What You Need to Know about Google Security for Your Organization

December 21, 2015 Appirio

By Mary Wholey and David Williams


Moving information to the cloud requires a different approach than on-premise security. Improving Worker Experience through anytime, anywhere access and enabling a mobile workforce also provides a unique opportunity to manage data security in the cloud. Google provides security through conformance to industry security standards and built-in technologies. You can also control data security for your users through Google for Work.

Google participates in international and US security certification programs that ensure compliance with industry security standards, including ISO27001 and SOC3 audits. They’ve even published additional information about industry and regional specific compliance. Google takes your data security seriously by ensuring security in transmission and storage, and in disaster recovery through physical security and redundancy.

When you’re ready to deploy Google for Work for your company, the following are things you can do to proactively help secure your Google Apps domain.

Educate users on the purpose of Google for Work and its specifics

  • When you’re enabling 2-factor authentication or single sign-on (SSO), teach your users where and how to log into Google for Work.
  • Being able to access Google for Work from any computer helps your users stay connected from wherever they are. Teach them when and where to log out of their Google for Work accounts so they can ensure security.
  • Mobile access to Google for Work directly contributes to an improved Worker Experience. Give your users clear guidelines about how you want them to use Google for Work on their personal or company-provided devices.

Increased security with password tools

  • Use 2-step verification.
  • Educate users on phishing.
  • Google as an Identity Provider for SSO.
  • Leverage Google Password alert to see when a user has typed their Google password into a non-Google website.

How to control administrative access to your domain

  • Limit super admin access and leverage delegated admin roles.
  • Keep admin accounts separate from user accounts.
  • Enable admin alerts.

Make the most of mobile

  • Use Mobile Management technology.
    • Google Native — Android for Work and iOS device policies
      • As part of Google for Work, you have access to Google’s mobile device management technology that can help you manage device policies for Android for Work and iOS.
    • Third-party solutions (e.g. MobileIron, Airwatch)
      • You may also use third-party mobile device management solutions such as MobileIron and Airwatch, for example.
  • Enforce device security options.
  • Make use of remote locate.
  • Understand device wipe (avoid needing to do so, but know how to use it if need be).

Browser management

  • Chrome browser policies are administrator settings that control users’ experiences of Chrome and can be used to selectively block third-party Chrome extensions or apps.

Third-party tools

  • Cloudlock is a tool that provides additional security for your Google Apps environment.
    • Monitor and enforce policies around third-party application access.
    • Monitor and enforce policies around Google Drive sharing based on content and recipient.

Email security protocols

  • Leverage email security protocols to make sure your users and business partners know that mail from your domain was actually sent by you.
    • DKIM — To validate domain identity for email in transit.
    • SPF — To help combat sender address forgery.
    • DMARC — A reporting function leveraging DKIM and SPF.

Disable insecure applications

  • Disable POP and IMAP.
  • Consider blocking less secure apps that rely on password-only authentication in the admin panel.
  • Disable OAuth1 domain key in favor of OAuth2 authorizations for your applications.

Finally, in addition to adherence to industry security standards, technical infrastructure, and cooperation with third-party vendors, Google has many full-time security professionals. Your information and access security is protected by the best minds in the industry.

Learn more about data security and moving to Google for Work from our ebook, Appirio’s Guide to Going Google. And for information specific to your industry or regulatory requirements, read more in Google’s whitepaper, Google for Work Security and Compliance.


Previous Article
Google Drive Tips and Tricks
Google Drive Tips and Tricks

Whether you use Google Apps for work or personal use (or both), you likely know how much more efficient and...

Next Article
Appirio’s iOS Developer Community: Strength in Numbers
Appirio’s iOS Developer Community: Strength in Numbers

Appirio has always been about finding better, more efficient ways to get results for our enterprise custome...