December 16, 2018 | Reading time 13 minutes

Google Workspace Security. Best Practices for Sensitive Data Protection

On July 29, 2017, arguably the most shocking breach of PII (personally identifiable information) was discovered by Equifax. Over 143 million people and their most sensitive data were exposed by attackers. This was the holy grail of sensitive data leakage as it contained all the personal information for each individual in one place – name, age, address, social security number, etc. It underscores in a large way how much we value protecting sensitive data especially when it relates to our personal information. Of tremendous importance for Google Workspace administrators thinking about securing Google Workspace environments is moderating and controlling sensitive data in the Google Workspace environment to prevent data leaks.

Google Workspace security requires a multifaceted approach that includes important security measures such as cloud backups, ransomware protection, and risky apps control. However, with protecting sensitive data in mind, what types of sensitive data do organizations need to protect and why? How can Google Workspace administrators provide sensitive data control in their Google Workspace environments? How can Spinbackup bolster the security of organizations looking at moderating and protecting sensitive data in their Google Workspace environments?

What is Sensitive Data and Why Businesses should be concerned

Sensitive data can include a wide range of information that is not to be disclosed to any unauthorized recipient. In general, it includes the following types of personally identifiable information (PII) as well as other information which may include the following:

  • Social security numbers or SSNs, phone numbers, addresses, etc.
  • HIPAA (Health Insurance Portability and Accountability Act) information such as patient diagnoses, treatments, and other protected health information
  • Financial or payment information – This can include the common credit/debit card numbers, bank accounts, or other financial or payment information
  • Miscellaneous sensitive information – This can be any information that is deemed sensitive by an organization such as financial records, source code, or company secrets.

Why is sensitive data a big deal? As mentioned in the outset, the high-profile breach of Equifax along with millions of individual’s PII information underscores how important it is to protect and make sure remediation mechanisms are in place if leakage of sensitive data is detected. Attackers these days are after targeted information such as credit cards or other lucrative information that can be used on the black market. Certainly, any business that deals with credit card numbers or maintains personal information including social security numbers will want to make sure these are protected by some type of data leak protection.

It is essential for Google Workspace administrators to protect data that lives in the Google Workspace environment from being copied, moved, or otherwise transmitted or shared outside of the authorized Google Workspace environment, especially when it contains sensitive data. Allowing sensitive information to be leaked outside of the Google Workspace environment either knowingly or mistakenly can open an organization up to all kinds of liability from many different aspects. Not to be dismissed is the potential impact on business reputation that may affect customer confidence in such a way that a business may never recover.

It’s also important for organizations to realize that attackers today are starting to shift much more of their focus toward public cloud environments as they realize more and more businesses today are moving infrastructure to public cloud data centers.

For some, it may be easy to say, let’s not store sensitive data in the public cloud due to the security concerns presented in today’s information technology world. However, for many of today’s modern web-driven businesses, this is simply not a feasible solution. Many of today’s businesses may reside entirely in the public cloud with compute, network, and storage resources centralized to the public cloud provider. It is more reasonable to say that today’s businesses utilize technology and processes that allow moderating and controlling sensitive data wherever it resides.

Spinbackup Sensitive Data Protection

As mentioned, keeping control over and moderating sensitive data in any environment, let alone the public cloud can be a challenge! However, organizations today utilizing Google Google Workspace public cloud services can leverage the proven power of Spinbackup’s Data Leak Prevention. It is a powerful solution that empowers organizations to be proactive in gaining visibility to and remediating data leakage threats in the Google Workspace environment. The multi-faceted solution provided by Spinbackup helps to prevent and remediate data leakage threats that may threaten a Google Workspace environment by greatly extending the native features that are provided by Google DLP.

With Spinbackup Sensitive Data Control, data and email messages containing sensitive data can be flagged and are clearly noted in the Dashboard under the Data Audit section. Alerts are also sent out to Google Workspace administrators when a new message with sensitive data is sent or received or when Google Drive data containing sensitive information is found.

Gmail messages found with Sensitive Data contents
Gmail messages found with Sensitive Data contents

One ominous threat that presents itself to organizations housing sensitive data in the public cloud is having this data shared outside the organization. End users who have access to various data could either intentionally or mistakenly share sensitive data to someone outside the Google Workspace organization leading to sensitive data being compromised. Spinbackup’s “Items shared with third-party users” is a powerful Sensitive Data Control feature that dovetails into the other features of the solution.

The Items Shared with third-party users dashboard gives clear visibility to data that has been shared outside the Google Workspace organization. These items are of special interest to Google Workspace administrators as it denotes data that is potentially being copied or at the very least, viewed, by someone who may be unauthorized to view sensitive data.

As shown below, Google Workspace administrators can quickly cancel the third-party access and remediate any potential data leak quickly and effectively. The dashboard details the information that is being shared, who shared it, who it is shared with, and the date it was shared.

visibility into Google Workspace data shared outside the organization
Spinbackup provides powerful visibility into Google Workspace data shared outside the organization

Administrators can choose to Cancel the sharing. Once the Google Workspace administrator chooses to cancel the sharing, they can also take ownership of the file(s) in question.

Cancelling and taking ownership of sensitive data

Cancelling and taking ownership of sensitive data with Spinbackup Sensitive Data Control

With the Domain Audit Google Workspace administrators have a broad overview of all the items of interest related to the data security events in the Google Workspace environment. Event types can be filtered based on Risk Level or by the event Type. Notice how the Domain Audit dashboard can easily be filtered by Credit Card, or Data Sharing events.

Domain Audit Dashboard allows Google Workspace Administrators tremendous visibility into Google Workspace security events

Domain Audit Dashboard allows Google Workspace Administrators tremendous visibility into Google Workspace security events

Abnormal logins can also be an indicator of malicious activity with an attacker trying to gain unauthorized access to the Google Workspace environment, potentially with the motive to steal or otherwise compromise sensitive data. Spinbackup gives Google Workspace administrators visibility into failed login attempts which can proactively help thwart the compromise of sensitive data.

Abnormal logins with an inordinate amount of failed attempts are recorded by Domain Audit

Abnormal logins with an inordinate amount of failed attempts are recorded by Domain Audit

Along with the Domain Audit and Data Audit dashboards, Spinbackup is able to proactively notify Google Workspace administrators of Google Workspace environment security events related to data security, leak, etc.

Security alerts can be configured with CCNs are detected

Security alerts can be configured with CCNs are detected

Spinbackup Sensitive Data Control Bolsters Native Google Google Workspace DLP

Google DLP or Data Loss Prevention is an automated mechanism used to monitor both Google Gmail and Google Drive for certain content configured by a Google Workspace administrator that protects data meeting those configured parameters from data leak. Google Workspace administrators can define Google DLP settings for:

Messages

  • Scanned messages – Definition of which messages are scanned, aligning with company data security policies
  • Content – Definition of which content is scanned
  • Remediation actions – Messages can be modified, rejected, or quarantined.

Google Drive Data

  • Google Drive Data that is shared outside the organization
  • Specific matching content in Google Drive
  • Actions include notifications, blocking of files shared

Spinbackup bolsters the native DLP functions of Google Workspace services and also distinguishes itself from Google DLP in key areas:

  • Google DLP only protects while Spinbackup provides additional powerful monitoring that gives full visibility to Google Workspace administrators
  • It provides proactive alerting that gives Google Workspace administrators real-time visibility to defined security events related to data  loss prevention and data leak
  • It is an autonomous system separate from Google services that helps to bolster the native Google DLP functions.
By utilizing both the power of built-in Google DLP functions along with the extended functionality provided by Spinbackup data loss protection and data leak protection, organizations are equipped to meet the overwhelming security challenge presented by Google Workspace environments and sensitive data control. With Spinbackup Sensitive Data Control, data and email messages containing sensitive data can be flagged and are clearly noted in the Dashboard under the Data Audit section. Alerts are also sent out to Google Workspace administrators

Concluding Thoughts on Google Workspace Sensitive Data Control

Security in the public cloud is a multifaceted challenge for most organizations that have moved or are planning on moving data to cloud storage. Rather than shy away from utilizing public cloud data storage due to concerns about sensitive data or security in general, organizations can make use of powerful solutions such as those provided by Spinbackup to ensure data integrity and sensitive data protection. Spinbackup provides the all-in-one solution for Google Workspace organizations to ensure Google Workspace backup, data loss prevention as well and data leak protection and is unique in the marketplace by being able to do this in a single pane of glass product empowering Google Workspace administrators to be proactive about public cloud security with Google Workspace services. Data is the “future gold” of IT infrastructure and organizations must use all means at their disposal to protect it.
Traditional security mechanisms are simply no longer an effective means of data security with today’s fast-paced public cloud and hybrid infrastructures. Spinbackup helps organizations meet the data security

Discover more on Spinbackup GDPR Compliance.

Was this helpful?

Thanks for your feedback!
Avatar photo

VP of Engineering

About Author

Sergiy Balynsky is the VP of Engineering at Spin.AI, responsible for guiding the company's technological vision and overseeing engineering teams.

He played a key role in launching a modern, scalable platform that has become the market leader, serving millions of users.

Before joining Spin.AI, Sergiy contributed to AI/ML projects, fintech startups, and banking domains, where he successfully managed teams of over 100 engineers and analysts. With 15 years of experience in building world-class engineering teams and developing innovative cloud products, Sergiy holds a Master's degree in Computer Science.

His primary focus lies in team management, cybersecurity, AI/ML, and the development and scaling of innovative cloud products.

How Can You Maximize SaaS Security Benefits?

Let's get started with a live demo

Latest blog posts

Importance of Backing Up Google Workspace Data Daily

Importance of Backing Up Google Workspace Data Daily

Many organizations today are heavily relying on cloud Software-as-a-Service offerings for business productivity, communication, and collaboration. One of the leading […]

Google Workspace Backup and Security Guide 2024

This Google Workspace Backup and Security Guide covers 9 burning-hot cloud security topics. These articles will give you helpful information […]

g suite backup tools

How to Backup Google Workspace Data

Having a secure backup is a great way to ensure the protection of your corporate data from loss, overwriting, hacking, […]