Security Assessment & Implementation for G-Suite
G suite security covers important aspects of securing a G Suite domain, including optimizing controls based on risk, preparing and monitoring, and responding to suspected account compromise.
In this service, we will assist the valued customers to optimize, prepare, and monitor the security of their G Suite for Work domain to reduce security risk as well as mitigate threats. The objective of this service offering is to:
Ensure the customer is following security best practices by auditing and suggesting G Suite configuration changes
Create a roadmap of action items based on the security assessment, and perform the required actions to improve customer’s security posture
Create a security response plan and security training for end-users that is current and up-to-date, through recurring security reviews
2. Opportunity & Impact
This service helps improve the overall security of G Suite domain. This will help configure the current Email environment to improve the following areas:
Decrease the risk of successful phishing attempts
Decrease the number of spam and malware messages
We can minimize the risk of client, account, and/or G Suite data leakage
We can set up alerts and monitoring to be proactive of suspicious activities
Training end users on security best practices when working on G Suite
Increase adoption and awareness of Google security features
Increase awareness of security exposure in G Suite domain
3.Approach & Activities
At a high level, this offering has three phases with key goals defined for each of them,
In detail, these are the activities that are part of the service:
The goal of the Assess phase is to evaluate the G Suite Admin settings and security processes currently in place (e.g. how passwords set, what security training is done, Drive share settings, browser strategy etc.)
Using a checklist,the core activity is to audit key G Suite Settings for authentication, Gmail, Calendar, Drive, Hangouts, Sites and Mobile Device Management against security best practices, and ensuring the customer is aware of the risks associated with deviating from best practices (e.g., SPF/DKIM not configured for the domain).
For this information gathering phase, it is highly recommended to schedule discovery calls and audit items in the checklist that cannot be captured from the Admin console.
During the ‘Educate’ phase you can run a Security Workshop to cover the following topics:
Educate customers on the latest security field insights;
Discuss assessment findings;
Develop an Implementation Plan to fix settings that may increase a customer’s risk of a security incident. A list of the possible action items can be found in the Execute section below.
Creating an Incident Management Plan
Creating monitoring alerts through G Suite alerts (default and custom)
In this Phase, you can conduct some security Training and Workshop.
Depending on the results of the Assess and Educate phases, activities defined in the Implementation Plan may vary based on customer requirements, priorities. These activities may include all or some of the following:
- Enable 2-Step Verification (2SV) for all Super Admins
- Deploy 2-Step Verification (2SV) to end users
- Remove super administrator roles from primary accounts
- Modify and update SPF records
- Updating end-user settings (e.g. enforcing mobile device policies that require users to set passwords or patterns to unlock their devices, setting up 2SV, disabling IMAP/POP access, disabling auto-forwarding, changing default link sharing in Drive)
- Deploy DKIM and DMARC.
- Implement and configure 3rd party tools (e.g. to effectively respond to bulk modifications on user accounts)
- Change management activities required to implement the recommended security changes (e.g. assisting with company-wide 2SV implementation, delivery of training, production of videos or other training materials). These activities may include updating existing security training for new and existing employees.
- Provide required training on the Incident Response Plan through rehearsals and drills to ensure administrators can effectively respond to incidents.
4. Key Metrics
Service Line Metrics: These are high-level metrics that can be gathered from the overall program to determine the service’s effectiveness and impact.
Help Desk metrics - the increase or decrease in the amount of G Suite security related tickets
Security awareness training - the number of administrators and/or end users who have participated in and completed security training.
Incident response timeline - the decrease or increase in the time it takes to respond to a G Suite incident.
Minimum Recommended Tasks - completion of a minimum set of recommended security tasks, e.g. all administrators enabled with 2SV.
Technical Metrics: These are metrics gathered from the G Suite environment. There should be a baseline gathered to determine the increase or decrease in some of the metrics below. In general, Partners can gather technical metrics on the number of G Suite security incidents related to phishing, data leakage, compliance issues, etc. This may also include the following metrics:
2SV enrollment count
Suspicious login count
Managed devices count
Externally visible files
Google and Partner Metrics
Security offerings delivered - the number of security workshops delivered
Service line hours - the number of hours spent with each customer to improve their security posture which can include workshop hours, G Suite configuration hours, and training hours.
Security related escalations.