Google Cloud Monitoring is a Requirement for Organizations Using G Suite
Organizations are moving to cloud computing at a crazy pace. More than half of K-12 students use Google for Education through school. And businesses are finding G Suite to be beneficial from cost and productivity standpoints. There is nothing wrong with the move to the cloud in itself. I’m a huge fan of G Suite and can’t remember what life was like without it! The concerning part is that very few of these organizations are properly using Google cloud monitoring to secure their G Suite applications.
Do You Need Google Cloud App Monitoring?
The short answer is yes. If your business or school is using Google G Suite applications (which include Gmail, Docs, Sheets, Slides, Google Drive, and Shared Drives) you need Google cloud security monitoring. Why?
Because cloud computing is an inherently porous technology. The benefit of freedom of access that we all enjoy also opens potential unwanted access. Criminals have caught on to this trend and are using it to their own advantage. IT leaders need to catch up, because this is a preventable issue.
Google cloud monitoring is not difficult, nor does it have to be particularly time consuming. Many people view cloud monitoring as an insurmountable task, when in reality cloud application security can make monitoring an ease. You could be monitoring your Google cloud applications in a matter of minutes.
Let’s break Google cloud monitoring up into sections and take a look at why monitoring these Google apps is important to include in your cyber defense strategy.
1. Monitoring G Suite for Data Loss Prevention
Data loss prevention basically means ensuring that the sensitive data in your Google cloud apps is protected from accidental or malicious loss. Data loss from cloud apps can happen in a number of ways. The most common is for an employee to accidentally share sensitive, private data publicly. With cloud access security controls becoming a bit more complicated as more organizations move to the cloud, this type of incident is happening more frequently.
Data loss can also be malicious. In this case, it can be an employee acting maliciously or an external threat. Criminals can gain access to data in your G Suite environment through a number of channels, including:
- Gmail phishing
- Google files infected with malware
- Malicious SaaS applications
- User account takeover
When you properly secure cloud access and have a monitoring solution in place, these types of google cloud security breaches are prevented or, at worst, caught before they can cause harm. Setting up a Google cloud monitor allows you to see what kind of activity is going on within the cloud application. The system will alert you about suspicious login attempts, flag phishing attempts, and quarantine sensitive files from improper downloading and/or sharing.
You’ll want to find a G Suite monitoring tool that allows you to customize automated data loss prevention policies for your organization, and uses AI and machine learning technology to alert you to possible risks.
2. Monitoring G Suite for Account Takeovers
An account takeover (also referred to as hijacking) happens when a person fraudulently gains access to a user account. You can imagine that an account takeover can be particularly damaging to your Google cloud environment. Not only does a criminal have all the access to your organization’s information that the user account has, but it’s also difficult to detect the issue since they are mimicking a real user.
Google conducted perhaps the most comprehensive account takeover research in 2017 to learn more about how they happen. Their research found that
- 788,000 were the result of keyloggers
- 12.4 million were the likely result of some type of phishing scheme
- 1.9 billion usernames and passwords were exposed due to a data breach and sold on the black market
When you have a Google cloud monitoring solution in place, the system will continuously scan for a variety of potentially fraudulent attributes. A Google cloud access security CASB will, for example, notice that account logins are coming from a different country than normal. Or it will see that the user is behaving in an unusual manner, like downloading a massive number of file or uploading a malware-infected file. The platform will cut off access to that user account, quarantine any cloud malware threats, and alert the system admin to the incident.
Without an automated Google cloud monitoring tool, fraudulent and harmful activity can go on for months—or more. Anyone can fall victim to a Google account takeover. But they can be particularly harmful for K-12 school districts that are subject to stringent FERPA and COPPA regulations.
3. Monitoring G Suite for Cloud Malware Threats
Email is still the most common threat vector for malware threats and phishing schemes. For good reason, organizations and service providers alike have poured billions into email security investments over the years. And yet, criminals are still finding their way in. A lot of the problem continues to fall to human error. And this is one of the reasons monitoring G Suite for malware threats is so important.
There are many ways that criminals can infect your cloud environment with malware. The three that a Google cloud monitoring tool will be the most effective in helping you are Gmail, Google files and drives, and risky SaaS application scanning.
Gmail Threat Monitoring
Google has a very robust native spam and phishing filter, but many organizations choose to layer a 3rd party threat protection service on top of it. Most cloud application security and CASB vendors will either provide their own threat protection, partner with an industry leader, or employ some combination of the two.
You will want to find a Gmail cloud solution that offers phishing and malware protection by not just the sender information but also scanning the subject line, email body, attachments, and images. Your Gmail application security solution should also allow you to use customizable policy rules so the system can automatically take corrective action. This allows you to secure your organization’s G Suite, even while you’re away or working on other priorities.
Google Files and Drives
Criminals have figured out that malicious links in emails are fairly easily picked up by spam filters in Gmail. And they’ve found a clever way around it. One of Gmail’s fatal flaws is that, typically, it will see it’s own links as safe. So, a criminal can paste a phishing link into a Google Doc, and then share or email it to unsuspecting users.
With a Google cloud monitor installed, malware threats like this are detected and quarantined from your cloud environment. The system can also detect if malicious files are being imported into your Google Drive and/or Shared Drives by a known or unknown user. System admins set up their own level of risk tolerance and can set up the system to delete or quarantine these types of files. They can also choose to set up an alert and notification practice, so others know that something suspicious is going on and that they should not interact with the file.
Malicious or Risky SaaS Applications
Have you ever logged in to an application using the “sign in with Google” function? How many times have you paid close attention to the permissions that you’re allowing that application to have? Criminals are also finding ways to your G Suite data using Oauth in SaaS applications. Generally, these permissions could include view, read, and write permissions to any number of Google applications once you’ve authorized the login.
There are two types of SaaS applications that you’ll want to be able to identify in your Google environment: malicious apps and risky apps.
Risky apps aren’t necessarily out to do harm. They may be fun games or free productivity applications. The issues arises if the app developer has not secured their application from breaches and loopholes that hackers can exploit to gain access to user accounts and information.
Malicious apps are created for the sole purpose of exploiting Oauth permissions to steal data and create harm for users. The app may look innocent enough. Sometimes it’s a game or a free productivity app. Sometimes it looks deceptively similar to a popular, legitimate app. Authorized app stores are getting better at identifying and removing these, but they’re still out there. And they can also be found and downloaded on other sites.
A Google cloud monitoring solution will scan your Google environment and find all the apps that have been authorized using your organization’s Google credentials through Oauth. You should focus on finding a solution that gives you easy visibility into sanctioned apps and unsanctioned apps in your environment. It should be able to show you which apps have different access levels and how risky those apps are determined to be based on a number of factors. A good cloud application security platform will also give you the control to sanction, unsanction, or remove applications from your Google environment and send a warning to the users about using it.
4. Automating Google Cloud Monitoring
After reading all of this you may be thinking: “Sure, this all sounds great. But who has the time!?”
Google cloud monitoring should be happening automatically, 24/7. And that is why a good cloud application security solution is needed for it. There’s no way that any one (or even a few) people could possibly manage this on their own.
You can use a platform to automate Google cloud monitoring to take corrective actions on all of these security risks without you needing to get involved. The platform you choose should also auto-generate periodic system audit reports for visibility and compliance purposes. Google cloud monitoring does not need to be complicated or time-intensive, but it does need to happen.