Protecting G Suite data - who's responsible?

Protecting G Suite data - who's responsible?

posted in Backup & Recovery ● 20 May 2020

As millions of people work from home to reduce the spread of coronavirus, the adoption of cloud computing, productivity and collaboration tools such as G Suite continues to grow at a pace.

Google’s G Suite bundle of software for businesses, schools and public sector organisations had more than six million paying customers in March.

When it comes to G Suite backup and protecting G Suite Data, establishing who is responsible for what is crucial, especially now that so much of the information stored is business-critical and most importantly often the latest version of that data.

The responsibility for cloud security is shared between the software provider and the data controller/owner.

SaaS companies such as Google are highly motivated to avoid the bad publicity that would arise from any widespread events that portray their applications or underlying infrastructure in a poor light.

For that reason Google invests heavily in security infrastructure and security personnel to protect their reputation – the success of their business depends on it.

However, SaaS companies are not focusing on your users, your data – or any activities that threaten your capability to recover business-critical information:

  • Accidental deletion
  • Misaligned retention policies
  • Malicious insiders
  • Malware
  • Ransomware

In these cases, it’s not Google whose business is on the line if your actions have left you susceptible to these risks.

It’s down to you to fill in the gaps with a third-party backup provider – and the reason for that is clear when you take into account that data loss due to user error is the No. 1 reason organisations lose critical sales, marketing, customer, financial, and IP data stored in email and documents. Here we’ve listed some of the reasons it is vital to consider protecting G Suite data.

Non-compliance is a problem too

All organisations are required to hold records of current and historical data for litigation purpose and legal compliance.

Using Google Vault to create a litigation hold for retrieving past data from archives only works up to a point.

For instance, the ugly spectre of non-compliance arises if 20 days have passed and you are suddenly called upon to recover the data from a deleted user’s account. Put simply, the data will have disappeared.

Considering the average length of time from data compromise to discovery is more than 140 days, you have a worryingly little window within which to act.

If an administrator takes more than 25 days to discover that data has been mistakenly or maliciously deleted from the trash basket – he has no way of getting it back.

Accidental deletion

There are several reasons why users might delete a file:

  • To create space on Google Drive: Users invariably respond to notifications that they are running out of space by deleting files that seem less important. Trying to regain space in this way is a dangerous practice as it will be impossible to recover those files again should they be required later.
  • To get rid of duplicated files: The collaborative feature that allows users to work on the same file in G Suite is very useful, but it also leads to many different versions of the same file. When erasing all the duplicate copies, it is very easy to put the original in the trash too by accident.
  • To prevent the exposure of sensitive information: Once an assignment is completed, users have a habit of deleting business-critical data for fear of it falling into the wrong hands. That can turn into a massive problem if you ever need to revisit that confidential information and there is no backup.

Malicious behaviour

The installation of some third-party apps provides gateways for hackers to steal or permanently delete files.

Users typically stay ‘signed in’ to many devices. If one of these is lost or stolen, it is possible for someone to wreak havoc, deleting shared data – and what if there is only the one copy?

For ransomware to infect a system, sometimes all it takes is for an unsuspecting user to download an email attachment – and if you sync your desktop data to the Google Drive associated with your G Suite account, the problem gets worse.

Out of your control

In January this year Google Drive suffered a server failure, leading to widespread service disruption all around the world. Users were left waiting for an hour before hearing they could again access Google Drive, including Docs, Sheets and Slides.

If business continuity is important, you need to be back up and running as quick as possible, not left at the mercy of your software provider’s ability to resume the service.

G Suite administrators have the option of making use of Google Vault, a web-based archiving tool, to retain, hold, search and export data.

However, Google Vault does not create a separate copy of the data, so when data is deleted from Drive, it’s deleted from the archive as well.

A separate backup can also help with the migration of data in the event of a merger or acquisition, a welcome benefit considering that studies have shown the failure rate of the process is as high as 38 per cent.

Google will do everything it can to secure your data in their services, but while cloud vendors can help accomplish part of your security and compliance goals, they aren’t going to take responsibility for all of it.

The solution

If organisations are to maintain compliance with the General Data Protection Regulation they need a separate backup strategy to protect data residing on laptops in people’s houses.

The issue is not just around timely recovery, but subject access queries which are going to be very hard to fulfil when data is spread so widely.

Protecting G Suite data as part of a unified data management strategy puts all that important data in one place.

Redstor’s data management solution enables you to view cloud and onsite data in one place through a central management console, address e-discovery requirements and comply with GDPR by searching and actioning data wherever it is.

With one central, easy-to-use system there is also the benefit of being able to simplify and automate your data management and establish a consistent data protection policy across your whole estate.

Redstor can also back up any other data – whether that is from a customer’s primary infrastructure or other SaaS solutions such as Microsoft 365.

So if different data types need protecting, it does not follow that you need multiple different backup solutions.

Discover more about a pioneering technology that provides visibility and on-demand access to data, wherever it is stored, delivering backup and recovery, archiving, DR and Search and Insight through a single, centralised system.

 

Protecting G Suite Data

Benefits of Automated Data Management

7 pay-offs one-stop data management gives MSPs

The Covid-19 pandemic has forced many managed service providers to seek faster, easier and more scalable ways to manage their customers’ data.

Continue reading

POPIA makes SA CEOs more accountable

Following a three-month delay due to coronavirus – and more than seven years after its enactment – the Protection of Personal Information (POPI) Act has finally come into force. 

Continue reading
Microsoft Teams Backup

6 reasons why you need Microsoft Teams backup

The huge uptake in Microsoft’s Teams app is yet another indication that we have changed the way we work – maybe forever.

Continue reading