Wednesday, November 11, 2015

Securing Sensitive Data with GoogleApps for Education Services #gafe

A district-level administrator has a GoogleSheet with 500 Social Security Numbers for students and they accidentally drag it into a publicly shared GoogleDrive folder. A data breach has just occurred. What happens next?
If you take advantage of the right solution--like those reference in this email below--you can mitigate the negative effects of these "accidents." But are these solutions even necessary? You decide.

This video from SysCloud, one of the vendors which I mention below, covers the basics of concerns:

Do you have the technology in place to catch that error? Here are two possible solutions, but they aren't the only ones....

Solution #1 - CloudLock

Find out more online at
  1. Several organizations use CloudLock to protect their content in mergers and acquisitions to safeguard data, as well their own internal data.
  2. Many organizations--some of the ones mentioned included GSA, BBVA, 100s of colleges/universities, Texas Technical College, Austin Community College, DART in Dallas, 250 K-12 schools (Lufkin ISD)
  3. 91,000 apps discovered that students can sign-in with Google
  4. 10 million users
  5. 1 billion files monitored
  6. One example shared was Kaizena - it allows students to use their GoogleApps login to get into apps that may be compromised in the future.
  7. Kim Kardashian app breach used as an example.
  8. 10 critical controls
  9. Promote digital citizenship and end-user awareness
  10. student welfare
  11. objectionable lang and content
  12. students sharing externally and domain wide
  13. public or domain wide sharing of student records
  14. staff sharing student info externally
  15. PII + student record information handling
  16. IEP information handling
  17. Discover and control 3rd Party apps
  18. Encrypting sensitive and confidential data in Google Drive
  19. Controlling against VPN (qualifies as suspicious behavior by students). They use these to get around network firewalls.
  20. CloudLock recommends focusing on these areas for cloud security:
    1. Compromised accounts
    2. cloud malware
    3. sensitive data
    4. compliance
    5. security administration
  21. Cost-free, commitment-free commitment available.
Solution #2 - SysCloud

MyNotes from their Document

  1. Some of their core features include:
    1. Granular Level Control: Flexibility to create policy scopes at every level for greater policy control
    2. Document Policy Security: Implement granular data access controls through security policies
    3. Manual Control: Administrators can unshare or take complete control without waiting for user to take action
    4. Document Sharing Visibility: Gain visibility into users, documents and internal/external sharing of your data
    5. Messaging: Customizable messaging templates for policy announcements and policy violation notifications
    6. In-depth Auditing: Keep track of user access and actions with full audit capabilities
    7. End user exception management portal (self service)
  2. They provide compliance audit reporting and security policy templates for FERPA, CA 1584, HIPAA, PCI, CIPA 
  3. They provide online backup of all GoogleApps accounts and the ability to export them as PST files which can be opened with Mozilla Thunderbird and other apps (e.g. MS Exchange)
  4. SysCloud Backup software is secured with a Starfield Technologies SSL Web Server Certificate. Transactions on the site are protected with 128-bit Secure Sockets Layer (SSL) encryption.
  5. Complete data backup is done under a secured channel. The inbound data from source domain is completely encrypted using 512 bit encryption and stored in the destination.
  6. Software connects to the domain Google API servers using OAuth and doesn’t require any passwords to the source email accounts.
  7. Hosted by Amazon (AWS)

Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

No comments:

Genuine Leadership #4: Gratitude