As 2013 comes to a close, Google is working to remind enterprise organizations and their business users about the security safeguards and options that are available to them if accounts are hacked or if mobile devices are lost or stolen.
“Most businesses these days rely on technology to get their work done,” Eran Feigenbaum, director of security for Google Enterprise, wrote in a recent post on the Google Enterprise Blog. “Millions of businesses trust Google to keep their data safe every day—a responsibility we take very seriously. We focus on protecting our customers’ data from all unauthorized access, whether from common phishing, sophisticated hacking, or state-sponsored intrusions.”
To do those things, Google provides a wide range of security services that can be used by enterprise IT managers to contain and repair any intrusions into their employee accounts, wrote Feigenbaum.
Using available tools from Google, IT administrators can peer into and control how their users’ accounts are working, he wrote.
Among the tools are suspicious log-in alerts, which is a recent feature in the Google Apps Admin Console. The log-in alerts allow administrators to receive email alerts when Google’s systems “detect suspicious or unusual log-in activity in their users’ accounts,” wrote Feigenbaum. “This helps admins stay informed of what’s happening in their domain—to a degree not possible with most email systems—and, when necessary, take swift corrective action.”
Also available are Android device-management tools that help organizations manage Android and Apple iOS smartphones and tablets using the Google Apps Admin console, he wrote. “The Android device-management features include the ability to selectively wipe Google Apps account data without wiping a user’s entire device and require the latest version of the Device Policy app to ensure security policies are enforced across all devices.”
A new account-recovery process is also available for use by super administrators to help keep their accounts more secure by allowing each super administrator to specify his or her own recovery email address and telephone number, according to the post. “And the new mobile Admin app lets administrators quickly accomplish the most critical tasks (like suspending users or resetting passwords) wherever they are, using an Android phone or tablet.”
Google also works to protect end users through updated Secure Sockets Layer (SSL) certificates that use 2,048-bit RSA, the post states, as well as through a well-publicized and funded rewards program that pays rewards to security researchers who report major bug fixes, wrote Feigenbaum. In 2013, Google increased the maximum awards to $5,000 from its previous $1,000 limit.
In 2013, Google also improved its methods for helping Website owners recover their sites from hackers and hijackers, wrote Feigenbaum. “As a site owner, discovering your site is hacked with spam or malware is stressful, and trying to clean it up under a time constraint can be very challenging. We’ve been working to make recovery even easier and streamline the cleaning process—we notify webmasters when the software they’re running on their site is out of date, and we’ve set up a dedicated help portal for hacked sites with detailed articles and videos explaining each step of the process to recovery.”
The improvements also included additional security tools so webmasters can find information about security issues on their site in one place and pinpoint problems faster with detailed code snippets, he wrote.
In February 2013, Google unveiled similar security information to assist account users overall in the event of hackers, spamming and account hijackings.
In March 2012, Google implemented another account security feature that lets users receive a monthly “account activity” report containing password-protected insights into their use of Google services. With the reports, users can track their Google account usage and be sure that their accounts are not being used by spammers and hackers.