Tag Archives: Other

8 swift steps G Suite admins can take to secure business data

(Cross-posted from The Keyword)

Security doesn’t have to be complicated. With G Suite, admins can manage and help protect their users with minimal effort because we've designed our tools to be intuitive—like Vault, which helps with eDiscovery and audit needs, and data loss prevention, which helps ensure that your “‘aha”’ moments stay yours. Here are some key security controls that you can deploy with just a few clicks to get more fine-grained control of your organization's security.

1. Enable Hangouts out-of-domain warnings
If your business allows employees to chat with external users on Hangouts, turn on a setting that will show warnings to your users if anyone outside of your domain tries to join a Hangout, and split existing group chats so external users can’t see previous internal conversations. This substantially reduces the risk of data leaks or falling prey to social engineering attacks. (Admin console > Apps > G Suite > Google Hangouts > Chat settings > Sharing options)


2. Disable email forwarding
Exercising this option will disable the automatic email forwarding feature for users, which in turn helps reduce the risk of data exfiltration in the event a user’s credentials are compromised. (Admin console > Apps > G Suite > Gmail > Advanced settings)



3. Enable early phishing detection
Enabling this option adds further checks on potentially suspicious emails prior to delivery. Early phishing detection utilizes a dedicated machine learning model that selectively delays messages to perform rigorous phishing analysis. Less than 0.05 percent of messages on average get delayed by a few minutes, so your users will still get their information fast. (Admin console > Apps > G Suite > Gmail > Advanced settings)


4. Examine OAuth-based access to third-party apps
OAuth apps whitelisting helps keep company data safe by letting you specifically select which third-party apps are allowed to access users’ G Suite data. Once an app is part of a whitelist, users can choose to grant authorized access to their G Suite apps data. This helps to prevent malicious apps from tricking people into accidentally granting access to corporate data. (Admin console > Security > G Suite API Permissions)


5. Check that unintended external reply warning for Gmail is turned on
Gmail can display unintended external reply warnings to users to help prevent data loss. You can enable this option to ensure that if your users try to respond to someone outside of your company domain, they’ll receive a quick warning to make sure they intended to send that email. Because Gmail has contextual intelligence, it knows if the recipient is an existing contact or someone your users interact with regularly, so it only displays relevant warnings. This option is on by default. (Admin console > Apps > G Suite > Gmail > Advanced settings)


6. Restrict external calendar
To reduce the incidence of data leaks, make sure that Google Calendar details aren’t shared outside your domain. Limiting sharing to “free” or “busy” information protects you from social engineering attacks that depend on gleaning information from meeting titles and attendees. (Admin console > Apps > G Suite > Calendar > Sharing settings)


7. Limit access to Google Groups
By setting default Google group access to private, you can limit external access to information channels that may contain confidential business information, like upcoming projects. (Admin console > Apps > G Suite > Groups for Business > Sharing settings)


8. Set Google+ access restrictions
Make the default sharing setting for Google+ restricted and disable discoverability of Google+ profiles outside your domain. Both of these actions can help you control access to critical business information. (Admin console > Apps > G Suite > Google+ > Advanced settings)





Every company has their own unique set of business requirements that need to work in rhythm with their security requirements. By evaluating and implementing some of these suggested security controls, you can make a marked difference in your company’s security posture—with just a few clicks. See this post for other security tips.


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Turning down the in-app passcode feature in Google Drive, Docs, Sheets, and Slides on iOS

In the past, we’ve heard feedback that customers want more security for the files on their iOS devices, which led us to enable an in-app passcode feature specifically for the Google Drive, Docs, Sheets, and Slides iOS apps. Over time, however, we’ve come to learn that it’s not just the content within Google Drive that’s valuable to you. Your contacts, calendars, and emails—it's important that all of this is secure as well.

As a result, we began putting particular emphasis on supporting mobile device management (MDM) on iOS. For example, recent launches give G Suite admins greater visibility and control over enterprise-deployed iOS devices. In fact, with MDM, admins can enforce a passcode on all iOS devices that access corporate data, and they can wipe account data on a device if it’s compromised.

Owing to this increased investment in security on iOS devices, we’re ending support for the in-app passcode feature in Google Drive, Docs, Sheets and Slides on iOS devices signed in with G Suite accounts. Support will end on December 4th, 2017, and we’ll remove the feature entirely no earlier than January 8th, 2018.

We highly recommend that administrators use MDM to deploy passcode requirements at the system level on all of their iOS devices by following these instructions. This will provide better security than the in-app passcode feature in two key ways:
  • These passcode policies protect all of the content on your managed devices, including photos, contacts, and other content besides Google Drive, Docs, Sheets, and Slides content.
  • These passcode policies give you more control over passcode type, strength, expiration, and failure cases. See this Help Center article for more details.

Beginning on December 4th, 2017, any user signed in with a G Suite account who has this feature will see a message asking them to either acknowledge and turn off the functionality, or to ignore the message temporarily. Beginning on January 8th, 2018, all new versions of the Google Drive, Docs, Sheets, and Slides iOS apps will no longer contain in-app passcode functionality.


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Easy data visualization and analysis with Google Data Studio

Posted by Dave Oleson, Product Manager, Data Studio 

Last year, we unveiled a new data visualization and reporting platform for businesses—Data Studio.

Data Studio lets you connect to all your data and turn it into beautiful, informative reports that are fully customizable, easy to understand and easy to share.

Making it easy to share data within your organization — or with the world
One of the fundamental ideas behind Data Studio is that data should be easily accessible to anyone in an organization. We believe that as more people have access to data, better decisions will be made. With multiple data connectors in Data Studio―including CloudSQL, BigQuery, Google Sheets, and many other Google services―you can easily create dashboards from many different types of data and share them with everyone in your organization. And you can mix and match data sources within a single report.

Data Studio also offers integration with a wide variety of non-Google data sources, including a connector to SQL databases that will let you access first-party data.

Data Studio is more than just sharing reports with other people—it’s true collaboration. We used the same infrastructure as Google Docs, so you can edit reports together, in real time. This is useful as you combine data from multiple teams and need others to add analysis and context to the report.

Visualization tools to style your reports and data
In addition to new sharing and collaboration tools, Data Studio gives you many flexible ways to present your data. Sure, there’s the usual assortment of bar charts, pie charts, and time series. But we’ve also included some new visualizations—like bullet charts—that help you communicate your progress towards a business goal.
Another advanced feature is the ability to create a heatmap using tabular data. This visualization makes it easy to instantly identify outliers within a table of data.

Data Studio also has an array of other features to help you customize how you present your data. There are a number of stylistic tools that let you design your reports to represent your specific brand. There are also interactive data controls, like a date picker and dynamic filters, that enable report editors to make reports interactive for viewers.

Getting started
These are just a few of the tools that you can use to help others in your organization understand data. For more information, check out our Help Center and Community Forum.

Though not an official G Suite service, Data Studio is currently available globally for free. We hope it helps you share more data and make better business decisions.

Additional Information



Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Reminder: Google Data Calendar Resource API shutting down on November 15th, 2017

In December 2015, we announced that we were replacing the Google Data (GDATA) Calendar Resource API with a new Calendar Resource API that’s part of the Admin SDK’s Directory API. Originally scheduled for January 2017, the formal shutdown of the GDATA Calendar Resource API will now take place on November 15th, 2017.

If you’re using an application that uses the old GDATA Calendar Resource API, or if you’ve used this API directly in your code, please consider switching to the latest version of the apps (after consulting the app developer) or update your code to use the new Calendar Resource API.


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

7 ways admins can help secure accounts against phishing in G Suite

(Cross-posted from The Keyword)

Posted by Nicolas Kardas, Product Manager Gmail Security, and Sam Lugani, Security Product Marketing G Suite

We work hard to help protect your company against phishing attacks—from using machine learning, to tailoring our detection algorithms, to building features to spot previously unseen attacks. While we block as many external attacks as we can, we continue to build and offer features designed to empower IT administrators to develop strong internal defenses against phishing.

Here are seven things we recommend admins do in G Suite to better protect employee data.

1. Enforce 2-step verification
Two-step verification (2SV) is one of the best ways to prevent someone from accessing your account, even if they steal your password. In G Suite, admins have the ability to enforce 2-step verification. 2SV can reduce the risk of successful phishing attacks by asking employees for additional proof of identity when they sign in. This can be in the form of phone prompts, voice calls, mobile app notifications and more.

G Suite also supports user-managed security keys—easy to use hardware authenticators. Admins can choose to enforce the use of security keys to help reduce the risk of stolen credentials being used to compromise an account. The key sends an encrypted signature and works only with authorized sites. Security keys can be deployed, monitored and managed directly from within the Admin console.



2. Deploy Password Alert extension for Chrome
The Password Alert chrome extension checks each page that users visit to see if that page is impersonating Google’s sign-in page and notifies admins if users enter their G Suite credentials anywhere other than the Google sign-in page.

Admins can enforce deployment of the Password Alert Chrome extension from the Google Admin console (Device management > App Management > Password Alert)—just sign in and get started. You should check “Force installation" under both “User Settings” and “Public session settings.”

Admins can also enable password alert auditing, send email alerts and enforce a password change policy when G Suite credentials have been used on a non-trusted website such as a phishing site.

3. Allow only trusted apps to access your data
Take advantage of OAuth apps whitelisting to specify which apps can access your users’ G Suite data. With this setting, users can grant access to their G Suite apps’ data only to whitelisted apps. This prevents malicious apps from tricking users into accidentally granting unauthorized access. Apps can be whitelisted by admins in the Admin console under G Suite API Permissions.

4. Publish a DMARC policy for your organization
To help your business avoid damage to its reputation from phishing attacks and impersonators, G Suite follows the DMARC standard. DMARC empowers domain owners to decide how Gmail and other participating email providers handle unauthenticated emails coming from your domain. By defining a policy and turning on DKIM email signing, you can ensure that emails that claim to be from your organization, are actually from you.

5. Disable POP and IMAP access for those who don’t need it
The Gmail clients (Android, iOS, Web) leverage Google Safe Browsing to incorporate anti-phishing security measures such as disabling suspicious links and attachments and displaying warnings to users to deter them from clicking on suspicious links.

By choosing to disable POP and IMAP, admins can ensure that all G Suite users will only use Gmail clients and benefit from the built-in phishing protections that they provide. POP and IMAP access can be disabled by admins at the organizational unit level.

Note: all third-party email clients including native mobile mail clients will stop working if POP and IMAP are disabled.
6. Encourage your team to pay attention to external reply warnings
By default, Gmail clients (Android, Web) warn G Suite users if they’re responding to emails sent from outside their domain by someone they don’t regularly interact with, or from someone not in their contacts. This helps businesses protect against forged emails, from malicious actors or just plain old user-error like sending an email to the wrong contact. Educate your employees to look for these warnings and be careful before responding to unrecognized senders. Unintended external reply warnings are controlled from the Admin console control in the “Advanced Gmail” setting.
7. Enforce the use of Android work profiles
Work profiles allow you to separate your organization's apps from personal apps, keeping personal and corporate data separate. By using integrated device management within G Suite to enforce the use of work profiles, you can whitelist applications that access corporate data and block installation of apps from unknown sources. You now have complete control over which apps have access to your corporate data.

These steps can help you improve your organization’s security posture and become more resistant to phishing attacks. Learn more at gsuite.google.com/security or sign up for our security webinar on September 20, 2017 which features new security research from Forrester and a demonstration on how the cloud can help effectively combat cyber threats.


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Drive File Stream launching to all G Suite customers

Launched to early adopters in March, Drive File Stream is a new desktop application that allows you to quickly access all of your Google Drive files on demand, directly from your computer, meaning you use almost none of your hard drive space and spend less time waiting for files to sync.

Starting today, you’ll see settings in the Admin console for Drive File Stream (located at Apps > G Suite > Drive and Docs > Data Access). Note—these settings won’t go into effect for your users until Tuesday, September 26th, when Drive File Stream becomes generally available.


As of today, Drive File Stream will be turned ON for all customers, but we’ll only show download links in the Drive interface if you currently show them for Backup and Sync / Google Drive for Mac/PC. For more information on how to turn Drive File Stream on or off in your domain, check out the Help Center.

With this launch, Google Drive for Mac/PC is officially deprecated. It will no longer be supported starting on December 11th, 2017, and it will shut down completely on March 12th, 2018. We encourage you to use Drive File Stream. As an alternative to or in addition to installing Drive File Stream, you can upgrade to the new version of Drive for Mac/PC, called Backup and Sync.

A few important things to note:

  • In October, Drive for Mac/PC users may start seeing messages in the product notifying them that Drive for Mac/PC is going away.
  • If a user is running both Drive File Stream and Backup and Sync on the same machine, they’ll be prompted to stop syncing My Drive with Backup and Sync in order to save disk space.
  • Team Drive editors won’t be able to edit their Team Drive files when they’re opened in Drive File Stream; they’ll only be able to view them. To edit these files, they’ll need to open them in Drive on the web. 

Check out the Help Center for more information on Drive File Stream, including:

  • A side-by-side feature comparison with Backup and Sync.
  • Instructions for turning on Drive File Stream and deploying it to your organization.
  • Sample emails you can send to your users with more information.
  • FAQs.

Say goodbye to time-consuming file syncing and any concerns about disk space. With Drive File Stream, all your files are always ready for you and your colleagues.

Launch Details
Release track:

  • Drive File Stream Admin console settings launching to both Rapid Release and Scheduled Release on September 6th, 2017; Drive File Stream launching to end users on both Rapid Release and Scheduled Release on September 26th, 2017
  • Support for Google Drive for Mac/PC ending on December 11th, 2017; Google Drive for Mac/PC to stop working on March 12, 2018

Editions:
Available to all G Suite editions

Rollout pace:

  • Admin console settings
    • Full rollout (1–3 days for feature visibility)
  • Availability for end users
    • Full rollout (1–3 days for feature visibility) 

Impact: 
Admins and end users

Action:
Admin action suggested/FYI

More Information
Help Center: Deploy Drive File Stream


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates