Google’s G Suite. What you need to know. [Part 2 of 3]

When you’re thinking about converting your legacy systems to G Suite or Office 365, one of the most important bullet points on your list will be security and privacy. In this article we take an in depth look at the security features and privacy features of G Suite for business use. This is Part 2 in a 3 part series – you can head to Part 1, Office 365 vs G Suite Security & Privacy: An Introduction, or Part 3, Office 365 Security Features, from here.

G Suite User management

User management is done through Google Domains and the G Suite Admin Console. You can choose to use it in tandem with another user management service such as Active Directory if you wish.

Functional domain access management fir G Suite

G Suite can be configured to use Team Drives. These are exactly what they sound like: a way in which to split various functions within your business into separate domains with access control configurable for each Team. Team Drives can be organised in a tree-like structure – Admins at the top, Management on another tier, followed by functional groups, etc. Currently Team Drives lacks the ability to change file permissions on a nested Team if they’re already specified one way higher up the tree – this can be very frustrating from a business administration perspective.

Security management tools for admin

One of G Suite’s new(er) tools for security management is their G Suite Security Center, available with all Enterprise editions of G Suite. The security center, as part of the Admin Console, gives you an overview of various areas of note to do with security: dashboard; for overview of external file sharing, encryption, spam & malware, and authentication, security health; for items such as 2 factor authentication, out-of-domain sharing warnings, and mobile management.

Device management

G Suite offers in-built Android and iOS mobile device management through on-device, administrator setup options like screen locks, account wipes, and password rules. The overview of mobile devices is then viewed through the Admin console. You can even deploy internal company Android apps via the Play store’s Private Channel. Devices may be an employees own – thanks to administrator controls to remove accounts if need be – or company issued.

For laptop and desktop machines, device management may be a trickier. It’s recommended that you implement FIDO keys for use on off-site laptops and desktops.

Encryption

Data that is created with G Suite or stored on Google Drive is always encrypted at rest. What does this mean? It means that while stored on Google’s servers the data will be encrypted. The service offers different encryption levels, too. At the base level, Google takes care of key management in the cloud for encryption for you. A level up, you manage the keys in the cloud yourself. A level higher still, you create keys yourself and store them on-premise.

Google does not offer end-to-end encryption. If there are some files you’d like to store on Google Drive that need to be encrypted at all times you will either need to do this yourself or use a third party app. Note that you can only do this with files created outside of the G Suite productivity suite.

G Suite security features for email

G Suite offers their own spam filtering algorithms to help avoid spam email getting through to Inboxes, including the option to “be more aggressive when filtering spam”. This is alongside the ability to create spam filters yourself, such as only accepting mail from trusted domains, and sending filtered emails through to Quarantine.

Quarantined emails are not necessarily spam – but can be emails you’ve configured rules on to separate from employees and put in Admin Quarantine. These can then be scanned manually and either sent onwards or some other action. You can grant access to Quarantine to specific users if desired, too.

Compliance

Google’s cloud services, including G Suite, comply with the Australian Privacy Principles, SOC 3, ISO 27001, and the Australian Prudential Regulation Authority (APRA) Standards, among others. It you have specific compliance requirements for your industry, ensure you browse the compliance site and check the Google products that each applies to.

Documentation and support for security

Google’s security documentation for G Suite isn’t all wrapped up neatly in the one spot. You can find useful resources like ‘Use settings to improve security’ for apps and the G Suite Administrator Help Center in disparate places. They do, however, offer 24/7 phone, email, and chat support if you need to chat to a real person about security.

Best plans for tight security

If you’d like to have access to the Security Center for G Suite, then you will need to select their Enterprise Plan. At $34 per user, per month, it is a fair bit pricier than their Basic ($5/user/month) and Business Plans ($10/user/month), however it does offer a lot more features that aren’t included in the other plans, such as data loss prevention for Drive & Gmail, security key enforcement, and Gmail log analysis in BigQuery. If you are a medium to large enterprise, the Enterprise Plan is essential – small businesses may be able to get away with using the Business Plan and monitoring and configuring security by other means.

Read on to learn about Office 365 security to compare.

Interested in implementing G Suite within your business? We can help assess your needs, suggest configuration/s, deploy, and manage solutions. Get in touch with us for more information about using G Suite in your organisation.

Julia Sinclair-Jones

Tech writer and ex-software developer with a penchant for travel, techno, and data. Spreading the word of secure, manageable, optimised IT solutions for everyone.