Securing your IT systems has never been easy, but it used to be more straightforward. You drew a perimeter around your office locations and your employees, and focused on stopping threats at the boundary. But now, with mobile and remote working, cloud computing, and apps used by customers and partners, the perimeter has disappeared.
In place of traditional approaches designed for on-prem environments with a defined perimeter — relying on cumbersome VPNs, a limited choice of devices and inconvenient authentication — you need to adopt a zero-trust security model.
What is a zero-trust approach to security?
A zero-trust security model grants access to IT resources — applications, data and the network — based on the user’s identity and contextual clues. This can include whether the user is a member of a specific group, where they’re connecting from, whether they’re using encryption or two-factor authentication, and the status of their device. It shifts control from the network layer to the application layer, with every separate request encrypted, authenticated and authorised — every time and not just when the user first connects
In other words, a zero-trust approach allows users to work securely from any location and device, using insecure public networks, and with no need to install anything locally. This is the basis for Google’s BeyondCorp security model, which ensures tools like Google Workspace automatically create a secure hybrid office environment, whether your people are working in the office, from home, at customer sites or on the road.
But BeyondCorp is just one of the security measures available in Google Workspace. Here are 7 other ways that Google Workspace makes it a little easier for your admins to protect your organisation’s systems and data.
1. Surface the most worrisome concerns in the Security Centre
Part of the Admin Console in the Enterprise version of Workspace, the Security Centre flags up threats to your security, such as phishing emails, unexpected bursts of activity at normally quiet times, or users circumventing security policies. It gives you the tools to quickly dig deeper into an issue and understand the context, and will recommend the best course of action.
All that cuts the time take to respond to incidents from days to minutes. It also helps your Workspace admins work more closely with your security specialists, allowing them to parcel up all the relevant details and pass them across.
2. Increase email security with the security sandbox
The security sandbox takes email protection to the next level, helping to secure you against malicious embedded scripts and zero day threats. It detects the presence of malware in attachments by virtually “executing” them in a private, secure sandbox environment, understanding their effect on the operating system and quarantining them if there’s an issue.
That means threats never reach the user’s inbox — and you don’t confuse users with warning messages from a third-party tools. Of course, you also avoid the cost and effort of buying, implementing and managing separate anti-malware tools.
3. Stop data exfiltration with Data Loss Prevention (DLP)
Fully integrated with Google Workspace, Google’s DLP solution stops users sharing sensitive data such as customer details or confidential project documents with the wrong people. That isn’t always because users are deliberately trying to share data when they’re not supposed to. After all, how often have any of us accidentally chosen the wrong email address from an auto-complete list?
With Google’s DLP, you can set up policies to either block the action entirely, warn the user or isolate the incident. You can choose from a library of pre-defined content detectors, such as formats that indicate a credit card number is being shared or that an email is being sent to someone outside your domain. You can also create custom rules. For example, you can detect when someone mentions the name of a confidential project when typing an email.
4. Use 2-step verification
2-step verification requires users to provide something in addition to their password when they’re logging in. That can be a physical key that they have to insert into their device, a code generated by an authentication app like Google Authenticator, or a code sent to the user’s phone. It’s an extra barrier between your business and cybercriminals: even if they do learn a user’s password, they can’t log on.
It also means users don’t have to go through the hassle of regularly changing their password. You can partner Google Workspace with a wide range of different authentication methods and it’s easy to turn on 2-step verification — for all your users or just particular groups — through the Admin Console.
5. Add extra security for Windows devices
You can now apply many of the security features in Google Workspace to Windows 10 devices. This includes checking devices have the latest OS updates, are secure and are complying with other policies before you allow them to connect to Workspace apps.
You can also use Google technologies to detect suspicious logins and prevent devices being hijacked. Users can even log on to Windows using their Google identity, allowing you to move away from the complexities of running on-prem Active Directory.
6. Quickly deploy new secure devices with zero-touch enrolment
Even without the added difficulties of being in lockdown during the pandemic, IT departments have long already struggled with the challenges of provisioning new or replacement devices to remote workers.
With zero-touch enrolment, you can arrange for a device to be shipped directly to the user, link it to your Google domain and have the device set itself up correctly — and be ready to manage through the Admin Console — without the need for your IT team to get involved. Everyone wins: it’s more convenient for users, saves time for the IT team, and ensures all the right security and management policies are applied and implemented.
7. Simplify your application estate
The more complicated the IT infrastructure, the greater the chance something, somewhere can be compromised. The broad range of apps and features included in Google Workspace means you don’t need to install, run, manage and secure many third-party applications — from antivirus and malware solutions to videoconferencing and standalone cloud storage.
Of course, as well as reducing the security risk of running these apps, you’ll also save on licence costs and cut your management overhead.
Working with a Google Workspace Premier Partner
Ancoris is only one of a handful of European Google Cloud partners with the Work Transformation Enterprise specialisation. Our deployment experts will help you make a smooth transition―for the technology and for the people using it.
A business is only as good as its people – so why not make them extraordinary? Empowering them to work better together not only unleashes their talent and creativity but makes them your competitive advantage. The modern, easy to use applications in Google Workspace make real-time collaboration a breeze. Combine Google Workspace with Chrome Enterprise and you've got the most secure and mobile workplace.
To complement our technical service delivery consultants, we have a dedicated in-house change management and user enablement team to guide you through the process.
If you’d like to find out more about how we can help you to create your own digital workplace, why not take a look at some of our customer success stories or browse our resources. Needless to say, please get in touch with our team if you'd like more practical support and guidance.
