Have you ever been confronted with something like this as you tried to register an account online?
“Sorry, but your password must contain an uppercase letter, a number, a haiku, a gang sign, a hieroglyph, and the blood of a virgin”.
Sure, it is a joke. But deep in the heart everybody understands that it is all about your security. And security is no joke.
Being a SaaS company (software-as-a-service), not a day goes by at Pics.io without receiving an email full of concerns about security. Is your service secure? Where are your servers located? Do you have backups? — these are some of the most typical questions we receive daily.
We fully understand these concerns. Using an unreliable file sharing service or a faulty cloud storage can cost dearly. This way or another, we are all dependent on keeping our assets in some secure storage online:
- Give access to remote workers & subcontractors
- Send files to customers for feedback
- Share assets among distributed offices and teams
- Maintain an offsite backup for important files.
In other words, choosing a service for file sharing or cloud storage is a very responsible step you take in your business. Your cyber security is not a matter you can take lightly.
Among the best-reputed services are Dropbox, One Drive, and — of course — Google Drive. Apart from being a massive storage solution, these giant providers also offer an extensive suite of productivity tools which help your business immensely.
If you ask Pics.io, which cloud storage to choose, our answer is almost always the same — Google Drive (or rather Google Workspace — if we talk business).
If you are still wondering if Google Drive is a good fit for your business, have a look at our G Suite Maximizer. There we compiled all the advantages of Google Workspace & gave you an idea of how you can extend your cloud storage with Pics.io DAM.
One of the indisputable advantages of Google Workspace is the ultimate security it offers. There are over 4 million Google Workspace businesses today, so the security of company’s data is a top priority for Google. Even more so, over the past year, Google has kicked up a notch protecting your data inside Google Workspace through improved access controls and new tools for preventing phishing emails and malware attacks.
Let’s take a closer look at a variety of Google Drive security options.
1) Password strength monitoring
A strong password is the first line of defense to protect your Google Drive. A graph in the Admin console visually shows you how strong each of your users’ password is. So, if you see that somebody’s password looks really weak, take action promptly and ask your teammate to beef up the password.
You might even want to give your users a crash course in password security. You will be surprised to learn how many people have no clue about how to create a robust & reliable password.
Plus, we strongly recommended to enable Password Alert. This will help you make sure that your teammates don’t use their corporate credentials on other websites.
2) 2-step verification
Apart from a strong password, it’s always a good idea to protect it with a verification code. The most common formats of 2-step verification are phone prompts, voice calls, mobile app notifications, and more.
Google also recommends to protect your admin account (or other high-value accounts) with a special Security Key — a small hardware device used when signing in that provides second factor authentication.
3) Restrict third-party apps access
Interconnectivity of different apps and devices is a great asset for modern businesses. But it is also a gate for potential threats for your security. It’s so easy to follow somebody’s invitation to edit a file and push Open in Doc button only find yourself a few seconds later on some malicious app that can hijack your account.
What you should do is to filter all the apps that ask permission to access your data (in Gmail, Drive, Calendar, etc.) & block those that do not comply with modern security standards, such as OAuth.
OAuth whitelisting helps you identify which third-party apps can be trusted and who you can grant access to your data. This very thing happens when you connect Pics.io DAM to your account. We ask permission to access data in your Drive — not the whole Drive, by the way, but only one folder you choose yourself.
As Pics.io meets all the modern security standards, you don’t need to worry about whitelisting our Digital Asset Management solution.
4) Limit external sharing
To reduce the risk of data leaks, you can control the amount of information that your teammates are allowed to share with external users (through Calendar, Google Docs, and other Google Workspace tools).
For example, you can restrict external Calendar sharing to free/busy information only. Or, you can turn off sharing options outside your domain. Of course, at some point you’ll have to share something with your collaborators. No problem. You can always whitelist an external domain you want collaborate with.
Another smart move is to require external collaborators to sign in with a Google account. This will add an extra layer of security for your data. Not having a Google account is a lame excuse. Anyone can get it for free in a matter of minutes.
5) Early phishing detection
Email is still the most common threat vector for data breaches. Good news is that Google has a variety of tools that can intercept & analyze emails that can carry potential threats.
For example, Google can scan the list of recipients, including those in Cc. If it finds a strange email which is not on your contact list, the email will be delayed and you will receive a warning message. This gives you solid protection against possible data loss or email spoofing. Incoming messages can be also scanned for potential threats in attachments, links or images.
On top of standard protection scans, Security Sandbox (beta) has been released earlier this year. Its purpose is to detect previously unknown malware that can attack your Gmail account. This feature places the incoming email in a sort of a “sandbox” and “tests” it in a staged environment to see how it performs.
6) Advanced Security Center
If you are using the Enterprise plan, you can benefit from the recently released Google Workspace Security Center. It gives you much more information and control over potential threats to your Google Workspace account.
With Security Center, you get a better idea of what information is shared outside of the organization, what kind of spam and malware target people inside your organization which files inside your Drive trigger Data Loss Protection (DLP) rules, etc. Plus, a newly-released Security Investigation Tool helps you perform advanced searches, triage threats, and create automated workflows to minimize the impact of these threats.
The biggest advantage of Security Center is that it collects all security metrics in one place & shows the overall state of security in your company. Besides, since recently, you can create automated rules for Security Alerts. These will send you notifications if something goes wrong, so that you can take appropriate action.
7) Mobile device management
Generally, as a business owner, you welcome the idea that your teammates will have access to necessary data 24/7, from anywhere in this world. For all its advantages, such openness poses a serious danger, too. Especially now that BYOD (bring-your-own-device) is on the rise.
To reduce data leaks, malware and other risks, you can use a special dashboard to see which devices have access to corporate data & how they comply with the company’s security policies.
Mobile device management lets you remotely sign users out of a device which has been lost or stolen. You can also block compromised mobile devices (e.g. the one that has an unlocked bootloader inside) or enable Auto Account Wipe that will automatically remove corporate account data from a mobile device that has been inactive for a long time.
Google Workspace Enterprise users can also benefit from the advanced Context-Aware Access Control which was launched last April. Context-Aware Access allows you to create granular access control policies based on various criteria such as user identity, device location, device security status, and IP address. For example, you can allow access only from company-issued devices.
So, what’s the bottom line…
As you can see, the scope of security features offered by Google is really wide. And mind you, this short blog post has merely scratched the surface of this vast topic. The reality is much deeper & will keep your security engineers busy.
Yes, top notch security is a great advantage of Google and one of the reasons why lots of businesses choose Google Workspace for deploying their corporate environment.
Yet, Google Workspace has a lot more to offer! Want to learn more about Google Workspace & what it can do for your team?
Welcome to download a free copy of our G Suite Maximizer. It’s a concise overview of all the basic features of Google Workspace for businesses. Besides, it gives you an idea of how you can maximize your unlimited storage by adding Pics.io DAM solution on top of it. If you liked this article please share it with your business partners and friends.