There is quite a bit more to Google cloud security than you may realize
Let me start by saying that I love Google G Suite. In fact, I’m pretty sure I’m no longer able to work for a company that doesn’t use it to do business. This post is by no means meant to scare anyone away from Google. It is, however, meant to inform system admins about the potential gaps in Google cloud security that they may be missing.
Google takes security very, VERY seriously. But when we talk with IT leaders and some system administrators about their Google cloud security, we’ve found that there are some common misconceptions. Most importantly, Google is not responsible for your organization’s data security—you are. Many people think that they have outsourced cloud security to Google once they’ve made the transition to G Suite. Here is why that is dangerously incorrect.
Cloud Security is Unique
Many IT leaders we talk with today think their data stored in the cloud is secure. Unfortunately, in the case of cloud security, what you don’t know can hurt you (and many others). There are two critical misconceptions about cloud security:
- Next-Gen Firewalls and/or Secure Gateways are sufficient to protect the cloud environment
- Service providers, such as Google and others, hold the main responsibility for protecting data stored in the cloud
These misconceptions have real consequences. Data breach trends continue to tick upward. The causes are varied, but the massive movement of data to the cloud certainly looms large among them. The top cloud security threats continue to be data breaches, account hijacking, and malicious insiders. In all of these cases, native service provider security functionality only goes so far.
Google Cloud Security
Google cloud security is certainly top of the line compared to many other (particularly similarly priced) service providers. Google fosters a strong security culture and infrastructure. Google cloud security covers everything from significant employee background checks, to extremely high security data centers, to supplying some of the most advanced threat protection technology available.
Some Google cloud security features are available to business, education, and government customers under their basic plan. But more advanced security features, such as data loss prevention and user account control will cost a premium at their Business and Enterprise levels.
To be clear, we’re not down on Google or their significant investment in your organization’s data security. In fact, our cloud security platform is built on the Google Cloud Platform and we are raving fans of GCP and the many benefits we get from being a Google partner.
When it comes to cloud security, including Google cloud security, the ease of use and control over your entire cloud environment is critical. This control must include non-Google SaaS applications, such as Office 365 and Slack, as well as unsanctioned and potentially risky apps that have made their way into your infrastructure. It’s important for you to understand what you are getting at your Google license level and if it’s sufficient for your organization’s unique needs.
Google Cloud Security for Business
Moving your business to the cloud is a smart move. It enables productivity and collaboration any time, any where. Employees enjoy the ability to keep a flexible work schedule and/or location. They are also able to collaborate on projects without the need to email a file back and forth, often losing work that another member of the project team has done. While Google still holds a distant second place to Microsoft in the business productivity space, it’s popularity is growing.
The Google for Business suite is sold in three tiers: Basic, Business, and Enterprise. When it comes to Google cloud security specifically, the differences in these three tiers are stark. Businesses licensed at the Basic and Business levels do not enjoy the benefits of highly customizable data loss prevention policies or automated data breach monitoring and audits. Many customers also find it quite difficult to pinpoint exactly what the cause of a data breach was, what information was impacted (if any), and what they need to do to remediate the issue. When each minute of exposure is critical, the ability to easily track these things down is priceless.
Google Cloud Security for Education
Data security for minors is a far more regulated area in the U.S. As such, schools, EdTech vendors, and companies that sell to children are held to a much higher data security standard.
Federal regulations such as The Family Educational Rights and Privacy Act (FERPA) and The Children’s Online Privacy Protection Act (COPPA) have been in place for decades. Additional regulations have been enacted over the years at the federal, state, and local levels to further protect the identities and financial futures of children.
While these laws are certainly important and necessary, they have become a bit of a burden for the K-12 education sector. Operating on limited budgets, school districts are benefiting significantly from partnering with Google. They’re able to fund 1:1 programs with cheap Chromebooks and improve student collaboration and technology literacy with Google for Education. Google cloud security tiers in the Google for Education product are much more robust, given the stringent data security regulations that school districts face.
Schools using Google for Education have access to more advanced data loss prevention controls, such as customizing rules and policies, domain whitelisting, and compliance reporting, than businesses at the Basic and Business levels do.
Some of the biggest Google cloud security gaps that they will experience between the free Basic version and the Enterprise version of Google for Education are customizable content filters, image scanning, and controlling 3rd party (non-Google) applications. Many customers find even the Enterprise level of Google for Education to be confusing and difficult to find the information they need to pinpoint security incidents and close gaps.
Is Google Cloud Security Enough?
The answer to this question is truly “it depends.” Even Google recognizes that some organizations require more than their current cloud security solutions offer. That is why they developed their partner marketplace and partner with vendors like ManagedMethods. We work in tandem with G Suite, as well as other cloud applications, to make sure that your organization’s data is secure in the cloud.
The best way to make the determination if you need additional Google cloud security is to audit your current infrastructure and settings, ask your peers about their experiences, and perhaps try out our 30-day free trial to see what you’ve been missing.