May 26 2022

5 Security Myths About Google Workspace for Education

The platform’s customizable security features and privacy agreements specific to the education sector help keep institutions protected.

The education sector has been among the hardest hit when it comes to security breaches over the past two years, with 64 percent of higher education institutions experiencing some type of ransomware attack in 2021, according to Sophos. Universities need a reliable way to ensure their data is safe from potential security threats. The Google Workspace for Education platform offers customizable security features that help keep data and personal information safe.

Many users are familiar with the consumer side of Google services, but Google Workspace for Education differs in several ways that offer added protection for higher education institutions. Below are five common security myths about Google Workspace for Education.

1. Google Workspace for Education Is Pre-Configured

Google Workspace for Education is not a one-size-fits-all solution for higher education institutions. The platform comes with several default settings within the Admin console that might not be applicable for every college or university. It’s important for administrators to dive into the settings and configure them in a way that best suits the organization.

Higher ed users should explore all configurable settings, customizing access and authentication parameters and Mail safety and security settings and defining admin roles.

Click the banner below for exclusive content about cybersecurity in higher ed.

CDW Amplified™ for Education’s team can audit your settings to make sure Google Workspace for Education is functioning at its maximum potential for your school. We can identify gaps within your institution’s Admin console to identify security gaps and provide recommendations and best practices for improvement.

2. Google Vault Is Backing Up All Data

Google Vault is a core service for Google Workspace for Education that allows users to retain, archive search and export its Mail, Hangouts and Drive data. It is not a copy or a backup of this data; it searches for data across a university’s Google domain. Users with permission to access Vault can see users’ live data, as well as items that have been recently deleted, like emails and Drive files.

When it comes to Vault, it’s important to consider the lifecycle plan of users and adjust retention rules accordingly. Retention rules are used to proactively control how long data is preserved and can either be set to expire after a certain time period or be applied indefinitely. We recommend setting Mail, Groups, Drive/Shared Drives, Google Chat and Sites to retain data according to your institution’s retention policies and to follow your user account lifecycle as well. If user retention is not set, user data will be deleted when the user is deleted.

From a security perspective, it’s important to only grant Vault privileges to the users who need access to this data. This includes human resources, legal compliance and certain IT staff members. These roles can be further customized to control the amount of data accessible to each administrator.

LEARN MORE: Is Google Workspace for Education secure?

3. Google Workspace for Education Is Non-Compliant

Higher education institutions are required to comply with a number of privacy standards, including the Family Educational Rights and Privacy Act (FERPA), that can lead to serious legal and financial consequences if compliance is not met.

Google Workspace for Education is aligned with all the compliance needs of higher education, including FERPA and the Children’s Online Privacy Protection Act, and has committed to meeting the requirements of several other privacy pledges, data standards and assessments. Google offers a host of compliance resources to help further ensure confidence in its commitment to meeting these requirements.

4. Google’s Infrastructure Is Unnecessary to Address Ransomware

Cyberattacks and phishing events have been at an all-time high in higher education, so ransomware is top of mind for many in this segment. With students and staff accessing campus networks remotely, security settings are often inconsistent among users logging in from off-campus locations. This means that VPNs, firewalls and anti-virus software are often not enough.

Google believes digital teaching and learning will be part of the future of higher education, so it has dedicated significant resources to protecting data within the Workspace for Education platform. As a college or university, you own your data, but Google helps keep it safe and secure. Every day, Gmail blocks more than 100 million phishing attempts. Further, 30,000 unsafe websites are identified by Google each week, and there has never been a reported ransomware attack on any education institution using Google Workspace for Education.

LEARN MORE: Universities share lessons learned from ransomware attacks.

5. Google Owns and Uses Our Data, Which Is a Privacy Concern

Google Workspace for Education is different from consumer accounts in that it comes with an educational privacy and support agreement that allows it to operate in higher education spaces. The tools function nearly identically to consumer Google tools, but the way they are operated and provisioned are different.

Google does not own any of the data that institutions put into the Google Workspace for Education platform, and Google does not collect, scan or use data in Google Workspace for Education services for advertising purposes. Data can be deleted or exported by authorized users at any time, providing further peace of mind for higher education users that their data is safe and secure.

This article is part of EdTech: Focus on Higher Education’s UniversITy blog series.

gorodenkoff/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.