Cloud Application Security: Password Security for G Suite & Office 365
As a sales engineer, I speak to several customers and potential customers each month. I love being able to speak to current customers and future customers about our products to see how they can incorporate our services in with their company. Many of these individuals are small- to medium-sized businesses that are not “technical.” I throw technical in quotes since there is a vast crazy tech world out there and that term can be very vague.
Most of our customers and prospects do not have time to worry about data security and rightfully so. That is not what they excel at. Many of these companies are best at what they do and would rather focus on that. The reality, though, is that data security needs to be a priority as our society steers towards the world of the internet.
We love having conversations on how we can help or even just guide companies toward better practices. With the products and services that we provide, one of our customers brought a concern forth that made me realize how important password management is. They wanted to migrate from their current infrastructure over to one of the two online productivity suites (Microsoft Office 365 or Google G Suite). We discussed the transition process as well as a timeline of events. Whichever of the two our customers choose, I always advise that a best practice would be to enable 2-factor authentication when setting up user access.
With that enabled, you limit the risk of having your account being breached and are notified if something tries to get in. Although both of these products are built to be online suites, they both have the options to connect your drive (OneDrive or Google Drive) to your desktop. Although it is easy to access it online, some are not always connected to the internet and this feature allows users to still access their documents in the event that does happen. Both also offer an offline feature as well, but when the drives are connected to the computer, it seems less of a hassle. Then enters the question, “What if my computer is stolen?”
First, we always recommend having a backup of your data, whether it be in the cloud or on your desktop. But, the question here was, “Does that thief have access to all the files connected to the computer if I have the drive for desktop?” The answer is maybe. If they can guess the password to the computer, then all that data along with everything else on the computer is available to them. If a good, strong password is in place, then it will be harder to get into the computer to obtain that same information. There are remote wipe features that you can use with these online suite of services, but what if the computer was missing for hours or even days before you’re able to do the wipe? Is your data safe?
This led to me asking myself if my passwords were any good. Several experts suggest that you should have a different password for every site you visit. If you’re like me, that can be daunting just to think about. Using a password manager, such as TeamPassword, is a great start so that you don’t have to remember several different ones. You may want to cancel sites or services that you no longer need and change your passwords frequently. Although it is better to change them every 3 months or so, you do not want to do this if it will put you more at risk. An example of this is keeping the same password but having a small variation or having a sticky note stuck on your screen with the list of all your passwords.
If it is too much of a hassle, start by just changing your high-risk account passwords regularly to start getting accustomed to the process, then move to other accounts later on.