Insights on Google Cloud Identity Services

For this blog post in Thai click here
Google launched Cloud Identity Services (IDaaS), which provides enterprises with simple, secure access for any user to any cloud application from any device. Organisations get access from a single console giving visibility and administration of identity, application and device management. Leading to the enablement and acceleration of cloud-centric applications and services within companies meeting organisational compliance and on-prem identity access management (IAM) systems and apps.

Why is Cloud Identity important

The average mobile user has over 3 devices and uses over 10 cloud based apps. And this is only increasing. The perimeters of the traditional office are disappearing and employees, vendors, partners are also able to access information outside these office walls. This drives productivity, collaboration and allows faster engagement with customers. But this also creates the need for higher security requirements and management of devices.

With more users requesting access on multiple devices internally and externally, IT teams struggle to manage a complex network of applications, devices, and user accounts. And fragmentation of systems and systems management increases risk. The need for enterprises to manage everything from a single platform increased. A single platform that simple, secure and Reliable, that’s why Google developed Google Cloud Identity.

What does Cloud Identity offer?

User lifecycle management
This allows admins at companies to easily create or import user accounts into a cloud-based directory, provision and de-provision accounts as people join your company, change roles or leave. This all can also be managed from an easy to use mobile app.

Account security
Protect users within your organisation with 2-step verification methods like push notifications and one-time passwords (OTPs). Enforce the use of phishing-resistant Security Keys for high-value users and applications.

Single sign-on
Convenience and security at scale by allowing users to access multiple apps using the same credentials. Hundreds of pre-integrated SAML 2.0 and OpenID Connect apps are supported, in addition to custom apps that use Google as an identity provider.

Device management
Making it easier for company administrators to manage Android, iOS, Chrome Browser and other desktop devices from a central console. Particularly, administrators can enforce screen locks or passcodes, wipe corporate data, view and search for devices or export details.

App management
Allowing companies to build a catalog of pre-approved third-party SaaS apps and enterprise mobile applications that their users can access, ensuring visibility and compliance.

Reporting and analytics
Gain deep and granular ways to monitor your security and compliance posture with reporting and auditing capabilities, this includes log-ins and third-party app use. Also admins can set and receive alerts for suspicious activity.

Our insights/recommendation

Google Cloud Identity offered a ton of thing to secure your organisation. It’s a great way if you can follow all the things, but If you can’t, these are the first priorities, we are highly recommended:

1. Adopting 2-step verification to get more extra layer of security by choosing one of these methods that suite for your organisation
   1. Voice or text Message
   2. Google prompt
   3. Authenticator app
   4. Security Key
   5. Backup codes
      
      
2. Get more user’s convenience and security to log-in various apps with Single-Sign-on (SSO) that enables users to leverage Google’s strong authentication to access multiple apps using the same credentials
   
   
3. Control organisation’s devices with Endpoint Management. Nowaday, administrators require the ability to extend and administer users across devices and platforms. Endpoint Management offers a variety of options to enforce policies and user access to their services across multiple devices including;
   1. Mobile device management (MDM)
      Administrators can enforce policies on mobile devices utilized
      in their organization, encrypt data on devices and perform actions like remotely wiping or locking lost or stolen devices.
      
      
   2. Policy-based Chrome browser security
      Administrators can apply security and usage policies across Windows, OSX, Linux, iOS and Android. Chrome’s standard security features include Safe Browsing, sandboxing and managed updates that protect users from malicious sites, viruses, malware and phishing attacks.