Best Practices for Hardening your Google Workspace Security

Google Workspace is an ideal collaboration and productivity tool: From Google Drive and Docs, to Sheets and Slides, your employees have everything they need to work effectively. But as a Google Workspace admin, your job is keeping the environment secure and in tip-top shape.

Google offers native security controls in Google Workspace and enables some of its recommended security settings by default, but runs on a shared responsibility model. That means you’re responsible for implementing policies and procedures such as access controls and permissions.

Google Workspace has built-in robust security features, providing admins with the control and visibility needed to make informed and relevant decisions for your organization. For example, organizations in highly regulated industries or with highly sensitive data will require more robust security controls, as well as a compliance framework to manage data sprawl in Workspace.

With these tips, we’ll help you get on the best path towards hardening your Google Workspace environment. If you’re interested in baselining your existing configuration settings or would like to engage in a comprehensive review of your security posture, reach out to Pythian.

Here are 8 ways to boost security in Google Workspace:

1. Set up two-step verification: You can help protect user accounts from unauthorized access by enforcing a secondary method of authentication for logging into Workspace accounts. You can even enforce a specific authentication method, such as security keys, for certain users or groups where sensitive data needs to be protected.

2. Use email alerts and login challenges: Be proactive by setting up email alerts for potentially risky events, such as suspicious sign-in attempts or compromised mobile devices. You can also set up login or verify-it’s-you ‘challenges’ for suspicious login attempts (where users enter a verification code that Google sends to a recovery phone number or recovery email address).

3. Enable advanced malware protection: Thanks to machine learning models, Google is continuously evolving the ability to detect and respond to phishing and other malware attacks. Advanced malware protection provides additional security features such as scanning images in links to protect against malware and identifying links behind short URLs to protect against phishing.

4. Use Google Workspace’s mobile management: While basic device management features are enabled by default, Google also offers advanced mobile management such as remote device wiping, app management and strong password enforcement. You can also require device encryption and restrict notifications on the lock screen of mobile devices.

5. Create an allowlist for apps: Review and approve which third-party apps can access core services in Google Workspace, such as Gmail and Google Drive. Create an allowlist that specifies which third-party apps can access these services and block access to less secure apps.

6. Limit sharing options: Keep file sharing within your domains to prevent data leaks and exfiltration by turning off sharing options (make exceptions with your allowlist). You can also turn off link sharing for new files, and warn users when they’re about to share a file outside your domain. And you can require external parties to sign in with a Google Account.

7. Stay on top of offboarding: When an employee leaves the organization—or if you suspect an account has been compromised—turn off the Google data download feature to prevent a user from downloading all their data with Google Takeout. Even if their account sits idle, it poses risks—like a non-updated app that introduces malware into their old corporate cloud account.

8. Review security settings regularly: Regularly visit the security center to review your security posture, investigate incidents and take action based on that information. You can search log event data to review user and admin activity, as well as identify and take action on security and privacy issues.

Get a helping hand with Pythian

In many organizations, the administration of Google Workspace is one of a multitude of priorities for IT teams. You may not have the internal resources to properly ensure the security and compliance of current and emerging features. And you’re likely supporting multiple platforms, all of which need to be integrated and secured.

Pythian has two security offerings for Google Workspace that can help:

Google Workspace Security Health Check: Our experts conduct a health check, baselining your organization’s security configuration settings, and offer customized recommendations to secure your Workspace environment while leveraging security best practices.

Google Workspace Security Posture Analysis: This offering extends our security health check to a comprehensive assessment with a deep dive into your data to fully assess your organization’s Google Workspace security posture analysis. The objective is to identify your risk exposure and then provide remediation steps to enable safeguarding of your data and protecting your end-users.

While robust security features are built into Google Workspace, it’s important to regularly review your security posture and keep on top of Google’s Security Health Recommendations. Most importantly, these steps should go hand-in-hand with regular end-user security awareness training to create a strong security culture within your organization.

Learn more about Pythian’s security offerings. Schedule a consultation with a Pythian Google Workspace security expert.