Microsoft Vs Google Workspace Security
March 10, 2022Key pieces of information that are commonly stored by businesses - be that employee records, customer details or archived transactions - must be protected. This is to prevent that data from being misused by third parties for fraud, such as phishing scams and even identity theft.
But how do we ensure our information is safe online? Choosing software that has security at the forefront of its practice is the best answer we can give you.
In most cases, people turn to the likes of Google Workspace - or Microsoft - but which one is better? This week, Fintan Murphy discusses why Google outweighs Microsoft regarding this essential aspect.
Recent Security Incidents
Before we dive in, let’s take a look at some of the most recent security attacks that have been groundbreaking enough to bring down major companies, including Microsoft.
SolarWinds Hack
Technology firm SolarWinds was the subject of a massive cybersecurity attack that spread to the company's clients over months of being undetected. Major firms like Microsoft and top government agencies in the US such as the Department of Defence were attacked, and sensitive data was exposed.
The number of organisations affected totalled 18,000. This came as a result of installing updates that left them vulnerable to hackers. As a result, there is now an increase in global awareness around these types of threats, and there’s reduced trust in utilising third-party solutions like SolarWinds.
Hafnium Hack
The Hafnium hack comprised a global wave of cyberattacks and data breaches after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers.
This gave hackers full access to:
- User emails and passwords on affected servers
- Administrator privileges on the server
- Connected devices on the same network
This affected 60,000 organisations in total, losing countless hours to patching and investigating the scope of the damage. Eventually, there was an emergency directive declared for federal agencies.
Colonial Pipelines Hack
The hack that took down the largest fuel pipeline in the US was so bad it was declared a “national state of emergency” by Joe Biden. As attackers gained entry into the networks of Colonial Pipeline through a virtual private network account, this caused 45% of the East Coast’s fuel to shut down operations.
Colonial paid the hackers a $4.4 million ransom shortly after the hack.
Security Hack Statistics
If we’ve learnt anything from these above examples, it is that these attacks have caused a lot of disruption, and will continue to do so unless they are protected against.
Attackers' tactics tend to remain consistent, with 91% of hacks starting with a phishing email. These can be notoriously hard to detect as they are becoming more believable, especially as perpetrators continue to advance their skills and knowledge.
66% of malware is installed via malicious emails and attachments, which can also be attributed to staff members lacking awareness of the signs of a dodgy email.
A shocking 90% of all reported breaches are caused by employee negligence, extortion or external threats. There’s also the issue of admin control, as the less authority administrators have (particularly when it comes to email), this makes remediation increasingly difficult.
With ransomware, we have seen a 15x increase in the number of ransomware losses from 2015 to 2017, whether that be accidental or intentional sharing of corporate information via email.
There’s definitely a common theme across these attacks that we’ve seen: organisations across the globe are vulnerable to these types of attacks and it is something that all companies should take seriously.
How Does Google Workspace Keep Your Data Safe?
Google is 100% Cloud-native, which means it is always up-to-date and secure. Google Workspace provides a born-in-the-Cloud communication and collaboration experience that’s accessed directly from the web browser, allowing people to work safely from any device.
It is a more reliable compliance suite that you can trust compared to other alternatives. This is because Google reduces the risk with intelligent insights, offering 99.9% accuracy when it comes to blocking spam and compromising emails.
It helps users stay protected proactively, with a reporting of zero detected or hijacked accounts after security keys were deployed in organisations. For our customers that really want to take security seriously, we will always recommend utilising these.
Centralised management also allows simple control for administrators, with Google now managing over 110 million devices.
Google’s Machine Learning
Google’s machine learning is highly effective, as it constantly teaches itself how to improve.
With algorithms automatically updating through experience and by studying the use of data, every single minute Google ensures that:
- 10 million spam messages are prevented from reaching Gmail users
- 694,000 pages are indexed and scanned for harmful software
- 7,000 deceitful URLs, executables or browser extensions are spotted and stopped
- 6,000 incidences of unwanted software and nearly 1,000 of suspected malware on reported Chrome users are detected
- Two phishing sites and one malware site are found and labelled
We love this quote from Morgan Reed, State CIO at the State of Arizona, where he compares Google Workspace with Microsoft:
"Gmail is much better than our previous malware filter. The first month after we migrated, we ran the two systems in parallel. Gmail removed 107,000 malicious emails that the old system didn't catch."
Google Security Centre
The Google Security Centre provides advanced information, analytics, visibility and control into security issues affecting an organisation’s domain.
The Security Centre expands on settings in the Google Admin console to create insightful, customisable reports. Additionally, admins can use the investigation tool to identify, triage, and take action on security and privacy issues in a domain.
A lot of our customers in the Enterprise tier find this extremely valuable to maintain the safety of their organisation’s data over time.
Google Workspace Security Benefits
Google has a multilayered approach to protecting against an attack. It is a secure platform with many features that are geared towards mitigating specific threats, such as security keys to prevent account hijacking, and advice on best practices to help you take action should you need it.
Google also has all the security compliance certifications such as ISO 2700 and FedRAMP. As a result, millions of old and new users across the globe trust Google Workspace. The list is extensive, but it includes big names such as Uber, Stripe, Netflix, PwC, Spotify and even healthcare companies such as Mayo Clinic.
Google has also been heavily investing in security, buying companies like Chronicle that has faster threat detection and investigation response. BeyondCorp Enterprise Security Model is a zero-trust model that protects businesses in order to enable growth. It works by shifting access controls from the network perimeter to individual users, aiding secure work from virtually any location without the need for a traditional VPN.
How to Get Started With Google Workspace
There are many ways to get started with Google Workspace security. Lots of customers can start with a proof of concept, which is a risk-free pilot that you can run in your business for 30, 60 or 90 days.
Some organisations go for a full re-platforming, where they swap their entire traditional system for Google Workspace. If this is too big of a commitment, you can start out by trying one product at a time, such as Google Drive or Google Meet to see how you get on with the interfaces.
Others can actually use Google as their disaster recovery, where you leverage it as a continuity solution that has all the security that your organisation may require.
As security threats continue to develop, having a solution like Google Workspace that is a world-leader in Cloud security makes a lot more sense, especially as more people are working remotely.
At Damson Cloud, we offer security workshops to help companies ensure they follow best protocols when it comes to security. To find out more about Google Workspace security, get in touch with the Damson Cloud team today.
As a longstanding member of the Google Cloud Partner Program, Damson Cloud specialises in bringing people and ideas together through new ways of working. We champion the very best practices in remote working and change management, helping companies and their teams collaborate productively from anywhere in the world. To find out more about our services, check out our library of tutorial videos or our blog.