Startseite / Blog / Automating Security in G Suite

It’s becoming increasingly difficult for organisations to protect assets at scale. Many security tools out there give users a lot of data, but fail to provide meaningful insights into it. Most of them also lack the necessary tools to go in and quickly remediate security issues. Additionally, some of them are also incredibly complex, requiring specific technical knowledge to utilise them properly.

This means that a large number of organisations end up with security tools that are only partially implemented.

How can G Suite help?

With a comprehensive and easy-to-use set of tools, G Suite has a vast array of security features on offer to fit your needs. Here are some of our favourites:

  • Automating enrollment in device management. If your company has a BYOD policy, when users sign in with their corporate credentials, their device will automatically be enrolled for light management. This allows super admins to see what data these devices are accessing, and exactly what they are doing - giving them the ability to wipe corporate data from them, if necessary.
  • Security health and dashboards. This provides a high-level overview of your organisation’s security metrics.
  • Security investigation tool. This tool allows super administrators to dive quickly into data and take remedial actions against security and privacy issues.
  • Alert centre. A dashboard where super admins can get an overview of the most important things for them to look into, and proactively lets them know what’s happening in their domain happening.
  • Enhanced Gmail protection. Gmail is a huge target for attacks, so Google is constantly investing in its security to make sure users are protected, i.e. using security sandbox, confidential mode, business email compromise protections, etc.

Freeing your security team’s time

Google is always finding new ways to help you automate security and take away time from redundant tasks to put it back into other areas that will add more value to your organisation.

Here are some of the protective features Gmail puts in place at different stages:

Thus, from even before an email is sent to the moment a user opens it and clicks on a link, Gmail has security features built in to protect users at every step.

Another focal area for Google this year is Hijacking prevention. Specifically, looking at security keys as they are an extremely effective way to protect your users. By preventing hijackings, companies will avoid the risk of potential damage or loss of company data.

Additionally, Google is also consistently investing in models to detect anomalous behaviour from users. This means that a lot of the alerts that you’re seeing in your alert centre have probably been generated automatically by these models.

Google’s new launches

Data Loss Prevention

Data Loss Prevention (DLP) gives users the ability to create rules in Gmail and Drive to detect certain patterns. This goes from strings or regex and using one of the predefined detectors to block exfiltration before it happens, all the way to detecting malicious information before it comes into your organisation.

One of the really cool things about DLP is that it's built right into the product, so it stops security issues before they happen. Instead of cleaning up after a threat, it actually prevents documents from being shared in the first place. In the latest update, Google has unified the experience of creating these rules and invested heavily in logging and visibility around what these rules are doing.

Security Centre

There are three major components to Google’s security centre. The first is security health, which keeps you up to date on the newest tools and settings available to protect your organisation. This helps take a proactive approach and prevent issues before they even happen.

The second is the security dashboards, which give you that high-level overview of important metrics in your organisation. These give you actionable content that can help you detect potential issues.

Finally, the investigation tool, which allows you to do advanced queries to correlate data across different types and take actions in bulk. It scales from deleting one email from a user's inbox to deleting a million.

With the security centre, one of the things Google has really focused on is the new activity rules. These allow you to create automated actions and alerts, based on queries you long into the investigation tool.

Alert Centre

The alert centre, which launched about six months ago, is available for all G Suite licenses (Basic, Business and Enterprise). It provides a single pane of glass for all your essential security notifications across three primary categories.

The first one is phishing and malware. With about 91% of cyberattacks starting in email, this is one of the most common threats users face. This is an area that Google is continuously investing in. Currently, around 99.9% of spam and phishing emails get stopped before they make it to the end user.

User attacks keep changing over time and Google keeps learning and evolving the way they prevent them. As part of this process, Google goes back to see if any of the messages inside your users' inboxes have been affected and matches new patterns they’ve learned. This is what they call Reclassification. When this occurs, they automatically move the emails from their inbox and classify them as spam automatically. And, if your users have already engaged with those messages, super admins get a notification in the alert centre letting them know that there's a potential threat to investigate.

The second category is account warnings. This is where Google is using AI and ML models to detect suspicious behaviour, looking for compromised accounts where attacks might have occurred during login, or even during in-app activity.

The third area is device management. Here, Google is automatically looking at suspicious device behaviour. This means devices that have been rooted, jailbroken, or device properties that have altered.

In recent updates, they have focused mainly on giving users new features:

  • The first one is being able to help them prioritise automatically by giving different severity settings to alerts. Even though Google has mapped these settings initially, admins can still go can edit them to fit business needs.
  • The second is the ability to track status. Now admins can see if alerts are new, in progress, or closed.
  • The third is to manage workloads by assigning alerts to different team members. This enables faster prioritisation and more efficient collaboration.

If you’re interested in learning more about security features and how to best take advantage of them depending on your organisation, we're happy to help. Fill out the form below and one of our transformation experts will get in touch.

Ähnliche Geschichten