February 25, 2020
This training session on Google Workspace for Education Security and Compliance best practices kicked-off with Tom Woods, Amplified IT’s Lead Google for Education Training Consultant, going over how to leverage settings for ensuring security within a Google environment. Through the session, Tom specifically covered key settings, core applications, and 3rd party applications explaining the value in securing these areas as well as showcasing how to manage them in the Admin console. The key settings portion of the presentation included both a deep dive into password management as well as how to utilize user-based reports. Tom also covered elements on Core Applications and how setting configurations can impact user experience as well as data protection. The data protection portion included compliance features and a walk-through on how to configure rules for applications such as restrictive delivery in Gmail. Lastly, details on data management with Vault were covered where Tom went into service control, role privileges, and retention rules.
During the session Amplified IT’s partner, ManagedMethods, took time to explain how they support districts in keeping student data safe in the cloud while remaining compliant with student privacy legislation.
Click below and register to watch the recap:
There were many questions during and after the sessions so we will be compiling many of those questions and answers and adding them to this page in the coming days.
Enjoyed this training session? Stay up to date with events and Google for Education updates by subscribing to the Amplified IT monthly newsletter.
Additional Security and Compliance resource links:
ManagedMethods, Amplified Admin Security Specialist Certification Training, Google domain Audit
What are the best practices on who gets Super Admin roles?
We recommend keeping the number of super admins to less than 4 users, and enforcing 2 step verification for all super admins, and making sure that they are not daily use or shared accounts.
If we turn off Google Vault for all users but except IT, will it still send their information to the vault?
Disabling the service will not change the Google Vault retention policy for users within the Organizational Unit which has the service disabled. It will only prevent access to the e-discovery service platform.
Will turning on DLP still prevent users from using external forms with uploads?
Yes, This is an issue and we have raised it to Google along with an internal ticket and a Cloud Connect Community Feature Idea.
Is it possible to get a list of less secure 3rd party apps being used within your domain?
Newly announced, you can get a downloadable list of 3rd party applications that have been authorized by your users. You cannot see which users are using these applications in bulk, but you do have the ability to see individuals authorizations in the Token Report Log. To download the list of third-party applications navigate to “Security > API controls >Manage Third-Party App Access” and click the Download app info.
Is there a way to view if there are already shared drives before turning on a walled-garden?
You can look to see if there are files/folders that have been shared externally within the last 180 days using the Reports section of the Admin console with the “Apps Reports > Drive > External Shares” report. This shows files that have had their permission changed to External from internally or privately shared. Alternatively, you can use a third-party tool (like ManagedMethods or GAM) to scan for externally shared files.
-
Tom Woods
Google for Education Training Lead -
About the Author:
Tom Woods is a Google Cloud Certified Administrator, Certified Deployment Specialist and Amplified Admin with over 24 years in IT and 17 years in K-12 education. Tom brings unique insights into the planning, implementation, and support of Google for Education in the K-12 space. His experience includes 14 years in a large Ontario K-12 district where Google Workspace and Google for Education was introduced in 2009 and has since grown into one of the largest installations in the province by Tom and his team. Joining Amplified IT 4 years ago, he now assists schools across North America and leads our Consultancy team of experts.