Securing Sensitive Data with GoogleApps for Education Services #gafe
A district-level administrator has a GoogleSheet with 500 Social Security Numbers for students and they accidentally drag it into a publicly shared GoogleDrive folder. A data breach has just occurred. What happens next?If you take advantage of the right solution--like those reference in this email below--you can mitigate the negative effects of these "accidents." But are these solutions even necessary? You decide.
This video from SysCloud, one of the vendors which I mention below, covers the basics of concerns:
Do you have the technology in place to catch that error? Here are two possible solutions, but they aren't the only ones....
Solution #1 - CloudLock
|Find out more online at https://www.cloudlock.com/products/google-apps/|
- Several organizations use CloudLock to protect their content in mergers and acquisitions to safeguard data, as well their own internal data.
- Many organizations--some of the ones mentioned included GSA, BBVA, 100s of colleges/universities, Texas Technical College, Austin Community College, DART in Dallas, 250 K-12 schools (Lufkin ISD)
- 91,000 apps discovered that students can sign-in with Google
- 10 million users
- 1 billion files monitored
- One example shared was Kaizena - it allows students to use their GoogleApps login to get into apps that may be compromised in the future.
- Kim Kardashian app breach used as an example.
- 10 critical controls
- Promote digital citizenship and end-user awareness
- student welfare
- objectionable lang and content
- students sharing externally and domain wide
- public or domain wide sharing of student records
- staff sharing student info externally
- PII + student record information handling
- IEP information handling
- Discover and control 3rd Party apps
- Encrypting sensitive and confidential data in Google Drive
- Controlling against VPN (qualifies as suspicious behavior by students). They use these to get around network firewalls.
- CloudLock recommends focusing on these areas for cloud security:
- Compromised accounts
- cloud malware
- sensitive data
- security administration
- Cost-free, commitment-free commitment available.
MyNotes from their Document
- Some of their core features include:
- Granular Level Control: Flexibility to create policy scopes at every level for greater policy control
- Document Policy Security: Implement granular data access controls through security policies
- Manual Control: Administrators can unshare or take complete control without waiting for user to take action
- Document Sharing Visibility: Gain visibility into users, documents and internal/external sharing of your data
- Messaging: Customizable messaging templates for policy announcements and policy violation notifications
- In-depth Auditing: Keep track of user access and actions with full audit capabilities
- End user exception management portal (self service)
- They provide compliance audit reporting and security policy templates for FERPA, CA 1584, HIPAA, PCI, CIPA
- They provide online backup of all GoogleApps accounts and the ability to export them as PST files which can be opened with Mozilla Thunderbird and other apps (e.g. MS Exchange)
- SysCloud Backup software is secured with a Starfield Technologies SSL Web Server Certificate. Transactions on the site are protected with 128-bit Secure Sockets Layer (SSL) encryption.
- Complete data backup is done under a secured channel. The inbound data from source domain is completely encrypted using 512 bit encryption and stored in the destination.
- Software connects to the domain Google API servers using OAuth and doesn’t require any passwords to the source email accounts.
- Hosted by Amazon (AWS)
Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure