As TJ Keitt of Forrester Research noted recently, “Organizations look at Google Apps and bet on the idea of something transformational for their business. It forces them to change the way they operate: Their workflows change, their custom apps need to be redeveloped, their integrations change.”
For the CIO or CISO responsible for managing the infrastructure of a team that has “gone Google”, however, it’s vital to understand the security implications that come with those changes. The first principle for an effective Google Apps security policy is to establish realtime monitoring, access, and control over user accounts.
Security for Google Apps: Are We Really Living In A Post-Perimeter Era?
One of the core principles for an effective security program is boundary control. It’s a misconception that cloud adoption makes it impossible to define a perimeter around your systems. The reality is simply that the perimeter has changed, not that it has been removed. For Google Apps users, there are still authentication points that can be monitored and managed.
The idea that there are bad guys “out there” who want to gain access to your corporate information is still a useful way to think about segmenting data access and protecting sensitive and regulated data. The idea has its roots in 1990s networking concepts; with an effective firewall and robust endpoint security, it was possible to block nefarious outsiders from ever getting in the door (or so the theory went).
As the SANS Critical Controls framework points out, however, “boundary lines between internal and external networks are diminishing as a result of increased interconnectivity within and between organizations as well as the rapid rise in deployment of wireless technologies.” One of the transformational improvements for Google Apps customers is that their users gain access to critical resources – from important company documents in Drive to always-on communication to and from customers – from a myriad of devices.
Users with access to sensitive data are a target, and the increased mobility and access provided by Google Apps’ suite of collaboration and communication technologies needs to be met with increased visibility and control.
Google Apps Security: All About That (User)Base
If a user’s phone, laptop, or tablet were stolen, how quickly could you identify suspicious authentication activity?
While a user may no longer be sitting in the office when they log in, it’s possible (read: vital) to be able to see, in realtime, where and when they do so. In today’s world, a laptop left in a taxi or a mobile phone lost at the airport may well be able to continue to connect to your Google Drive, mail, or even internal network resources via OpenID and OAuth protocols.
Moreover, with today’s always-on access to email, the chances that an executive might accidentally click a malicious link or open an infected file on one of those devices goes up, introducing the possibility of their credentials being silently lost and subsequently used to access critical data — credit card records, customer information, patient healthcare information, and intellectual property are common targets – without IT ever knowing it happened.
This is fundamentally a visibility concern. User access should be monitored based on a number of factors, including the location from which the account is being used, the time when the user is attempting to log in, patterns of successes and failures around login activity, and perhaps most importantly, the overall risk profile of that user.
Often categorized as insider threat, the misuse of credentials to access sensitive resources is a major concern. According to a 2015 Vormetric study, 92 percent of IT leaders believe that their organizations were “somewhat vulnerable” to insider threats, and nearly half – 49 percent – ranked their risk as “very or extremely vulnerable” to insider threats.
Google Apps Security Best Practice 1: Realtime Authentication Monitoring
Thankfully, improving visibility into account activity and reducing that risk is possible, even with a highly mobile workforce. Even more importantly, this kind of visibility can dovetail with an automated response model, automatically taking action when suspicious activity occurs, such as temporarily suspending Google Apps accounts to prevent possible data leaks or rotating passwords when unusual authentication activity occurs.
One example of this is GreatHorn’s “user-based risk” model, where an administrator can instantly see all of these factors, without relying on a complex forensic process or exhaustive SIEM implementation and search.
Generally speaking, IT and infosec practitioners are incredibly busy; the GreatHorn approach is designed with that in mind:
- Native Google Apps integration means that deployment takes only minutes, as GreatHorn is “installed” directly from the Google Apps Marketplace
- The authentication map and user-risk panels immediately highlight where attention is required, focusing valuable time on what matters, rather than generating overwhelming numbers of alerts
- Actions such as account suspension and password rotation are available both directly within the dashboard as well as via automated policy, ensuring that risk is mitigated before a data breach occurs.
Just how easily can attackers bypass your security systems and trick your users into giving up their credentials? Stop wondering and find out — GreatHorn’s security team can show you exactly how at risk you are, for free, without any changes to your email routing or invasive gateway solutions required.