Advanced Security for Google Apps: Chrome, Google+ and More

Today’s post is the fourth and final in our blog series covering advanced security for Google Apps. You can read part one here, part two here and part three here. The complete guide to Google Apps security configuration and compliance can be downloaded here.

In the three previous posts, we highlighted the advanced Google Apps security settings for Google Calendar, Drive, Sites, Contacts and Google Mail. Today, we’ll highlight the need-to-know settings for other Google services, including Chrome, Google+ and Google Vault. We will also cover data recovery solutions for the Google Apps suite.

Other Google Services

As an Administrator, you may enable (or disable) many other Google Services. These services are outside the “core” services, and include offerings such as Blogger, the Chrome Web Store, Google AdWords, Google Analytics, and many others. (To view these services, login to the Administrator Control Panel. From the Dashboard, select “More” at the bottom of the screen, then choose “Other Google services”.) Review the entire list of “Other Google Services” and consider disabling services that your organization doesn’t use.

Most of the services offer only two options: enable or disable. However, two of these “other Google services” offer extensive security and configuration settings: Chrome Management and Google+.

Chrome management

Many Google Apps work best when used in Google’s Chrome browser. For example, Chrome enables  offline use of Gmail, Docs, Sheets, Slides and Drawings.

Chrome and Google Apps work best together when people login to Chrome with their Google Apps account. (To login to Chrome: select the three-line menu in the upper right, then choose “Sign in to Chrome”.) Since Chrome works on Linux, Mac and Windows systems, this provides a consistent experience across platforms.

As Administrator, you can control many Chrome settings for people in your organization. For example, you can auto-install specific Chrome apps and extensions, or disable the saving of passwords and/or browser history. You may also customize how Chrome handles content (e.g., Javascript, pop-ups, plugins and more) and printing. There are many customizable Chrome settings. It may take some time to review them all, but since the settings apply to everyone in the organization, this is time well spent.

Learn more from Google about Chrome Policies for Users and how to Set up Chrome for Business.

Google+

If you’ve enabled Google+ for your organization, you choose the default setting for new posts: either restricted (viewable by other people in the organization), or public. People may change the setting, though.

You may also disable access to Hangouts on Air. Note that this setting is different than the Talk/Hangouts configuration settings found in the Google Apps > Talk/Hangouts area.

Learn more from Google about Google+ Premium features.

Google Vault (for compliance)

Google Vault adds email retention, search and export services to Google Apps. As Administrator, you define retention rules. These rules define which emails are preserved—and for how long they will be preserved. A retention rule may preserve email for a specific organizational unit, during a defined time period, or containing specific words. Preserved emails may be searched and exported. (Note  Google Vault is an added Google service, available on an additional per user per month fee basis.)

Learn more from Google about Google Vault.

Google Apps Marketplace

The Google Apps Marketplace offers hundreds of third-party apps that integrate with Google Apps in various ways. Most of these apps integrate with Google’s “single sign-on”: you—the Administrator —add the app, then everyone in the organization can access the app from the Google One bar’s “More…” menu. (The Google One bar is the \ grid of nine squares in the upper right.)

Learn more from Google about the Google Apps Marketplace.

Integration and data access required

Many apps require access to your organization’s Google Apps data. Project management apps may connect to Calendar data. Flowchart apps may need access to Google Drive documents or photos. Mail merge apps often connect to spreadsheets. Review permissions required by each app carefully.

You should investigate the vendor, as well. Look at the Google Apps Marketplace “star-rating” and verified reviews: is feedback generally positive? Pay attention to security details provided by the vendor, as well. For example, Backupify completed a Service Organization Control Type II (SOC 2) audit; the same as one of the security audits completed by Google. Remember, vendor assertions are helpful, but external audits are also necessary.

Learn more from Google about how to evaluate a Marketplace app’s security.

Review connected apps

In the Google Apps admin control panel, select “Marketplace Apps” to see all Marketplace apps connected to your Google Apps.  Review connected apps periodically. Revoke data access and delete apps no longer needed by the organization.

Learn more from Google about app data access.

Reset, Recover and Reach Out

People forget passwords. Add user support contact information to your organization’s Company Profile so people can contact someone when this occurs. Administrators can reset a user’s password. All Google Apps Administrators should add both a phone number and recovery email address to their accounts, so as to to enable password recovery for Administrator accounts.

Data recovery

In some cases, deleted Google Apps data can be recovered.

Deleted Contacts may be restored to their state anytime in the prior 30 days (go to Contacts > More… (above main contact listing) > Restore contacts…).

In some cases, deleted email may be restored by searching the email Trash folder (if found, select the email then choose “Move to Inbox”).

A similar process may work for some deleted Drive documents: search the Trash folder, then select the item and choose “Restore”.

A deleted page on a Google Site may be recovered within 30 days. (Go to the Site > choose “More actions” > Select “Manage Site” > then choose the Deleted items tab > select the page, then choose “Recover”).

Not all deleted items can be recovered. For example, deleted Calendar Events cannot be recovered. Any item “deleted permanently” or “immediately” cannot be recovered.

Third-party solutions, such as Backupify’s Google Apps backup make recovery of deleted Gmail, Calendars, Contacts, Drive documents and folders, and Sites possible.

Learn more: Google Apps & Security

Google’s teams continuously monitor and periodically modify Google Apps to improve security. The team announces new features and changes on the Google Apps blog. New features may mean new settings you need to review or change. Follow the blog to stay up-to-date.

Conclusion

While Google is protecting all the bits of data in your company’s domain, it’s critical to configure the right privacy and security settings for your business. After the basics are checked off, it’s necessary to meticulously go through all the Google Apps settings - ensuring the right amount of access for employees. It’s a lot easier to enjoy the benefits of Google Apps once your data is secure.

For more information about Google Apps, subscribe to our blog or check out the other guides in the complete Google Apps Training Guide series, including:

• Setting Up Your Google Domain
• Securing Your Google Apps Domain
• Setting up External Mail Servers
• Advanced Security Configuration & Compliance
• Mastering Google Apps Organizational Units & Permissions