The ABCs of Cybersecurity:
Why G Suite Needs Extra Protection

G Suite offers a solution for productivity, search, storage, and collaboration. But the service is ripe for malicious actors who want to penetrate a filesystem.

The Productivity Suite Battle

Microsoft 365 has become the standard for business productivity solutions. But for those Managed Service Providers (MSPs) that have customers that prefer G Suite, finding a data protection solution can be tricky.

The Alphabet-owned business productivity bundle includes email, word processing, presentation, spreadsheet, storage, calendar, and meeting options. However, Google’s G Suite isn’t more secure than Microsoft 365. MSPs need to ensure they have a powerful solution to protect critical G Suite data.

Apples, But Not Oranges

While G Suite primarily offers a Linux-based, Web UI/UX and is incorporated into Google Chrome, Microsoft 365 is Software as a Service (SaaS) available in more than 10 paid plans. Its cloud infrastructure only can be mounted on the NT Filesystem (NTFS) or accessed via the Web.

Yet, they both offer features that are known for vulnerabilities:

  1. A file sync option from a device to the vendor’s cloud.
  2. An apps store with malicious programs and extensions that appear legitimate.

In Their Own Words

Microsoft says in its Services Agreement that it recommends users employ a third-party system, while Google says only mid- to larger-sized organizations require it.

Still, in Google’s Terms of Service, it does not take liability for data loss:

The only commitments we make about our services (…) are (1) described in the Warranty section, (2) stated in the service-specific additional terms, or (3) provided under applicable laws. We don’t make any other commitments about our services.

Known Vulnerabilities

Google Drive can replicate rogue files already in a filesystem using Google’s Backup and Sync tool. In 2019, Google acknowledged a vulnerability in its Chrome OS “built-in security key” feature.

And around the same time, hackers were able to launch a phishing attack that used Google Drive and Google Docs to disguise emails and embed links containing malware, according to Forbes. In that case, the malicious actors were able to fool employees and bypass security measures configured to protect email.

Aaron Riley with Cofense Labs, a company that specializes in phishing attacks, said this at the time:

Even if a network security appliance with the capabilities to stop the user from getting to the login page was used, the phishing email still got through. The legitimacy of Google Drive allows for these phishing campaigns to bypass an organization’s email security stack, namely due to the shortcomings of the email content filtering’s link analysis component.”

Axcient CloudFinder for G Suite

While Google says third-party recovery solutions are meant for big organizations, small- to mid-sized businesses (SMBs) need advanced protection for G Suite, too. Axcient offers robust protection for G Suite through its CloudFinder solution. With Axcient CloudFinder, an MSP can:

  • Start a no commitment free trial within minutes to gain full access to G Suite protection,
  • Enjoy simple, cost-effective pricing with unlimited cloud storage, no hidden fees, and no hardware needed,
  • Provide complete backup and restore solutions for G Suite, including Gmail, Google Contacts, Google Calendar, Google Drive, Google Sites, and Team Drives,
  • Remain compliant with government regulations, such as the Health Insurance Portability and Accountability Act (HIPAA),
  • Transfer and store backup data securely in the Axcient Cloud, which earned an “A” rating from SecurityScorecard, and
  • Receive exclusive service and support as an Axcient partner.

With innovative features such as AirGap, Axcient CloudFinder is your best line of defense against malicious attacks that can destroy your critical G Suite data.

About the Author: 
Matt Saxton // Technical Marketing Writer in Product, Axcient

Matt works remotely from Mount Vernon, Ohio, as a Technical Marketing Writer for Axcient. He was a journalist for nearly 20 years prior to switching careers and was the managing editor for three newspapers. His experience also includes working as an IT Director, Content Developer, and Production Manager. When he’s not researching or writing about cybersecurity, Matt enjoys time with his family and pets, gardening, photography, and remodeling his home.