Google Workspace Security. Best Practices for Sensitive Data Protection

On July 29, 2017, arguably the most shocking breach of PII (personally identifiable information) was discovered by Equifax. Over 143 million people and their most sensitive data were exposed by attackers. This was the holy grail of sensitive data leakage as it contained all the personal information for each individual in one place – name, age, address, social security number, etc. It underscores in a large way how much we value protecting sensitive data especially when it relates to our personal information. Of tremendous importance for G Suite administrators thinking about securing G Suite environments is moderating and controlling sensitive data in the G Suite environment to prevent data leaks.

G Suite security requires a multifaceted approach that includes important security measures such as cloud backups, ransomware protection, and risky apps control. However, with protecting sensitive data in mind, what types of sensitive data do organizations need to protect and why? How can G Suite administrators provide sensitive data control in their G Suite environments? How can Spinbackup bolster the security of organizations looking at moderating and protecting sensitive data in their G Suite environments?

What is Sensitive Data and Why Businesses should be concerned

Sensitive data can include a wide range of information that is not to be disclosed to any unauthorized recipient. In general, it includes the following types of personally identifiable information (PII) as well as other information which may include the following:

  • Social security numbers or SSNs, phone numbers, addresses, etc.
  • HIPAA (Health Insurance Portability and Accountability Act) information such as patient diagnoses, treatments, and other protected health information
  • Financial or payment information – This can include the common credit/debit card numbers, bank accounts, or other financial or payment information
  • Miscellaneous sensitive information – This can be any information that is deemed sensitive by an organization such as financial records, source code, company secrets.

Why is sensitive data a big deal? As mentioned in the outset, the high-profile breach of Equifax along with millions of individual’s PII information underscores how important it is to protect and make sure remediation mechanisms are in place if leakage of sensitive data is detected. Attackers these days are after targeted information such as credit cards or other lucrative information that can be used on the black market. Certainly, any business that deals with credit card numbers or maintains personal information including social security numbers will want to make sure these are protected by some type of data leak protection.

It is essential for G Suite administrators to protect data that lives in the G Suite environment from being copied, moved, or otherwise transmitted or shared outside of the authorized G Suite environment, especially when it contains sensitive data. Allowing sensitive information to be leaked outside of the G Suite environment either knowingly or mistakenly can open an organization up to all kinds of liability from many different aspects. Not to be dismissed is the potential impact on business reputation that may affect customer confidence in such a way that a business may never recover.

It’s also important for organizations to realize that attackers today are starting to shift much more of their focus toward public cloud environments as they realize more and more businesses today are moving infrastructure to public cloud datacenters.

For some, it may be easy to say, let’s not store sensitive data in the public cloud due to the security concerns presented in today’s information technology world. However, for many of today’s modern web driven businesses, this is simply not a feasible solution. Many of today’s businesses may reside entirely in the public cloud with compute, network, and storage resources centralized to the public cloud provider. It is more reasonable to say that today’s businesses utilize technology and processes that allow moderating and controlling sensitive data wherever it resides.

Spinbackup Sensitive Data Protection

As mentioned, keeping control over and moderating sensitive data in any environment, let alone the public cloud can be a challenge! However, organizations today utilizing Google G Suite public cloud services can leverage the proven power of Spinbackup’s Data Leak Prevention. It is a powerful solution that empowers organizations to be proactive in gaining visibility to and remediating data leakage threats in the G Suite environment. The multi-faceted solution provided by Spinbackup helps to prevent and remediate data leakage threats that may threaten a G Suite environment by greatly extending the native features that are provided by Google DLP.

With Spinbackup Sensitive Data Control, data and email messages containing sensitive data can be flagged and are clearly noted in the Dashboard under the Data Audit section. Alerts are also sent out to G Suite administrators when a new message with sensitive data is sent or received or when Google Drive data containing sensitive information is found.

Gmail messages found with Sensitive Data contents
Gmail messages found with Sensitive Data contents

One ominous threat that presents itself to organizations housing sensitive data in the public cloud is having this data shared outside the organization. End users who have access to various data could either intentionally or mistakenly share sensitive data to someone outside the G Suite organization leading to sensitive data being compromised. Spinbackup’s “Items shared with third-party users” is a powerful Sensitive Data Control feature that dovetails into the other features of the solution.

The Items Shared with third-party users dashboard gives clear visibility to data that has been shared outside the G Suite organization. These items are of special interest to G Suite administrators as it denotes data that is potentially being copied or at the very least, viewed, by someone who may be unauthorized to view sensitive data.

As shown below, G Suite administrators can quickly cancel the third-party access and remediate any potential data leak quickly and effectively. The dashboard details the information that is being shared, who shared it, who it is shared with, and the date it was shared.

visibility into G Suite data shared outside the organization
Spinbackup provides powerful visibility into G Suite data shared outside the organization

Administrators can choose to Cancel the sharing. Once the G Suite administrator chooses to cancel the sharing, they can also take ownership of the file(s) in question.

Cancelling and taking ownership of sensitive data

Cancelling and taking ownership of sensitive data with Spinbackup Sensitive Data Control

With the Domain Audit G Suite administrators have a broad overview of all the items of interest related to the data security events in the G Suite environment. Event types can be filtered based on Risk Level or by the event Type. Notice how the Domain Audit dashboard can easily be filtered by Credit Card, or Data Sharing events.

Domain Audit Dashboard allows G Suite Administrators tremendous visibility into G Suite security events

Domain Audit Dashboard allows G Suite Administrators tremendous visibility into G Suite security events

Abnormal logins can also be an indicator of malicious activity with an attacker trying to gain unauthorized access to the G Suite environment, potentially with the motive to steal or otherwise compromise sensitive data. Spinbackup gives G Suite administrators visibility into failed login attempts which can proactively help thwart the compromise of sensitive data.

Abnormal logins with an inordinate amount of failed attempts are recorded by Domain Audit

Abnormal logins with an inordinate amount of failed attempts are recorded by Domain Audit

Along with the Domain Audit and Data Audit dashboards, Spinbackup is able to proactively notify G Suite administrators of G Suite environment security events related to data security, leak, etc.

Security alerts can be configured with CCNs are detected

Security alerts can be configured with CCNs are detected

Spinbackup Sensitive Data Control Bolsters Native Google G Suite DLP

Google DLP or Data Loss Prevention is an automated mechanism used to monitor both Google Gmail and Google Drive for certain content configured by a G Suite administrator that protects data meeting those configured parameters from data leak. G Suite administrators can define Google DLP settings for:


  • Scanned messages – Definition of which messages are scanned, aligning with company data security policies
  • Content – Definition of which content is scanned
  • Remediation actions – Messages can be modified, rejected, or quarantined.

Google Drive Data

  • Google Drive Data that is shared outside the organization
  • Specific matching content in Google Drive
  • Actions include notifications, blocking of files shared

Spinbackup bolsters the native DLP functions of G Suite services and also distinguishes itself from Google DLP in key areas:

By utilizing both the power of built-in Google DLP functions along with the extended functionality provided by Spinbackup data loss protection and data leak protection, organizations are equipped to meet the overwhelming security challenge presented by Google G Suite environments and sensitive data control.With Spinbackup Sensitive Data Control, data and email messages containing sensitive data can be flagged and are clearly noted in the Dashboard under the Data Audit section. Alerts are also sent out to G Suite administrators

Concluding Thoughts on G Suite Sensitive Data Control

Security in the public cloud is a multifaceted challenge for most organizations who have moved or are planning on moving data to cloud storage. Rather than shy away from utilizing public cloud data storage due to concerns about sensitive data or security in general, organizations can make use of powerful solution such as provided by Spinbackup to ensure data integrity and sensitive data protection. Spinbackup provides the all-in-one solution for G Suite organizations to ensure G Suite backup, data loss prevention as well as data leak protection and is unique in the marketplace by being able to do this in a single pane of glass product empowering G Suite administrators to be proactive about public cloud security with G Suite services. Data is the “future gold” of IT infrastructure and organizations must use all means at their disposal to protect it.

Traditional security mechanisms are simply no longer an effective means of data security with today’s fast paced public cloud and hybrid infrastructures. Spinbackup helps organizations meet the data security

Check out Spinbackup’s pricing for G Suite and watch our Demo Video!

Discover more on Spinbackup GDPR Compliance.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. We won't track your information when you visit our site. But in order to comply with your preferences, we'll have to use just one tiny cookie so that you're not asked to make this choice again.Learn more about our use of cookies.