As cloud based productivity suites like Google Apps for Work increase in popularity, so too do concerns about security, especially in file sharing components like Google Drive. Challenges such as protecting against unwanted external shares, rogue employees or administrators, and sync of sensitive data via third party apps all rise to the surface. If you're subject to compliance mandates like HIPAA, requiring you to protect regulated data, the challenge is even more daunting. While Google does encrypt Google Drive data-at-rest, those protection mechanisms do nothing to protect the scenarios described above. Enter cloud access security brokers (CASB).
A CASB can help ensure that sensitive data-at-rest in Google Drive is encrypted and protected from unauthorized usage. When implementing cloud encryption, keep these four tips in mind:
- Encrypt only what's necessary
For many organizations that choose to encrypt data in Google Drive, encrypting absolutely everything is overkill. There is a lot of data that you want to share outside of the company, and undue restrictions may cause employees to go rogue and find Shadow IT solutions to problems that IT and security cause. When selecting a CASB, ensure that the chosen solution is able to selectively encrypt Google Drive data. This is typically accomplished by pairing encryption policies to a cloud DLP solution so that you can identify sensitive data such as PII, PHI, PCI, intellectual property, etc, and then encrypt only files containing the data you care most about protecting.
- Don't forget the device
Cloud data protection would be easy if the data stayed put in the cloud. The reality, however, is that as soon as you roll out an app like Google, your employees will download sync apps, add their corporate mail to Activesync clients, login via the web, and more. All of a sudden, your top cloud security concern becomes mobile data protection! Your CASB needs to be able to encrypt data from end-to-end - not only in the cloud, but also the data that gets downloaded to devices (especially unmanaged devices that may not have appropriate security features enabled).
- Broaden your horizons
Cloud encryption can be a great way to protect corporate data, but there's more to cloud security than just encryption. Data leakage prevention, access control, user behavior analytics, and identity management all factor into a holistic cloud security strategy. All of these features should be on your list when shopping a CASB for Google Apps. And if your cloud footprint extends beyond Google, ensure that support for all of these features covers your other apps as well.
- Don't overcomplicate
Part of the beauty of the cloud is how easy it is to deploy. Make sure that your security & compliance solution doesn't throw those productivity gains out the window. An easy to deploy solution eschews complicated device agents, premises software deployments, and expensive professional services. Looks to solutions that deploy quickly and easily, and importantly, preserve the purity of the end user experience.
Learn more about Bitglass' solution for Google Apps security here.