Advanced security config
April 29, 2014
CybersecurityG Suite

Guide to Google Apps Security: Advanced Features

Today’s post is the second in our four-part blog series on the advanced Google Apps security settings. You can read part one here. The complete guide to enhancing the security of your data can be downloaded here.

In our first blog post, we went through Google’s approach to security. We also went over settings for Google Apps Security, including information on calendar sharing and visibility. Today, we will walk through the advanced security settings for Google Drive, Sites and Contacts.

Google Drive

Google provides Administrators settings to limit sharing and visibility of Google documents, to restrict offline file access and syncing, and to prevent access to third-party extensions and apps. Google also offers a Docs audit log that permits an Administrator “to see when users view or edit Docs.

Sharing and visibility

Most Administrators configure a newly created Google Doc to be private by default, and allow people to share the document outside the organization. Typically, the system is set to warn people before sharing a document externally.

But the collaboration capabilities of Google Docs can be restricted. An Administrator may disable publishing documents to the web or prohibit sharing outside the organization. A slightly less restrictive setup requires people who access a shared Doc to do so with a Google Account.

Learn more from Google about default document sharing and visibility settings.

Offline access

People who use Windows, Mac, or the Chrome browser to access Google Drive may all work offline. The Google Drive app on Windows and Mac syncs files stored on Google Drive to your local system —including non-Google Docs format files, such as Word, Excel, PowerPoint or PDFs. Chrome apps and extensions let people work with Google Docs offline in the browser. Administrative settings can block the installation of the Google Drive app, as well as prohibit access to Docs offline.

Learn more from Google about the installed Google Drive app and working with docs offline.

Apps and extensions

Google offers three ways to add or extend apps: the Google Apps Marketplace, the Chrome Web Store, and Add-ons (in Docs).

Only a Google Apps Administrator can add apps from the Google Apps Marketplace. Apps added this way appear in the Google One bar’s “More…” menu (the Google One bar is the grid of nine small squares in the upper right). Typically, everyone in the organization has access to these apps.

The Chrome Web Store offers even more apps that store data on Google Drive. People who use the Chrome browser can add these apps, then create and save files with these apps in Google Drive.

Google also offers “Add-ons” for some Google Apps, such as Docs and Sheets. These add features that check grammar, merge data to labels, or track document changes.

You can block access to both the Chrome Web Store and Add-ons. There’s no need to block Google Apps Marketplace apps, since only Administrators can add those apps.

Learn more from Google about the Google Apps Marketplace, Chrome Web Store, and Google Docs Add-ons.


Google Sites may be used to create public websites, restricted-access project sites, or private internal sites.

As with Google Calendars, the Google Apps Administrator sets the highest level of access available for for Google Sites. People may be prohibited from making a Google Site public, or from sharing a Site outside the organization. People may also be prohibited from allowing viewers to comment on Sites.

A Site owner may restrict access to the Site, or to specific pages on the Site. Page-level permissions require people to login in order to access restricted information.

Learn more from Google about Google Sites sharing settings.


Google Apps Contact sharing is enabled by default: people can find contact details for other people in the organization. Additionally, email auto-complete options will display people listed in the directory. With contact sharing disabled, internal contact details will be unavailable. All Google Apps account users are automatically listed in the Directory. You may add additional contacts to the Directory, but doing so requires external tools.

Contacts people create are private. However, a person may choose to “manage delegation settings” to share their contact list with another person in the organization. Contacts shared in this way will display with the label “Delegated contacts”, and can only be accessed in a web browser.

Learn more from Google about Google Apps Directory contact sharing.

Help your colleagues learn how to share access to all of their Google Apps contacts.

In the next post, we will highlight all the need-to-know settings for securing Gmail. For the complete story on how to enhance the security of your Google Apps domain data, please download the complete guide to advanced security configuration and compliance below and be on the look out for more content like this in our Google Apps training guide series.


SaaS Data Under Siege: Ransomware’s Rising Threat

Your cloud data could be just as vulnerable to the next wave of cyberattacks as data hosted on-premises

Office 365 logo

Secure Office 365 data protection. Backupify delivers fast recovery of Exchange, OneDrive, SharePoint Online, Calendar, Contacts and Microsoft Teams data.


Office 365 logo

Google Vault alone does not ensure your G Suite data is recoverable. Quickly restore lost data from Gmail, Calendars & Contacts, Drive and Shared Drives with Backupify.


See Why Backupify Wins SaaS Backup