Control the Geographic Location of Stored Data When at Rest
Open access practices are designed to make institutions of higher education more accessible so that information can be shared within and outside of schools’ physical and digital environments. However, there are times when some of this data will be rendered inactive because it is not consistently used or regularly transferred between devices or networks. This often includes sensitive data such as credit cards, intellectual property, healthcare records and other attractive scores for hackers.
Google Workspace for Education’s data regions allow you to select the geographical location where you want to store data at rest. You can also do the same for Google Calendar, Drive, Forms, Docs, Sheets, Slides, Chat, Keep, Meet, Sites and Vault backups. These policies can even be customized for specific OUs and groups within your domain. With this feature, your data is protected in a data center with several layers of security to reduce latency and prevent unauthorized access. This can help you remain compliant with your local data residency requirements.
MORE ON EDTECH: Next-generation firewalls and IPSs offer proactive protection for networks.
Access Security Analytics and Recommendations Through a Single Hub
Higher education institutions have many untrained end users who may have little cybersecurity knowledge. As a result, they may not make the best decisions when it comes to what data they share or what nonaffiliated apps they link to. These actions can admit cyberthreats into your network, but Google Workspace’s security center enables you to detect, prevent and remediate attempts to steal data. The center consists of a security dashboard, a security health page and an investigation tool that provides advanced analytics, added visibility and increased control over security issues affecting your domain.
On the dashboard, you can see data reports on concerns like file exposure, authentication, data loss prevention incidents, spam filters, failed password attempts and more from up to 180 days.
The security health page helps you evaluate the effectiveness of your Google Admin console settings. You can reconfigure them to align with higher ed best practices and to meet the needs of your stakeholders. With this information, you can appropriately manage risks for Gmail, Drive, Chrome devices, Security, Hangouts, Groups, Calendar, Sites and Marketplace apps.
You can also take action on security and privacy issues with the investigation tool, which allows you to identify or mitigate occurrences like unauthorized data access, malicious emails, and file creation and deletion.
EXPLORE: Defense-in-Depth (DiD) strategies for higher ed.
Customize and Delegate Data Access Permissions
Higher education internal and external stakeholders often need unrestricted access to the data and research housed on the network. However, not all files and applications should be accessible to every person in the domain. Instead of relying only on your end users to manually grant those permissions, Google Workspace for Education lets you create granular access control policies based on identity, location, device security status and IP address with Context-Aware Access. You can decide which apps a user can access, which devices can run apps, establish multifactor verification policies and restrict access outside your network. This allows you to govern data access so you can credibly identify unusual activity.
LEARN MORE: Four steps to stronger passwords in higher education.
Manage Data Access on Mobile and Computer Devices
Remote operations have been in place at institutions of higher education well before the COVID-19 pandemic forced them into the education industry. Your college or university may have faculty conducting research abroad, students learning from home and staff attending professional development conventions. All these people may be using unsecured wireless networks to connect to your domain remotely — and possibly losing devices that are logged in to campus applications. This can create the security vulnerabilities cybercriminals are looking for. But with Google Workspace for Education’s endpoint management feature, you can protect your domain’s data no matter what device it is accessed on without having to install device management software. You can delegate which laptops, desktops, cellphones and tablets have access to your institution’s data, set approval and password requirements and even remotely sign devices out and wipe them.
Intercept Malicious Emails Before Users Open Attachments
Email is one of the most commonly used forms of communication to disseminate information and share data — no matter its level of confidentiality. This makes it a highly sought-after space from which to launch cybersecurity attacks. There are security software solutions that can be installed to filter emails with questionable attachments away from inboxes, but institutions still running on legacy systems often can’t use them because older platforms won’t allow interactions with newer technology. Google Workspace for Education can get around this issue because Gmail has a Security Sandbox, which catches malicious emails that make it past standard anti-virus scanners. These attachments are placed in the Security Sandbox, then opened in a virtual environment that will not allow them to escape into your domain. You can configure Gmail to follow rules that identify and pull specific attachments that may be harmful to your digital infrastructure in order to proactively avoid malware, spam and phishing scams.
This article is part of EdTech: Focus on Higher Education’s UniversITy blog series.
