Skip to content

Best Practices for Securing Mobile Devices in Google Apps

BetterCloud Monitor

May 22, 2014

3 minute read

th21 630 istock man smartphone iphone texting text call phone 630w

th21-630-istock-man-smartphone-iphone-texting-text-call-phone-630wThe cloud has given employees and organizations more choices than ever before. We can work from anywhere on any device at any time. While this mobility serves us well for the most part, it can also be a cause of concern for the IT department. Employees have important and often private company data at the tips of their fingers – usually on both personal and corporate-owned devices. So how can you as an IT administrator keep company information secure while also giving your employees the flexibility to work from anywhere on any device?

Utilize Google’s New Mobile Security Features for Android

This week, Google announced new security features for Android giving IT administrators more autonomy when it comes to managing Android devices that access company data. New functionality gives you the ability to:

  • Set policies that wipe inactive accounts from devices that have not been synced for a predetermined time period
  • Allow only certain users to access EAP wifi networks
  • Detect and block compromised devices
  • Access new reporting fields to better understand devices in use by your employees

You can explore these features in-depth here.

To begin using these new features, head to the Google Apps Admin Console then Device Management > Device Management settings.

While these new features are certainly helpful if any or all of your users are solely using Android devices, part of operating in the cloud is giving your employees choices, and some employees may opt to use an iOS rather than Android device. While Google has yet to roll out as extensive mobile security for iOS, there are still plenty of ways you can sure up your employees’ Apple devices.

In the Device Management settings panel of the Admin Console you’ll find many configurable settings for both Android and iOS devices to provide added mobile security. Important settings include requiring users to set device passwords and device data encryption.

Examine Third-Party Applications in Use by Employees

Knowledge is power when it comes to cloud security, so knowing which applications have been installed and authenticated using corporate Google Apps credentials is essential. Third-party products, like FlashPanel’s Apps Explorer dashboard, can provide insight into which Google Play Store and Apple App Store apps have been installed by end-users. You can also blacklist applications you feel pose a threat to corporate governance. Once blacklisted, these applications immediately lose access to any Google Apps data they were previously touching.

Encourage Users to Operate Fully in the Cloud

While it may seem counterintuitive, we truly believe operating fully in the cloud is the safest way to work. Imagine an employee downloading a corporate document to their personal device and later losing that device. The data would be stored locally on the device and easily accessible. Encouraging users to keep everything in the cloud means that all corporate data remains behind your secure Google Apps domain. Using iOS and Android versions of Drive, Docs, Sheets (and soon Slides) will make operating in the cloud, on the go simple for your employees.

And, to further increase the security of operating fully in the cloud, you can enforce two-step verification for users. Two-step verification requires a user to have two pieces of information – something they know like a password and something they have like a PIN sent to their phone – whenever accessing Google Apps from a new device. To set up two-step verification, head to the Admin Console > Security Settings.

BYOD is here to stay and embracing it now by implementing policies that protect both corporate and user data will set you up for long-term success in the cloud.