Tag Archives: Chrome

Advanced Security for Google Apps: Chrome, Google+ and More

Send to Kindle

Today’s post is the fourth and final in our blog series covering advanced security for Google Apps. You can read part one here, part two here and part three here. The complete guide to Google Apps security configuration and compliance can be downloaded here.

G2GAT4_FinalBlogPost

In the three previous posts, we highlighted the advanced security settings for Google Calendar, Drive, Sites, Contacts and Google Mail. Today, we’ll highlight the need-to-know settings for other Google services, including Chrome, Google+ and Google Vault. We will also cover data recovery solutions for the Google Apps suite.

Other Google Services

As an Administrator, you may enable (or disable) many other Google Services. These services are outside the “core” services, and include offerings such as Blogger, the Chrome Web Store, Google AdWords, Google Analytics, and many others. (To view these services, login to the Administrator Control Panel. From the Dashboard, select “More” at the bottom of the screen, then choose “Other Google services”.) Review the entire list of “Other Google Services” and consider disabling services that your organization doesn’t use.

Most of the services offer only two options: enable or disable. However, two of these “other Google services” offer extensive security and configuration settings: Chrome Management and Google+.

Chrome management

Many Google Apps work best when used in Google’s Chrome browser. For example, Chrome enables  offline use of Gmail, Docs, Sheets, Slides and Drawings.

Chrome and Google Apps work best together when people login to Chrome with their Google Apps account. (To login to Chrome: select the three-line menu in the upper right, then choose “Sign in to Chrome”.) Since Chrome works on Linux, Mac and Windows systems, this provides a consistent experience across platforms.

As Administrator, you can control many Chrome settings for people in your organization. For example, you can auto-install specific Chrome apps and extensions, or disable the saving of passwords and/or browser history. You may also customize how Chrome handles content (e.g., Javascript, pop-ups, plugins and more) and printing. There are many customizable Chrome settings. It may take some time to review them all, but since the settings apply to everyone in the organization, this is time well spent.

Learn more from Google about Chrome Policies for Users and how to Set up Chrome for Business.

Google+

If you’ve enabled Google+ for your organization, you choose the default setting for new posts: either restricted (viewable by other people in the organization), or public. People may change the setting, though.

You may also disable access to Hangouts on Air. Note that this setting is different than the Talk/Hangouts configuration settings found in the Google Apps > Talk/Hangouts area.

Learn more from Google about Google+ Premium features.

Google Vault (for compliance)

Google Vault adds email retention, search and export services to Google Apps. As Administrator, you define retention rules. These rules define which emails are preserved—and for how long they will be preserved. A retention rule may preserve email for a specific organizational unit, during a defined time period, or containing specific words. Preserved emails may be searched and exported. (Note  Google Vault is an added Google service, available on an additional per user per month fee basis.)

Learn more from Google about Google Vault.

Google Apps Marketplace

The Google Apps Marketplace offers hundreds of third-party apps that integrate with Google Apps in various ways. Most of these apps integrate with Google’s “single sign-on”: you—the Administrator —add the app, then everyone in the organization can access the app from the Google One bar’s “More…” menu. (The Google One bar is the \ grid of nine squares in the upper right.)

Learn more from Google about the Google Apps Marketplace.

Integration and data access required

Many apps require access to your organization’s Google Apps data. Project management apps may connect to Calendar data. Flowchart apps may need access to Google Drive documents or photos. Mail merge apps often connect to spreadsheets. Review permissions required by each app carefully.

You should investigate the vendor, as well. Look at the Google Apps Marketplace “star-rating” and verified reviews: is feedback generally positive? Pay attention to security details provided by the vendor, as well. For example, Backupify completed a Service Organization Control Type II (SOC 2) audit; the same as one of the security audits completed by Google. Remember, vendor assertions are helpful, but external audits are also necessary.

Learn more from Google about how to evaluate a Marketplace app’s security.

Review connected apps

In the Google Apps admin control panel, select “Marketplace Apps” to see all Marketplace apps connected to your Google Apps.  Review connected apps periodically. Revoke data access and delete apps no longer needed by the organization.

Learn more from Google about app data access.

Reset, Recover and Reach Out

People forget passwords. Add user support contact information to your organization’s Company Profile so people can contact someone when this occurs. Administrators can reset a user’s password. All Google Apps Administrators should add both a phone number and recovery email address to their accounts, so as to to enable password recovery for Administrator accounts.

Data recovery

In some cases, deleted Google Apps data can be recovered.

Deleted Contacts may be restored to their state anytime in the prior 30 days (go to Contacts > More… (above main contact listing) > Restore contacts…).

In some cases, deleted email may be restored by searching the email Trash folder (if found, select the email then choose “Move to Inbox”).

A similar process may work for some deleted Drive documents: search the Trash folder, then select the item and choose “Restore”.

A deleted page on a Google Site may be recovered within 30 days. (Go to the Site > choose “More actions” > Select “Manage Site” > then choose the Deleted items tab > select the page, then choose “Recover”).

Not all deleted items can be recovered. For example, deleted Calendar Events cannot be recovered. Any item “deleted permanently” or “immediately” cannot be recovered.

Third-party solutions, such as Backupify’s Google Apps backup make recovery of deleted Gmail, Calendars, Contacts, Drive documents and folders, and Sites possible.

Learn more: Google Apps & Security

Google’s teams continuously monitor and periodically modify Google Apps to improve security. The team announces new features and changes on the Google Apps blog. New features may mean new settings you need to review or change. Follow the blog to stay up-to-date.

Conclusion

While Google is protecting all the bits of data in your company’s domain, it’s critical to configure the right privacy and security settings for your business. After the basics are checked off, it’s necessary to meticulously go through all the Google Apps settings – ensuring the right amount of access for employees. It’s a lot easier to enjoy the benefits of Google Apps once your data is secure.

For more information about Google Apps, subscribe to our blog or check out the other guides in the complete Google Apps Training Guide series, including:

9 Steps to Optimize Google Chrome for Google Apps Security

Send to Kindle

Google ChromeGoogle Chrome has been consistently rated as the safest consumer Web browser available today, but, to paraphrase a famous military scholar, no security survives contact with the user. Poor end-user habits and settings can compromise even the most secure browser. Below are some basic steps to ensure that Chrome isn’t the weak link in your Google Apps security plan.

BROWSER SETTINGS
The first phase of improving Chrome’s security profile is tweaking its native settings to avoid storing sensitive data, and to ensure you never surf to the more unsavory corners of the World Wide Web.

1. Make Sure ‘Safe Browsing’ Is Enabled
Chrome has a number of automatic ‘Safe Browsing’ defenses against phishing and malware, most of which simply warn users against visiting pages with spoofed URLs or woefully out of date security certificates. ‘Safe Browsing’ is enabled by default, but security begins by making sure it stays that way.

2. Block All Browser Cookies By Default
While this will make the browser mildly less convenient by forcing the user to log in every time he or she reaches a site — including Google Apps — it will prevent any session from persisting after a browser tab is closed. This blocks both unwanted monitoring by third-party cookies and limits the possibility of tailgating attacks.

3. Block Saved Passwords
Saved passwords are a risky convenience, as anyone with access to your browser — which is only a stolen laptop away — can subsequently access all your online accounts, Google Apps included. Moreover, hackers target the stored password file as a treasure trove of identity theft or intrusion ammunition. Disabling the saved password function is perhaps the single most important step to take in protecting not just your Google Apps domain, but every one of your online accounts.

4. Disable Autofill
Autofill data represents saved form data — addresses, phone numbers and email addresses — designed to make online sign-ups easier. While far less dangerous than saved passwords, autofill information is nonetheless a tempting target for hackers and laptop thieves alike, as it contains vital clues to the login information for your Google Apps domain (to say nothing of your online banking accounts). Disabling autofill keeps this information out of the browser.

5. Lock SafeSearch to Strict
Chrome makes it trivially easy to employ Google Search, so those searches need to be as safe and secure as possible. Locking Chrome’s native search functionality into SafeSearch mode ensures that no less-than-trustworthy sites are returned from any query, keeping the application that accesses your Google Apps domain that much further from any dangerous malware.

SECURITY EXTENSIONS
Chrome’s native security measures are laudable, but you can double down on your defenses with carefully selected browser extensions.

6. Secbrowsing Plugin Version Checker
The first step to safely using Chrome Extensions is to make sure those extensions are up to date, which is to say that all known security flaws have been patched. The Secbrowsing plugin ensures that any extension you’re running is the latest, and thus likely the safest, version.

7. KB SSL Enforcer
Secure Sockets Layer (HTTPS) browsing is fundamentally safer than standard web surfing, and most websites offer an SSL access option — provided you can find it. The KB SSL Enforcer defaults to the HTTPS address for every website that offers it, including every core and non-core Google Apps service. Never transmit a password without SSL protection again.

8. View Thru URL Shortening Decoder
Popular URL shortening services like bit.ly and j.mp are often used to enable phishing attacks and malware installations by disguising unsafe web addresses. The View Thru extension allows you to verify the real, unshortened URL before you visit it, sidestepping these camouflage attempts.

9. PasswordFail Cleartext Password Alarm
While virtually every web application requires you to create an account to use the service, a shocking number of these apps send and receive password information in dangerously insecure cleartext formats. While no Google Apps service makes this mistake, another web app’s carelessness could compromise your browser and thus your Google Apps domain. The PasswordFail extension warns you off any web application that employs cleartext passwords, ensuring you never put your browser security in the hands of sloppy code.

Implement these nine steps and Google Chrome’s already stalwart security profile will be significantly stronger — and so will your Google Apps domain.