Microsoft may be making a lot of noise about additional security features in Office 365, but Google has been working away behind the scenes too, if perhaps in a less vocal way. Yesterday, it launched the Devices and Activity dashboard, which monitors Google accounts on enterprise devices.
The new dashboard provides IT administrators a way of monitoring who has been accessing what accounts, where and why, but adds an underlying current to the security discussion that's becoming increasingly important in enterprises: responsibility.
Security And Responsibility
In a blog post announcing the new dashboard's availability, Eran Feigenbaum, director of security for Google for Work, wrote that the release takes some of the security pressure out of the hands of overworked IT administrators and puts it in the hands of workers.
Security in the cloud is a shared responsibility and keeping your company information secure is at the core of what we do everyday. By making users more aware of their security settings and the activity on their devices, we can work together to stay a step ahead of any bad guys,” he wrote.
This point makes a relatively small release interesting. Feigenbaum is pointing out that security is not just the role of IT and IT administers, but also a responsibility for those that work using enterprise devices. But he’s isn't pointing fingers, he's hoisting the flag of collective responsibility for workplace security.
While this isn't a pervasive or popular strategy just yet, it will become a key element of Bring-Your-Own-Device (BYOD) strategies as IT tries to work out how to apply security settings and polices across dozens of different devices.
Devices and Activity Dashboard
One way of doing this is to give workers the tools they need to manage security themselves. The new Devices and Activity dashboard is a good start.
According to Feigenbaum, the new dashboard for Google Apps users offers a comprehensive view of all devices that have been active on an account in the last 28 days, or are currently signed in.
In the event of any suspicious activity, a setting will enable the account owner to secure the account and change the password.
This capability will extend to Google for Work, by offering security wizards g.co/accountcheckup. This will guide users through the steps needed to either install security settings for new accounts, or adjust security features according to needs -- such as providing contact info for account recovery, or changing account permissions.
Compared with the kind of security updates that Microsoft has introduced recently, this is small change. In October, for example, Microsoft introduced IRS 1075 compliance to Office 365. The goal here is to prevent anyone from walking away with personal financial information, especially tax related data. In February, it introduced multi-factor authentication for Office 365.
If Google’s device dashboard and Microsoft’s multi-factor authentication are not really comparing like with like, the objectives are exactly the same: protecting enterprise data.
While Google has secured Google Apps with a number of security features, it is now handing some of the responsibility to the users themselves. This adds another layer to the security equation, notably (and in an ideal world), the vigilance of an entire workforce.