigning permissions easier. Too often, they fail to consider the bigger risks to data: users and apps.

Users typically have the ability to share Drive content within your domain and externally. A simple user error (and the occasional intentional act) can expose sensitive data, creating headaches and potential liabilities.

Apps, whether browser extensions or on smart phones, can be installed by your users without your knowledge. These apps often request broad access to data ranging from contact lists to Drive content and can expose data before you know the apps even exist. Human nature tells us that if person wants an app, they “Allow” and “Accept” without necessary reading or understanding the permissions being granted.

Critical to securing data in Drive, organizations should monitor and manage both user permissions based on policies and content and third-party apps with access to data. An understanding of the access granted each App and whether others have deemed the App trustworthy, gives you the power to allow Apps that help your team work efficiently while blocking Apps that pose too much risk.

The First Step to closing user sharing and Apps permission risks is to audit and assess your environment. Audit user assigned permissions and third-party Apps with access and review the results for potential data security issues.

With an understanding of the scope of your risk, you can best decide if you should further investment in your Google Apps ecosystem.

In partnership with CloudLock, we are offering great discounts on our Google Apps Risk Assessment service. Normally a $1,000 per audit service, we will examine collaboration and permission settings as well as the 3rd party Apps that already have access to your domain for $300 or less.

Contact us for more information or to request a formal quote.