Google Apps Security is too Strong for Microsoft Threats

The Rise of Google Apps for Business has left Microsoft shaking in its collective boots.  Microsoft recently rebranded hotmail addresses to @outlook.com, and it’s hard to imagine Office 365 would exist if not for Google’s presence in the space.  Naturally, MSFT has adopted super PAC techniques to scare customers away from Google Apps.  They warn users that a transition to Google from Microsoft Exchange Server would create security threats.  This is simply not true, so here is some information that could be useful to you if you are on the fence between platforms.

Here is a link to a powerful  Google Security Whitepaper.   You may also find this blog post helpful.
When it comes to security, customer data is sharded and stored in fragments across multiple servers and across multiple data centers to both enhance reliability and provide greater security than can be achieved by storing all data on a single server. When only fragments are kept in any one place, the chance that a possible physical or computer-based compromise could result in the loss of meaningful information is greatly reduced.

Here is a link to a video detailing some of the many steps Google takes to ensure data center security.

Need references?  Hoards of organizations that require top-notch security have recently “Gone Google”.

The U.S. Department of the Interior and General Services Administration recently transitioned to Google Apps, as well as intellectual property sensitive corporations such as Genentech and Motorola.  And, of course, Google!

I recommend the following resources to learn more:

  1. Google’s technical publications (Top 10 reasons to trust Google blogpost, Security First Site.)
  2. Top 10 Stengths of Google’s Cloud
  3. The auditing and reporting tools available in Google’s products.
  4. The public record. In addition to Google’s transparency report, there are several information security organizations which produce incident reports.

In order to reduce the administrative overhead for customers who perform SAS70 (now SSAE16) audits,  SSAE16 is now in place as well as ISO 27001.  The auditors have clearly indicated that these instruments are not intended to be used for sales and marketing purposes.  Therefore Google doesn’t encourage customers to consider certifications in and of themselves sufficient proof of security.

  • There are many other auditing standards and Google uses to regularly evaluate their relevance to customers.  For example, FISMA was added in 2009 to accommodate federal agencies.  FISMA is closely related to the ISO27001 suite of protocols but as of now, they have not yet adopted ISO27001.
  • One should also note that state and local governments are usually not required to have FISMA Certification.  Consequently, most of these government entities can sign up for the Google Apps for Business version and do not need to worry about being out of compliance with stricter federal security mandates.
  • Finally, please know you can add two-step verification for an extra layer of security.  When you sign into your Google Account, Google can require you to have access to your phone as well as your username and password.

Google Drive FAQ’s

Google Drive was released on April 24, 2012. Since then, many questions have arisen regarding Google’s latest innovation. If you have any additional questions, please call 617-340-9812. Here are 10 FAQs:

1). How much storage comes with Google Drive?

Each user gets unlimited storage with Google Docs, and 5GB of free storage for other file types. This can be managed by easily converting .doc, .docx, .xls files etc. to the Google Docs format. Additional storage can be purchased on an as-needed basis.

2). Can Google Drive storage be pooled?

One benefit to Google Drive is the ability of administrators to control and allocate storage. While storage cannot be pooled, it can be purchased specifically for the users who exceed, or are likely to exceed, the 5GB threshold.

3). What file types are supported?

Google Drive viewer helps you preview over 16 different file types, listed below:
Microsoft Word (.DOC and .DOCX)
Microsoft Excel (.XLS and .XLSX)
Microsoft PowerPoint (.PPT and .PPTX)
Adobe Portable Document Format (.PDF)
Apple Pages (.PAGES)
Adobe Illustrator (.AI)
Adobe Photoshop (.PSD)
Tagged Image File Format (.TIFF)
Autodesk AutoCad (.DXF)
Scalable Vector Graphics (.SVG)
PostScript (.EPS, .PS)
TrueType (.TTF)
XML Paper Specification (.XPS)
Archive file types (.ZIP and .RAR)
Text files (.TXT)
Markup/Code (.CSS, .HTML, .PHP, .C, .CPP, .H, .HPP, .JS)

4). What’s the frequency of taking data backup?

Your data is instantly saved and stored in Google’s secure data centers in real-time. If you feel that you need additional backup security, you have the option to add an independent plugin that runs daily automated backups. The backup system will even further protect your data from hacking, user error, malicious deletion, and other forms of data loss. The backup tool is priced at $3 per user, per year.

5). What’s data backup retention? (1yr, 2 yr,… or forever)

Data will be backed up for as long as your account is active.

6). Can we take our data back once we decide not to renew the services? Any service charge if we need to transfer all the data back from Cloud to our hands?

You will absolutely continue to own your data and can easily retrieve your data and files, if for whatever reason, you choose to discontinue Google solutions. Google has an entire department catered to moving data out of Google.

Google also authors a blog devoted to this specific topic. There is no charge for independently moving data. If you would like to outsource data removal, we can assist with the transition, and the price would depend on the amount of data to be transferred.

7). Is subscription fee going to be increased at each renewal?

Google Apps has maintained the exact same price point since it hit the market in 2007. Since then, numerous valuable features, functionality have been added at no additional cost. I can’t guarantee that the price will never change, but there are no plans to do so at this time.

8). Are Cloud data centers located in the US or overseas?

Here is a link to a useful Google security Whitepaper. You may also find this blog post helpful. Customer data is chunked and stored in fragments across multiple servers and across multiple data centers to both enhance reliability and provide greater security than can be achieved by storing all data on a single server. When only fragments are kept in any one place, the chance that a possible physical or computer-based compromise could result in the loss of meaningful information is greatly reduced.

Here is a link to a video detailing some of the many steps Google takes to ensure data center security. For security reasons, Google doesn’t disclose the locations of all of its data centers. However, the data centers are intelligently distributed to ensure security, and to protect against natural disasters and other potential threats. A partial list can be found here.

9). Can a “super user” admin account be setup so he/she can manage everyone’s user account?

Yes.

10). Is there a historical report/log available to show who had accessed (add, change, delete, view) the file?

Yes.