You don’t leave your business’s doors unlocked at the end of the day, but is that the case with your computer network? Every company and personal device connected to it and each password to log into a company-wide application is a potential entry point for hackers.
A newer identity and access management (IAM) application is
Google Cloud Identity, which spun off from Google’s G Suite as a stand-alone product in 2018. We’ll go over its features, support, and pricing so you can decide if it’s the right choice for your small business’s network security.
Who is Google Cloud Identity for?
Google Cloud Identity is an IAM and enterprise mobility management (EMM) product. Features include single sign-on (SSO), multi-factor authentication (MFA), and password management.
Account admins use it to manage users, apps, and connected devices (aka “endpoints”) from a centralized Google admin console.
You can use your Cloud Identity account with other Google products, such as its Chrome browser, and an extensive catalog of third-party applications. You can also manage users’ Chrome browsers and generate reports on their browser usage.
Cloud Identity is part of Google Cloud’s suite of over 100 products. These include applications for artificial intelligence (AI) and machine learning, application programming interface (API) management, the Internet of Things (IoT), and serverless computing.
Cloud Identity is similar to Google Identity Platform — both deal with access management — but the latter is for developers integrating security features into their apps.
Instead of being an out-of-the-box solution, Identity Platform allows developers to write authorized code using the Google Authenticator API and Google OAuth servers.
Google Cloud Identity’s features
Cloud Identity lets information technology (IT) admins:
- Give users single-login access to multiple apps
- Secure devices, networks, and data with two-factor authentication (2FA)
- Enforce company security policies for business and personal devices
Cloud Identity is built around theconcept, a management console that integrates every part of network infrastructure.
We’ll start with a close look at its SSO and MFA functionality and related reporting features.
Single sign-on (SSO)
If you use multiple web-based applications for your job — Gmail, Slack, Trello — you know what a hassle it is to log into each one every day. So, the human inclination is to either stay logged in 24/7 or to reuse the same password instead of remembering different ones (or maybe you do both).
These bad habits create opportunities for hackers to access your business’s network. Google Cloud Identity SSO addresses this situation and creates multiple benefits:
- Users log in once to a single portal to access multiple websites and applications.
- IT admins create and enforce strong password management policies.
- Automated password management reduces the number of routine password-related IT department help requests.
After they log in, employees will find the Cloud Identity portal easy to navigate.
Automated provisioning gives new users immediate access to on-premise and web-based applications instead of adding each app one by one.
Multi-factor authentication (MFA)
SSO, even with the best password policies, isn’t effective if bad actors have your login credentials. MFA increases access security through secondary factors based on things you know (answers to security questions), things you have (sent to a separate account), or things you are (biometrics).
Cloud Identity MFA provides:
- Multiple secondary authentication methods
- Unified security dashboard
- Usage audits and reports
Research showsby as much as 99.9% over passwords alone.
For streamlined MFA, employees can download the free Google Authenticator app. Setup is automatic via quick response (QR) code, and it generates verification codes even without a data connection.
Cloud Identity reports provide actionable insights to further protect your network and data. Identify users and activities that pose security threats, track app usage, and view audit trails, the detailed records of events, and admin-initiated changes.
Cloud Identity includes three report types:
- Account activity
- Audit logs
In the suspicious login report below, Google detected a sign-in that didn’t match a user’s normal behavior, such as coming from an unusual location. Admins can set automatic alerts when events like this occur instead of waiting to run a report.
If you have a network security operations center (SOC), these reports are integral to inform your security and incident response protocols to prevent cyberattacks through endpoint detection and response (EDR).
Google Cloud Identity’s ease of use
IT admins and departments like Cloud Identity because it was first developed for G Suite.
Even though it’s only been available as a stand-alone application since 2018, it’s a mature product hundreds of thousands of customers have used.
The straightforward pricing with no extra costs for support is a big plus, and Google’s customer service receives high marks.
Cloud Identity is still available in G Suite, but as part of Google Cloud Platform, it’s integrated with even more enterprise-level Google applications.
This includes Google’s built-in security features, which promise 99.9% uptime. Your IT department will also have a single console to manage users, access, apps, and endpoint devices.
Cloud Identity is meant to give the best identity management software, such as Okta and Microsoft’s Azure Active Directory, a run for their money, but some IT professionals have commented it’s not quite there yet.
Reports are not customizable to the same degree as those of some of its competitors, and despite being web-based, it could be better integrated with the Mac OS. Google also uses almost no screenshots in its online technical documentation, which some users will find a disappointment.
The rest of your employees will discover that using Cloud Identity is a seamless experience. Almost everyone has a Gmail or other Google account, so the login interface is likely familiar.
The Password Alert browser extension — we’ll discuss it below — is also handy to keep your Google password secure. Sure, the user experience is impacted when MFA is used — who wants an extra login hoop to jump through? — but Cloud Identity and the Authenticator app work to create a hassle-free login process.
Google Cloud Identity’s pricing
Google Cloud Identity’s two plans are:
- Free: This includes single sign-on (SSO), multi-factor authentication (MFA), password management, basic directory management, endpoint verification, community support, admin and login audit logs, and security reports.
- Premium: For $6/month per user, this tier adds advanced and enterprise endpoint management, context-aware access, unified management console, automated user provisioning, hybrid identity management, service-level agreement (SLA), Google security center, and 24/7 technical support.
The Cloud Identity Premium plan doesn’t include some security center features relating to Gmail and Google Drive data.
Google Cloud Identity’s support
A good reason to choose the Cloud Identity Premium plan is the one-on-one customer support you’ll get compared to the free plan: 24/7 versus none.
Self-service resources include:
- Knowledge base
- How-to guides
- Community forums
The free plan does include 24/7 personal support if you have a Cloud Platform support package or a G Suite subscription.
Benefits of Google Cloud Identity
Cloud Identity includes more features beyond SSO and MFA that provide extra security benefits and enhance the user experience.
Cloud Identity helps you create a network diagram to monitor each digital device endpoint. You can also push network configurations, such as server-side certificates, to company hardware and employees’ personal devices.
Other endpoint security tools include:
- Create an approved apps whitelist
- Enforce work profiles on Android devices
- Automatically push approved apps to Android devices
- Require managed apps on iOS devices
Cloud Identity endpoint management balances two competing concerns: the need for employees to use devices, including personal ones, when and where they want versus the security of your company’s network, data, and applications.
Titan Security Key
Google’s Titan Security Key is another security option beyond password management policies and MFA.
This hardware, which plugs into an endpoint device or connects wirelessly via Bluetooth, verifies a user’s identity to prevent hackers from accessing an account even with valid login credentials.
These keys also ensure the user is interacting with a legitimate website.
Titan Security Keys use a hardware chip with Google firmware to verify keys aren’t compromised. These chips also resist physical attacks meant to extract the key’s information and firmware.
Password Alert browser extension
Google’s Password Alert browser extension provides another security layer. It sends an alert if you attempt to use your Google password at a non-Google site, because it’s an online security maxim to never reuse passwords.
It also checks each page you visit to determine if it’s impersonating Google’s sign-in page and lets you know if that’s the case.
You must use Google’s Chrome browser to employ this extension, but other major browsers have launched their own similar extensions. It’s hard, however, to beat Password Alert’s integration with Cloud Identity.
Increase your security with Google Cloud Identity
Your company’s enterprise network and data are too valuable to leave unprotected, and Google Cloud Identity has the tools to secure your digital assets.
Like Microsoft’s Azure Active Directory that steers users toward other Windows products, Google does the same with Cloud Identity for G Suite and Cloud Platform applications.
But if you’re already using Google’s web-based software, Cloud Identity is a no-brainer to add identity, access, and endpoint management.
View more information: https://www.fool.com/the-blueprint/google-cloud-identity-review/