HOW TO SPOT SECURITY GAPS IN GOOGLE APPS
A PDF version of this whitepaper is also available. Click the button below to download it instead:
Why People Choose Google Apps
Google Apps is one of the most successful cloud applications, with more than 50 million users across some five million businesses worldwide. And Google estimates more than 5,000 businesses are adding Google Apps every day. The biggest attraction is cost savings. Google Apps users don’t need to buy servers and software, rent data center space and provide power, or keep up with endless upgrade cycles. All that gets replaced by a simple per-person subscription system.
Google Apps provides essential individual productivity applications including email, calendars, contacts, and document, spreadsheet, and presentation editing. Its collaborative functions allow employees to share files of any type, jointly edit documents, and use shared calendars. Google Apps use spreads quickly in organizations that are using it because it’s so user-friendly.
What we’ve learned about not losing data in the cloud
I When you move your data to the cloud, it is important to think about potential data loss scenarios. How could data be lost? What data loss does Google Apps take care of? What situations do you need to handle for yourself?
There are many opportunities for data loss in a cloud-based business. Collectively, we refer to these as “The Backup Gap.” In order to provide security against loss for your business data, you need enterprise-class backup.
Users experience data loss in ‘The Backup Gap’
After the trash bin and before total disaster lies a big space we’re calling ‘The Backup Gap.’ Spanning analysis looked at hundreds of data loss situations.
The “Backup Gap” diagram illustrates the major cloud data loss categories, their rough frequency of occurrence, and how severe the business impact can be for each. Many people empty the trash and then discover they’ve permanently deleted a document. Or they might forget to sign out of a public Internet terminal, exposing all of their documents, business contacts, and calendar entries to a hacker, which could be business-threatening. Nearly all cloud data loss cases fall into a few common categories. Let’s review these.
Can’t use built-in recovery
When an accidentally-deleted document or email is still in the trash bin, it’s easy to quickly recover it. Of course, once the trash has been emptied, the deleted documents and emails are gone. And there are plenty of places where the actions you take are irreversible:
- If a bad sync occurs, your Drive documents can be irreversibly corrupted.
- There is no trash bin for calendars. If a user accidentally deletes a calendar or an entry, they’ll be stuck with recreating the whole thing.
- Once you’ve emptied the trash bin, you can’t get back any of the documents or e-mails that were placed into it.
Google Apps does have some built-in data recovery features, but there are several items where Google provides no recovery protection, such as with contact and calendar data. And even if a situation is covered by their built-in solutions, what happens after you empty your trash?
Accidental user error
As expert users, we often forget how confusing a program can be the first time we use it. It’s easy for a new or infrequent user to misunderstand the results of a task and consequently lose data; they should be able to easily recover it.
One of the best features in Google Apps is joint editing. Several people at once can work on a document, and it’s easy to see who made what changes and even back out to prior versions. But if one person downloads and edits the document using a PC editor, then uploads it to the same document, the revision history can be lost.
We’ve also heard from people who deleted a Google Apps account without realizing that all the documents, calendars, and contacts associated with the account would disappear too if they didn’t remember to transfer ownership of the documents ahead of time.
Getting out of sync
The complexities of working with synced data often surprise people without a thorough understanding of Google features. This can cause significant data loss. Some examples:
- If the ownership or sharing settings of one’s documents don’t sync properly over the network, all of the documents could end up lost.
- Google has a feature which lets users restore their Gmail contacts to a previous state from any time in the past 30 days, but when it restores old contacts, it destroys newer ones.
- A phone user may not realize that deleting a contact or calendar entry from the phone deletes it from Google Apps, too.
- A document deleted by one person can end up moved to a new folder.
- The “permissions owner” of a document may inadvertently delete a document that is vital to someone else.
Hackers and other malcontents
One of the worst situations that can happen is that a vandal hijacks your account. With full access, they can delete everything, empty the trash and you’re left with nothing. A user account can be hacked by behavior as simple as walking away from a hotel PC without logging off.
We’ve also seen the malicious damage that an unprincipled employee can cause just before they quit. Documents can be erased or altered. Google Apps makes it easy to transfer documents from one account to another but only if the documents exist and you can trust the contents.
We hope this paper will put people on the lookout for potential data security issues in the cloud. Switching to the cloud, and specifically Google Apps, is a great thing to do for your business if you want to save time and money. But those benefits disappear if your data is not properly secured and easily recoverable in case of disaster.
Originally published February 2013