Three out of five companies that suffer a major data loss shut down after six months. That’s a scary, eye-opening statistic. Many of these companies have that data in public clouds, including Google Apps. While there are dozens of really good reasons to use Google Apps for your business, legitimate risks are associated with any software-as-a-service (SaaS) application suite, including Google Apps.
A single Google Apps account can comprise $100,000 worth of data. In some respects, Google Apps is the safest productivity suite in the world. Google does not lose data on its own. However, Google is told to delete data. Far too often, Google is told to delete the wrong data, or the wrong person or program is issuing instructions to delete your information. If you’re running a Google Apps domain, are thinking of running one, or simply don’t want to lose every bit of priceless business data you’ve ever owned, here are five potential threats, identified by Emily Glass, creative product manager and usability expert for Backupify, that Google cannot defend against, but you can (and should).
Click through for five potential risks that should be considered when using a SaaS product, such as Google Apps, as identified by Backupify.
User error, known as the “deadly oops” with disastrous consequences, falls into two categories: accidentally deleting information or intentionally deleting data only to need it later. In the first case, a simple slip of the mouse or misunderstanding of how Google Apps works could lead to a major loss of business data. In the second case, you or a colleague erase a document or message you were certain was no longer necessary, only to later find that the data is vital but you are unable to restore it. While Google can’t protect you from yourself, regularly scheduled third-party backups of your Google Apps data are your safest protection against user error.
A security breach occurs anytime someone undesirable gains access to your Google Apps domain. It can take place in the form of a hard breach, in which the software itself is compromised, or as a soft breach, through which an attacker tricks one of your users into granting “legitimate” access to your Google Apps domain. If a hacker obtains an account password, he or she can effectively corrupt or delete all of the data in that account. Beyond bringing your staff up to speed on good Internet safety habits, all Google Apps users should be required to use a two-factor authentication method, in which users input both a password and a time-sensitive code to log in to Google Apps.
Third-party applications are any software that isn’t made by Google but which gets installed on your Google Apps domain. Unfortunately, these applications are sometimes configured incorrectly or aren’t deployed according to the developer’s directions, and Google does not guarantee that the third-party apps in its Marketplace are foolproof. Third-party app error is among the most dangerous threats to Google Apps data because it can touch an entire service or domain. The best defense here is to have a copy of your data where third-party applications can’t reach it: a secure, independent backup of your Google Apps data. This means that even if a malfunctioning app overwrites, corrupts or deletes your data, you’ve still got a fallback you can rely upon.
Typically, rogue employees damage Google Apps in cases where domain administrators cannot or do not know how to lock the departing employee out of Google Apps before the worker is notified of his or her termination. It may not even require a firing; employees can “burn” a domain before leaving for another job, or simply because they feel slighted by an organization. Much like a security breach, a rogue employee can delete all the data in a single Google Apps account, which can be roughly $100,000 worth of data. The most effective defense against rogue employees is also the easiest: Change an employee’s password or suspend an employee’s Google Apps account before firing them, preventing the employee from doing damage before his or her account is suspended.
While Google has never permanently lost or destroyed customer data, it has denied its customer access to their data for long periods of time. The two major types of Google errors include service outages — during which some percentage of Google’s customers will lose access to some or all of their Google services — and account suspensions —Google reserves the right to suspend or terminate an account at any time without prior notice. Google isn’t trying to cause errors, but when you operate at Google’s scale of 300 million user accounts, even a miniscule error rate can result in dozens, hundreds, or thousands of wronged customers and gigabytes of misplaced data every day.
Every user on your Google Apps domain should set up account recovery options that allow you to list a mobile phone number and alternate email address, which Google can contact to verify your identity. While there is no Google setting to defend against a Google outage, the only remedy for a lack of access to your Google Apps domain is to obtain a backup copy of your Google Apps data. With an adequate backup, you can still refer to your business information – look up emails, download documents, check calendar schedules – even when Google Apps itself isn’t available.