What about Security?
- Is my email secure with G Suite?
- What if Google receives a subpoena or search warrant or other government request to my data?
- Won't Google data mine my email for marketing or other purposes?
- Will Google own what I put on Google Drive/Google Docs?
- Will the content I put on Google Drive be accessible to the world?
- Is it OK to share Google Drive files with a person using their consumer Gmail account (which is outside of the SIL Google Apps domain)?
- I am in a sensitive assignment. Won't my communication be at risk if I use G Suite?
- Ransomware and Google Apps
- Sign out of all other sessions
- How do I check my privacy and security settings?
Is my email secure with G Suite?
All email is equivalent to sending a postcard. You can hand carry the postcard, you can give the postcard to a trusted courier, or you can send it in the mail. The delivery method does not change the fact that the message is written on a postcard. Google is acting like a trusted courier, which means that your postcard was sent using an encrypted channel to the Google servers.
Like most other mail services, Google does not provide a truly “secure” messaging system because the message itself is in clear text; in other words, it’s not encrypted. Unless you have taken measures to install and use a cryptographic system like S/MIME or PGP/GPG along with your email, the messages themselves are still vulnerable to eavesdropping, forwarding, and other issues. Google Apps is configured to require secure connections to email clients. Thus, Google Apps email is at least equivalent in terms of the security of message transmission from an email client to an email server.
Google’s data centers and operational practices are routinely audited and certified to meet industry standards for security and operational competence. In fact, Google is held to a higher operational standard than SIL.
What if Google receives a subpoena or search warrant or other government request for my data?
Our agreement with Google states that Google will inform us in the event of such a request, unless the request includes a “gag order.” The same is true for us if we receive an information request from the government. In this case, hosting our services on Google or on our own internal system would be equivalent.
Won't Google data mine my email for marketing or other purposes?
"Data mine" is a loaded term and means different things to different people, usually negative things like targeted advertising or unwanted profiling. In this sense the answer is "No." The class of service we have from Google Apps does not include marketing ads and you will not see ads in the sidebar when using mail in Google Apps. The class of service we have comes with assurances that Google will not data mine in this sense.
Google will however scan email for spam and both email and documents for viruses and malware. Their systems will also index email and documents so that you can find things quickly. All of these things are for your benefit and are meant to improve your experience. All of this scanning and indexing is completely automated and does not involve a person at Google looking at your data. For more information see the G Suite Privacy and Security Overview.
Will Google own what I put on Google Drive/Google Docs?
Our agreement with Google ensures that our staff members will retain sole ownership of their content on Google Drive and Docs
Will the content I put on Google Drive be accessible to the world?
While that is certainly possible, the default access for each file is restricted to you alone. But you may adjust the access rules on a file by file basis. You may allow other named people to access a file (even people outside of SIL), you may open up access to all of SIL, or you may grant access to the world. The decision is yours.
Is it OK to share Google Drive files with a person using their consumer Gmail account (which is outside of the SIL G Suite domain)?
Yes, but exercise extreme caution when you share a Google doc with someone using their consumer Gmail account. Be sure you know the person with whom you are sharing your document. All the security created for SIL G Suite accounts doesn't occur on consumer Gmail accounts. If you share a document with using their consumer mail account, this effectively removes these security measures and possibly makes the document accessible.
Consumer Gmail accounts are controlled entirely by the individuals who own them, without corporate oversight. With SIL G Suite, we can enforce password strength rules, and we can also enforce account disable and removal policies for people who are no longer entitled (for whatever reason), including removing access to SIL Google Drive docs.
I am in a sensitive assignment. Won't my communication be at risk if I use G Suite?
It may actually be at less risk using Google Apps because you will be connecting to Google’s servers along with millions of other Google user and using servers geographically close to you rather than servers hosted at one of our centers, instead of the relatively small group of people in the world who used the former email service located physically only at JAARS.
Ransomware and G Suite
Every day, individuals and businesses alike are becoming victims of ransomware, a form of malware that captures your computer’s data and holds it captive until you pay the assigned ransom.
Even after you pay the demanded price, which can be pretty steep, there’s no guarantee that you’ll have all of your data returned to you. In 2016, ransomware attacks are happening more than ever, sparking the US Department of Homeland Security to issue an alert about the malware epidemic.
Ransomware is no longer just an issue for hardware devices. In fact, new strains of ransomware have launched that specifically target cloud-based applications, such as Google Apps and Office 365. One example of this cloud-targeting malware is called “cuteRansomware,” a form of ransomware that is quickly gaining speed. cuteRansomware infects the computer by launching itself from a Google Doc and holds the command-and-control functionality. Once you have accessed and downloaded the Google Doc that contains the cuteRansomware, it can collect user data while going unnoticed. While this is a recent endeavor of hackers, it’s an indication that cloud services will continue to be seriously affected by ransomware.
With G Suite in particular, the risk is increasingly high because, by default, Google uses HTTPS to transfer data between a browser and the website to which it is connected. The way that cuteRansomware operates, it’s easy to bypass traditional security solutions like firewalls that would normally protect your data during the transfer. cuteRansomware is using Google’s own security against them to attain the data.
While this is a very serious threat, there are ways to protect against ransomware attacks. Netskope stresses “the importance of anticipating an attack by identifying where sensitive content is in the cloud and ensuring backups of those important files.” With a solution like Datto’s Backupify, a cloud-to-cloud backup and recovery platform for G Suite that SIL Google Admin is looking at, ransomware is no longer a threat to your company’s data or security.
The Backupify solution has two features that help combat ransomware in particular. One of the features Backupify offers is a service called Point-In-Time Backup. PIT offers incremental backups that are taken frequently to create a series of recovery points. Backupify for G Suite, for example, backs up your Google Apps data–including Docs, email, Drive, Chat, Calendar, etc–a total of three times a day. Should your business get hit by ransomware at any point, you can roll-back your data to a point-in-time before the infection occurred. This way, you don’t need to pay the ransom to get your data back, and because you are restoring to a point-in-time before the ransomware infected your system, you can be certain everything is clean and the malware cannot be triggered again.
The second ransomware protection feature Backupify offers is an Unlimited Retention Policy, which allows users to store an unlimited amount of data in the Datto Cloud forever for a small incremental expense. How does this feature protect against ransomware? Because with unlimited data backup, you’ll always have a second copy of your data, thus never having to pay the ransom to get what could be your only copy back.
While ransomware is a serious and prevalent concern to the security of your business’ data, it is not the only threat. Do not let your company go unprotected, especially when there are solutions to prevent data security disasters.
Aside from a backup and recovery solution, the US Department of Homeland Security recommends the following to protect your business from a ransomware attack:
- Use application whitelisting to help prevent malicious software and unapproved programs from running. Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software.
- Keep your operating system and software up-to-date with the latest patches. Vulnerable applications and operating systems are the target of most attacks. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
- Maintain up-to-date anti-virus software, and scan all software downloaded from the internet prior to executing.
- Restrict your ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
- Do not follow unsolicited Web links in emails.
To learn more about ransomware and how you should be protecting your data, check out The Business Guide to Ransomware.
If you are interested in learning more about SIL's plan for Backupify, contact SIL Google Admin.
Sign out of all other sessions
The convenience of logging into your account from any web browser with an internet connection is a great feature but, if you're not diligent about logging out of your account after accessing it on public or shared devices, you could be in trouble.
Luckily Google provides the ability to remotely sign out of all sessions except for the one you are actively using. If you've ever felt like your password may have been compromised, this is a crucial step to take in addition to changing your password.
How to: Scroll to the bottom right corner of your email page and click the (hard to see) "Details". Click on that link to see the login activity for your account. You will also find a "Sign out all other web sessions" button at the top of this popup window. Watch a short video demonstrating how simple this is to do.
How do I check my privacy and security settings?
It’s a good idea to do a quick checkup in Google Apps to review important privacy settings and adjust them to your preference. Use this privacy checkup tool provided by Google to ensure that your browsing is as private—or as public—as you want it to be.
Read a short article that discusses this, walks you through the process, and makes recommendations.