The most common question or hesitation for SME business when it comes to switching email platforms to Google Apps is whether or not the platform is secure. People often become uneasy when they think about having their important business data in the Cloud and no longer residing in their offices.
At the same time, every second day there is a news release about large businesses having their data hacked leaving the many of us feeling uneasy. It is ironic that while businesses are fearful of the Cloud not being secure enough to store important data, it is often the data stored on the servers in the offices most at threat. My experience over the last 10 years with data security in SME businesses is that they are low if not lacking. Their businesses are usually wide open to internal and external threats typically through the way they have set up remote access to their computers and servers.
The beauty of the Cloud based system particularly through Google Apps is the responsibility of securing your data is shifting from the business owner to the service provider. Google Apps takes security very seriously and is the businesses no. 1 priority. As a multibillion dollar organisation, they have the best security experts and systems in place to keep their customers data secure. Take a look at this video which explains Google Apps security
A few other concerns are in relation to ownership and access to data. With Google Apps, all client data stored with them remain your own. You are free to access and download the data at all times and stop using Google Apps altogether if you wish. Instructions on how to download all your data can be found here.
Google confirms that all data stored with them remain your own which means 3 vital things:
- Google keeps your data as long as you require Google to keep it.
- Finally, you should be able to take your data with you if you choose to use external services in conjunction with Google Apps or stop using Google services altogether.
The only time Google can access your data is when:
- For the purpose of providing technical support, an administrator from your domain may choose to grant the Google Support team permission to access accounts in order to resolve a specific issue.
Google would not risk their reputation by reading client emails or accessing their data. If they did they would be found out very quickly particularly with 5 million customers.
Google Apps backend system is very secure. The only real concern involves how users of Google Apps access and share data. Google has designed some additional safeguard to enhance security for the users.
2-step verification enables you to use a smartphone with an app that generates a second password when you log into Google Apps. This is similar to a bank login you may currently be using. Often your password becomes known by others either by websites you subscribe to or colleagues.
Single Sign-On (SSO) is another security option which enables you to have your own login portal for many of your cloud apps. You can login to the one account and it will allow you access to all the others without having to enter passwords. You can also enforce passwords to be updated by the users every month or so.
Enabling SSL encryption as a default can be done so all web browser data is encrypted. SSL is added security for your users. If your users access Google Apps on a non-secure Internet connection, such as a public wireless or non-encrypted network, your users’ accounts may be more vulnerable to hijacking.
Password complexity. Its a good idea to make the minimum password complexity requirements quite strong. You can enforce this in Google Apps or your Single Sign-On provider. I would recommend as a minimum 8 characters long with upper and lower case as well as numbers.
Its very important to review and put measures in place to protect your business data.
A few weeks ago I blogged about performing yearly IT security review, take a look here for the article.
In the next few weeks I will provide detailed instructions on how you can increase your security in Google apps with the 4 recommendations above. If you need any help implementing additional security, feel free to give Onsite Helper a call on 03 9999 3106
For more information on Google’s agreement to keep your data secure, take a look at this white paper.