1. Introduction

In this service, we will assist the valued customers to optimize, prepare, and monitor the security of their G Suite for Work domain to reduce security risk as well as mitigate threats. The objective of this service offering is to:

• Ensure the customer is following security best practices by auditing and suggesting G Suite configuration changes

• Create a roadmap of action items based on the security assessment, and perform the required actions to improve customer’s security posture

• Create a security response plan and security training for end-users that is current and up-to-date, through recurring security reviews

2. Opportunity & Impact

This service helps improve the overall security of G Suite domain. This will help configure the current Email environment to improve the following areas:

Security Risk:

• Decrease the risk of successful phishing attempts

• Decrease the  number of spam and malware messages

• We can minimize the risk of client, account, and/or G Suite data leakage

• We can set up alerts and monitoring to be proactive of suspicious activities

Security Awareness:

• Training end users on security best practices when working on G Suite

• Increase adoption and awareness of Google security features

• Increase awareness of security exposure in G Suite domain

3.Approach & Activities

At a high level, this offering has three phases with key goals defined for each of them,

In detail, these are the activities that are part of the service:

Assess

The goal of the Assess phase is to evaluate the G Suite Admin settings and security processes currently in place (e.g. how passwords set, what security training is done, Drive share settings, browser strategy etc.)

Using a checklist,the core activity is to audit key G Suite Settings for authentication, Gmail, Calendar, Drive, Hangouts, Sites and Mobile Device Management against security best practices, and ensuring the customer is aware of the risks associated with deviating from best practices (e.g., SPF/DKIM not configured for the domain).

For this information gathering phase, it is highly recommended to schedule discovery calls and audit items in the checklist that cannot be captured from the Admin console.

Educate

During the ‘Educate’ phase you can run a Security Workshop to cover the following topics:

• Educate customers on the latest security field insights;

• Discuss assessment findings;

• Develop an Implementation Plan to fix settings that may increase a customer’s risk of a security incident.  A list of the possible action items can be found in the Execute section below.

• Creating an Incident Management Plan

• Creating monitoring alerts through G Suite alerts (default and custom)

In this Phase, you can conduct some security Training and Workshop.

Execute

Depending on the results of the Assess and Educate phases, activities defined in the Implementation Plan may vary based on customer requirements, priorities. These activities may include all or some of the following:

1. Enable 2-Step Verification (2SV) for all Super Admins
2. Deploy 2-Step Verification (2SV) to end users
3. Remove super administrator roles from primary accounts
4. Modify and update SPF records
5. Updating end-user settings (e.g. enforcing mobile device policies that require users to set passwords or patterns to unlock their devices, setting up 2SV, disabling IMAP/POP access, disabling auto-forwarding, changing default link sharing in Drive)
6. Deploy DKIM and DMARC.
7. Implement and configure 3rd party tools (e.g. to effectively respond to bulk modifications on user accounts)
8. Change management activities required to implement the recommended security changes (e.g. assisting with company-wide 2SV implementation, delivery of training, production of videos or other training materials). These activities may include updating existing security training for new and existing employees.
9. Provide required training on the Incident Response Plan through rehearsals and drills to ensure administrators can effectively respond to incidents. 

4. Key Metrics

Service Line Metrics: These are high-level metrics that can be gathered from the overall program to determine the service’s effectiveness and impact.

• Help Desk metrics - the increase or decrease in the  amount of G Suite security related tickets

• Security awareness training - the number of administrators and/or end users who have participated in and completed security training.

• Incident response timeline - the decrease or increase in the time it takes to respond to a G Suite incident.

• Minimum Recommended Tasks - completion of a minimum set of recommended security tasks, e.g. all administrators enabled with 2SV.

Technical Metrics: These are metrics gathered from the G Suite environment. There should be a baseline gathered to determine the increase or decrease in some of the metrics below. In general, Partners can gather technical metrics on the number of G Suite security incidents related to phishing, data leakage, compliance issues, etc. This may also include the following metrics:

• DMARC reporting

• 2SV enrollment count

• Suspicious login count

• Managed devices count

• Externally visible files

• Browser/client updates

Google and Partner Metrics

• Security offerings delivered - the number of security workshops delivered

• Service line hours - the number of hours spent with each customer to improve their security posture which can include workshop hours, G Suite configuration hours, and training hours.

• Security related escalations.