Written by Google | Dec 13, 2022 9:14:52 PM
The recent rise in cyber attacks makes it more critical than ever to get IT security right. And organizations of all sizes can be targeted by increasingly sophisticated attacks. The shift to hybrid and remote work models—where employees need to be able to work from anywhere, at any time, on any type of device, while securely connecting to company data and applications from multiple places, including home or public Wi-Fi—creates new requirements. As a result, IT must secure numerous endpoints without disrupting productivity.
Despite how central it is to business success, security is often seen as an overhead tax for both employees and IT teams. Thirty-seven percent of enterprise IT leaders and knowledge workers say security and regulatory policies are the biggest challenge to an effective employee digital experience. And it’s increasingly time-consuming for busy IT teams: nearly half of IT professionals say they spend five to eight hours each day on security, compared to 35% in 2019.
One of the problems is the continued use of traditional on-premises solutions, where data and documents may be shared and kept on local devices, leaving employees and companies more vulnerable to the sophistication of present-day attacks. At Google Workspace, we believe that organizations that adopt cloud-based tools with built-in controls can deliver the reliable protection both employees and IT need. Done right, security can feel invisible to employees and effortless to IT, giving everyone more time and attention for higher value work.
Built-in security controls to empower more effortless collaboration
Achieving balance between flexibility and security can be challenging for traditional on-premises solutions. As an example, imagine a common workplace collaboration scenario.
- An employee creates a document on their device’s hard drive.
- The employee then uploads the file as an email attachment and sends it to three other colleagues.
- The three other employees each open the email, and download a copy of the file onto their devices.
- Each employee revises their version of the document on their devices.
- Each of three colleagues attach their version to additional emails to reply back to the original sender.
- The original employee then downloads the three revised copies onto their device’s hard drive.
Multiple versions of the document are now stored on four local devices, posing an increased security risk. In order to protect data that has been distributed and stored on multiple hard drives, IT has to configure the security protections and controls installed on many different employee devices. And they must trust that third-party security software has been regularly updated.
Fortunately, there’s a better way.
Google Workplace is cloud-only and designed for hybrid and remote work; it keeps sensitive data from floating around in attachments or third-party storage applications, and delivers robust threat detection and protection. When data is consolidated and stored in the cloud, rather than spread out on individual devices, employees can easily access it from wherever they are. The IT team can apply a single set of rules to help secure data all at once, and everyone can work more efficiently and safely.
In contrast to the collaboration scenario above, when an employee creates a Google Doc, Sheet, or Slides presentation, they can simply grant edit access to their colleagues. They can send a link to the file, without attaching or sending the actual file. As people collaborate together on the shared file, it remains secure in the cloud with built-in protections that restrict unauthorized users and flag sensitive content before it’s shared. To get ahead of suspicious activity or perceived risk, IT maintains granular control of internal and external sharing, giving admins more flexibility to establish collaboration boundaries without having to interact with employee devices.
Google Workspace is a cloud-based collaboration solution with a secure-by-design approach. We aim to create a win-win solution for both IT and employees. Centralized control helps IT admins simplify and streamline their workflows and reduces the need for manual intervention. At the same time, employees can work and collaborate safely without adding extra tasks — like updating software or determining if an email attachment is malicious — to their workload.
Adopting a zero-trust model: ensuring the right people have access to the right information
End-user vulnerabilities are the primary way bad actors gain entry to organizations. In fact, 82% of breaches involve “the human element,” which includes social attacks, such as phishing and malware scams. These threats are increasingly sophisticated, so organizations need security solutions that can detect the latest risks to protect employees without slowing them down. And, since it takes less time (and money) to prevent a threat than to deal with a breach, IT teams need these solutions to work before bad actors enter the organization.
On-premises security systems can receive updates, but they can’t keep up with fast-moving threats like phishing scams, which often have a shelf-life of minutes. Additionally, these solutions operate by identifying “trusted” users and automatically granting them network entry. Once inside, those trusted users can typically access applications and data whether they need them or not. And a bad actor posing as a trusted user puts the organization at risk and IT on high alert — often to the detriment of their other priorities.
By contrast, Google Workspace offers zero-trust security controls to help IT efficiently and proactively manage end-user risk. Specifically, this approach constantly authenticates and authorizes user actions and enables IT to control access to data and applications based on user and device security posture and other contextual information.
Think of the zero-trust model like a physical bank with multiple layers of security protecting its assets. The building walls and security guard separate the bank from the outside world, but customers can enter to do business. Teller windows allow customers to complete specific transactions. Finally, the vault at the center of the bank houses its most valuable contents, and only highly authorized people can enter it.
IT admins can customize Google Workspace to function similarly, with layers of security regulating access to data. Granular controls powered by Context-Aware Access, as well as policies like data loss prevention (DLP) for Google Chat and trust rules in Google Drive, grant various levels of access to applications, content, and data for the employees who need that information and restrict access for those who don’t. And client-side encryption gives organizations even more control to strengthen the confidentiality of their most valuable content, like highly sensitive or regulated data. This approach to security ensures each employee can seamlessly access the information they need to do their particular job, without exposing the rest of the company's data to risk.
Helping people make smarter, safer choices
The most effective security solutions should operate behind the scenes with little employee involvement. If security alerts happen after employees share sensitive data, IT has to get involved, spending more time and attention remedying the situation retroactively.
Proactive, contextual alerts can help employees make smart decisions that limit disruptions to their work and allow them to resolve issues before they become problems, without automatically involving IT. Google Workspace draws on Google’s long history of protecting organizations and users at scale to offer employees helpful security nudges. Google’s AI-powered threat detection capabilities are informed by signals from billions of endpoints and users to help stop the vast majority of threats from disrupting your organization.
For example, custom data loss prevention (DLP) helps employees avoid sharing restricted data, like credit card information, over Google Chat. Once admins have created custom policies regarding sensitive data, checks happen in real time as employees go about their work. When someone tries to share sensitive information, Google Workspace applies a corrective action without the delay that’s standard across the industry. Then, the employee receives an alert letting them know the message conflicts with the company’s security policy, and they’re prompted to edit the message or contact an admin for further clarification. Automated protections keep your employees safe from emerging threats, so they can meaningfully and securely connect to create, build, and grow together.
Gmail also automatically flags suspicious emails to ward off phishing attacks and notifies employees when they’re sending emails outside their organization to prevent sensitive information from being shared with the wrong people. In fact, we protect Gmail users from nearly 15 billion unwanted messages a day, blocking more than 99.9% of spam, phishing, and malware. By presenting these alerts within the apps where people are working—instead of sending people to another web page—it’s easier and faster for employees to resolve the problem on their own and get back to work.
Security built for the way we work today
Organizations of all sizes need security that is robust enough to protect against increasingly sophisticated threats, yet flexible enough to support a hybrid work model where employees can work from anywhere with ease. Cloud-based tools with built-in, proactive protections and a zero-trust architecture can help improve and simplify security for both employees and IT, so everyone has more time to focus on meaningful contributions that support business growth and power innovation. To learn more about Google’s approach to security and compliance for Google Workspace, check out our security whitepaper.