Web app lets enterprise set security, sharing for Google Apps users

A new security tool lets enterprise IT groups set access and share policies for employees, including mobile users, who are working with the online Google Apps suite.

Using the Web-based DomainWatch, from New York City-based startup BetterCloud, an administrator can see an overview of the enterprise's full suite of Google Apps assets -- documents, presentations, calendars, and wikis and Web pages created with Google Sites. The policy editor lets you create and apply sharing and access rules for individuals or groups of users and assets.

TECH ARGUMENT: Microsoft Office 365 vs. Google Apps for Business

DomainWatch is targeted at a burgeoning array of enterprises, of all sizes, that are adopting Google Apps, sometimes replacing Microsoft's longstanding Microsoft Office suite, according to BetterCloud founder and CEO David Politis. He previously launched the SMB unit for Cloud Sherpas, a Google Apps consultancy and reseller.

Microsoft's rival online offering is Office 365. Both companies stress a range of collaborative scenarios, where multiple users can work on a document at the same time, for example, and up-to-date information can be shared easily via Web access with customers or business partners.

DomainWatch is a Web-based application, built atop the online Google App Engine, a framework that lets developers build and run Web apps on the Google infrastructure. IT or business managers access it via a Web browser. Once configured, DomainWatch uses the Google Apps APIs to launch a scan of all of the documents, calendars and other assets in the enterprise's Google Apps Domain. It collects information about these assets: name, their sharing settings, authors, and so on, and then stores just this information, indexes it, and makes it available administrative dashboard. It takes about an hour to do a full scan for a large enterprise domain, according to the vendor.

The DomainWatch Policy Editor lets you specify who can share what and how. These rules can be applied to individuals, groups, or across an organization. The policies let DomainWatch monitor the assets, and identify violations of sharing policies.

The Dashboard creates a single view for the enterprise domain of all Google Apps Calendars, Docs, and Sites. All of these assets can be searched and filtered based on nine criteria. DomainWatch lets you create or change rules, and apply them at once, such as changing the ownership of a Docs collection, or "unsharing" with a group of contract employees whose contract has expired: Again, it uses the Google Apps API and the attendant access control lists to apply such changes.

DomainWatch has no access to the enterprise documents themselves, according to Politis, and stores only the results of its scan.

The program is intended to give enterprises adopting Google Apps domain wide control over their assets, for hundreds or thousands of end users. "As they roll these out, and their users engage with Google Apps, there are opportunities for user error," Politis says. Users might not realize what "public" means in Google Apps, and expose a sensitive document to people outside the enterprise. DomainWatch can both catch that problem and, through the Policy Editor, prevent it from happening.

BetterCloud began beta testing the application last November. It's now available via the Google Apps Marketplace. The price is $8 per year for each user. Discounts are available for education customers.

John Cox covers wireless networking and mobile computing for Network World. Twitter: http://twitter.com/johnwcoxnww Email: john_cox@nww.com Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed

Read more about anti-malware in Network World's Anti-malware section.

Join the CSO newsletter!

Error: Please check your email address.

More about GoogleMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Cox

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place