5 Critical Numbers Every Google Apps Admin Needs to Know
October 20, 2015
4 minute read
To keep your organization secure, you need to be aware of many critical elements within your domain. The rapid proliferation of cloud applications can make this challenging–but not impossible.
One thing we’ve learned from our research and discussions with cloud IT admins is that no two organizations are the same. Each organization–and IT admin for that matter–deals with a unique set of challenges specific to them. But there is some overlap between Google Apps admins and the challenges they face.
We’ve laid out five areas you can monitor to help keep your domain secure and your users safe–and even cut costs.
1. Number of Super Admins
Our first number–the amount of super admins in your domain–is arguably the most important. Super admins ultimately hold the keys to your domain, and as the phrase goes, “With great power, comes great responsibility.” It must be absolutely necessary for an admin to have super admin access. Otherwise, you’re just exposing yourself to unnecessary risks.
Tips regarding admin access:
- Reduce the number of super admins, but make sure it’s always more than one. Super admins have the highest level of access and if your super admin leaves or if there is an emergency, you could be in big trouble.
- Perform regular reviews (every 90 – 180 days) of your admin access rights, not just super admins, but for ALL admins.
- Take advantage of access roles to ensure admins only have access to what is necessary.
- Require 2-factor authentication for all super admins, even if you have single sign on (SSO). Super admins can bypass SSO and log directly into the Google Admin console from anywhere in the world.
2. Number of Publicly Shared Docs
Do you know how often your employees are publicly sharing documents? Publicly sharing documents is often necessary for collaboration and communication; however, publicly shared documents can put your organization at risk.
You need to know who’s publicly sharing documents in order to make informed security decisions.
Tips regarding publicly shared docs:
- When necessary, configure your organization units (OUs) to restrict publicly sharing documents.
- Configure default settings to help prevent accidental sharing. Set everything to private and prompt users when they’re sharing documents publicly out of your domain.
- Leverage a data loss prevention (DLP) solution to monitor sharing in near real-time.
- Review your processes and policies around document transfers when a user leaves your organization.
3. Number of Suspended Users
Suspended accounts are still billed by Google, which means the accounts you suspend, but don’t delete, are going to cost you money. Of course, it may be necessary to suspend users at times–like for an extended leave of absence or sabbatical for instance–but being aware of the number of suspended users in your domain is a great cost-saving measure.
Tips for dealing with suspended users:
- Limit the suspension times to a set time period.
- Leverage archiving or backup solutions, then delete suspended accounts.
- A lot of organizations actually just restrict access to the account up until the point they delete it. This can allow you to set up delegated email access as well as an auto-reply for users.
- Monitor the number of suspended users by running regularly scheduled reports.
4. Amount of Storage Space Remaining
Organizations that aren’t on Google Apps Unlimited can run out of storage space, especially as Google Drive adoption grows within your organization.
Tips for managing your storage:
- End users are notified if they are approaching storage limits, but you need to be aware of storage limits as well–you can then proactively provide your users with the space they need.
- Monitor sudden spikes in the amount of space used on a per user basis. This may be caused by any number of things, but in some cases it can help you identify wasteful storage practices or even malicious activity.
- Create a policy for users requesting additional space and always make sure you understand their reasoning for needing more space.
- Create an email retention policy. Some people will keep every single email they’ve ever received, even over the course of many years.
- Leverage a tool that allows you to monitor file types stored in Google Drive. Look out for music, movie, and picture files that may be unnecessarily taking up space.
- Instruct your users to convert all your Office documents to Google files. Google files don’t count against your Drive space.
5. Number of Cloud Applications Accessing Your Domain
Cloud applications bring all types of benefits to your organization, but it’d be naive to think they don’t come with some risks. You need to make sure you understand these risks and have a clear view of the cloud applications that can create them.
Tips for securing cloud applications:
- You can use the Google Admin console to restrict certain cloud apps from accessing data within your domain.
- Run a third-party app audit to see which cloud applications are accessing your domain.
- Leverage a policy-based tool to restrict and revoke access to certain cloud applications. Make sure the solution you choose enables granular policies (by department, by role, etc.).
- Educate users. Make sure they understand the policies they’re agreeing to. If a gaming app is asking to read or write data within Google Drive or Gmail, it’s probably an application that presents a risk to your organization.
The Changing Challenges of IT
Google Apps security is something that every admin needs to take seriously. With the right tools and practices in place, you can cut costs and help keep your domain secure.
IT is an evolving discipline and the list above will likely look vastly different for Google Apps admins in just a few years. How do you think it will change in the years to come?
This post was inspired by a recent webinar with BetterCloud CEO David Politis and BetterCloud’s Google Apps Expert Kyle Quinn: “10 Numbers Every Google Apps Admin Should Know About Their Domain.”