There is quite a bit more to Google cloud security than you may realize
Let me start by saying that I love Google G Suite. In fact, I’m no longer able to work for a company that doesn’t use it to do business. This post is by no means meant to scare anyone away from Google. It is, however, meant to inform system admins about the potential gaps in Google cloud security.
Google takes security very seriously. But when we talk with IT leaders and system administrators about their Google cloud security, we’ve found some common misconceptions. Most importantly, Google is not responsible for your organization’s data security—you are. Many people think that they have outsourced cloud security to Google once they’ve made the transition to G Suite. Here is why that is dangerously incorrect.
Cloud Security is Unique
Many IT leaders we talk with think their data stored in the cloud is secure. Unfortunately, in the case of cloud security, what you don’t know can hurt you (and others). There are two critical misconceptions about cloud security:
- Next-Gen Firewalls and/or Secure Gateways are sufficient to protect the cloud environment
- Service providers, such as Google and others, hold the main responsibility for protecting data stored in the cloud
These misconceptions have real consequences, especially as data breach trends continue to advance. The causes are varied, but one of main causes is the massive movement of data to the cloud. Data breaches, account hijacking, and malicious insiders continue to be the top cloud security threats. In all of these cases, native service provider security functionality only goes so far.
Google Cloud Security
Google cloud security is certainly top of the line compared to many other (particularly similarly priced) service providers. Google fosters a strong security culture and infrastructure. Google cloud security covers everything from significant employee background checks to high security data centers, as well as supplying some of the most advanced threat protection technology available.
Some Google cloud security features are available to business, education, and government customers under their basic plan. But more advanced security features, such as data loss prevention and user account control will cost a premium at their Business and Enterprise levels.
To be clear, we are not looking down on Google or their significant investment in your organization’s data security. In fact, our cloud security platform is built on the Google Cloud Platform and we are raving fans of GCP and the many benefits we get from being a Google partner.
When it comes to cloud security (including Google cloud security), the ease of use and control over your entire cloud environment is critical. This control must include non-Google SaaS applications, such as Office 365 and Slack, as well as unsanctioned and potentially risky apps that have made their way into your infrastructure. It’s important for you to understand what you are getting at your Google license level and if it’s sufficient for your organization’s unique needs.
Google Cloud Security for Business
Moving your business to the cloud is a smart move. It enables productivity and collaboration any time, any where. Employees enjoy the ability to keep a flexible work schedule and/or location. They are also able to collaborate on projects without sending a file back and forth, which often results in the loss of another team member’s work. While Google still holds a distant second place to Microsoft in the business productivity space, it’s popularity is growing.
The Google for Business suite is sold in three tiers: Basic, Business, and Enterprise. When it comes to Google cloud security specifically, the differences in these three tiers are stark. Businesses licensed at the Basic and Business levels do not enjoy the benefits of highly customizable data loss prevention policies or automated data breach monitoring and audits. Many customers also find it quite difficult to pinpoint exactly what the cause of a data breach was, what information was impacted (if any), and what they need to do to remediate the issue. When each minute of exposure is critical, the ability to track a breach with ease is priceless.
Google Cloud Security for Education
Data security for minors is a far more regulated area in the U.S. As such, schools, EdTech vendors, and companies that sell to children are held to a much higher data security standard.
Federal regulations such as The Family Educational Rights and Privacy Act (FERPA) and The Children’s Online Privacy Protection Act (COPPA) have been in place for decades. Additional regulations have been enacted over the years at the federal, state, and local levels to further protect the identities and financial futures of children.
While these laws are certainly important and necessary, they have become a bit of a burden for the K-12 education sector. Operating on limited budgets, school districts are benefiting significantly from partnerships with Google. They’re able to fund 1:1 programs with cheap Chromebooks and improve student collaboration and technology literacy with Google for Education. Google cloud security tiers in the Google for Education product are much more robust, given the stringent data security regulations that school districts face.
Schools using Google for Education have access to more advanced data loss prevention controls, such as the ability to customize rules and policies, domain whitelisting and compliance reporting, than businesses at the Basic and Business levels do.
Some of the biggest Google cloud security gaps that schools will experience between the free Basic version and the Enterprise version of Google for Education are customizable content filters, image scanning, and controlling 3rd party (non-Google) applications. Many customers find even the Enterprise level of Google for Education to be confusing and difficult to find the information they need to pinpoint security incidents and close gaps.
Is Google Cloud Security Enough?
The answer to this question is truly “it depends.” Even Google recognizes that some organizations require more than their current cloud security solutions offer. That is why they developed their partner marketplace to partner with vendors like ManagedMethods. We work in tandem with G Suite, as well as other cloud applications, to make sure that your organization’s data is secure in the cloud.
The best way to make a decision about additional Google cloud security is to audit your current infrastructure and settings, ask your peers about their experiences, and perhaps try out our 30-day free trial to see what you’ve been missing.