This is the second post in our three-part blog series on the basics of securing a Google Apps domain. You can read part one here. The complete guide to enhancing the security of your data can be downloaded here.
In our first blog post, we gave you the basics you needed to enhance the protection of your data within Google Apps. Today, we will go through mobile device management capabilities you need to leverage to keep your data safe and sound.
Mobile devices are worthy of their own call-out in Google Apps security controls, not least because they are perhaps the most easily stolen pieces of computer hardware on the planet. In the event that a mobile phone, tablet or laptop that has previously been used to access your Google Apps domain is stolen, there are some very specific security responses you can employ to keep your Google Apps data safe.
Prevent domain access from a lost mobile device
In many cases, a lost mobile device or laptop isn’t a direct risk to you Google Apps domain because a thief would still need to log into your domain to reach your data – and that will require a password and/or an authentication code. The exception here is a device with an active login session, meaning a user is logged into their Google Apps account on the device when that device is stolen. The thief will have access to your Google Apps domain unless and until the login session expires.
Fortunately, Google Apps administrators can reset the sign-in cookies for any user, effectively logging them out of every active session and forcing the user to sign in again. If a user reports a lost device to you, resetting their sign-in cookies should be your first response.
Wipe a mobile device
Resetting sign-in cookies does not revoke access to your domain via a specific mobile app, like Google’s own Gmail or Drive apps. In cases where your users connect to your domain via these apps, you’ll need a more stringent response – the ability to wipe data from a stolen smartphone or tablet.
This technique is a bit more advanced and applies only if you have a Google Apps Device Policy or Google Sync in place on your users’ mobile phones. Fortunately, you can require users to download this policy enforcement software before they can connect to your domain via a mobile app. (Users can still log into your domain via a mobile browser even with this requirement in place, but the browser doesn’t store any local data and you can cut off mobile browser sessions by resetting the sign-in cookies for the user.)
If the policy enforcement is in place, you can actually wipe all data from a smartphone or tablet, returning it to its base factory software condition. It’s a nuclear option, but one that’s often worth it.
For the complete story on how to enhance the security of your Google Apps domain data, please download our guide to Google Apps Domain Security below and be on the look out for additional eBooks in our Google Apps training guide series!