Control & Security Features

Updated: 21.09.2016 : 01:53  By: Manussanan

Contact us +66-2-675-9371 or +66-97-008-6314 for more information.

  Browser Restriction

Browser restriction to have stronger access control on specific browser usage
Are you facing any problem with your employees using multiple browsers which you wanted them not to use in your enterprise? SSO1 (gControl) Browser Restriction feature enables specific browser usage for end users in your organization.The administrator can whitelist specific browsers for an organizationunit(OU) or for subset of user(s) giving access control only for mentioned browsers. Any user(s) trying to access browser which is limited by administrator will be restricted to use.

The Solution
Browser restriction policies access control of browser usage which is enabled by the admin. Browsers like Google Chrome, Mozilla, Internet Explorer and Safari can be accessed in this policy. As SSO1 (gControl) has some extension based policies which can be pushed by administrator centrally hence Google Chrome would be most preferred. To accomplish this condition in an enterprise, browser restriction is useful

FAQ of Enable browser restriction to have stronger access control
Can I enforce my Employees to use Google chrome?
Yes, absolutely SSO1 (gControl) allows you to set the policies according to your organizational requirement.

  IP Restriction

IP Restriction for Google Apps (Google Apps Security)
25% of SSO1 (gControl) customers uses IP restriction to control access to Google Apps 
SSO1 (gControl) IP Restriction allows the Google Apps Administrator to restrict access to Google Apps/Google For Work from specified set of public IP addresses. The administrator can define multiple policies for an organisation unit(OU) or for subset of user(s) giving access control only from a predefined IP address. The administrator can provide these IP's either through a CSV upload feature or through a specified user interface.

Any user(s) trying to access their Google Apps account using browser from unspecified IP addresses will be restricted even after providing RIGHT credentials. From security point of view even if the password/credentials are compromised the bad user will not be able to access the user's account thus protecting enterprise data from illegitimate access.

Watch video for IP Restriction for Google Apps

The Challenge with Google
Google For Work is one of the best cloud office product in the market. It provides end user with plethora of features to be accessed anywhere, any time and on any device. Though these are big word for end users but these becomes challenge for IT and IT Security team. The IT security team is more concerned about the security of the enterprise data which is hosted outside the perimeter of enterprise.

So , how do you enable / ensure email security in your organization?

SSO1 (gControl) IP Restriction feature  allows administrator to White-list the list of IP addresses from where the organization would like its user(s) to access the Google Apps account. The IP address are the public IP address(WAN IP) of enterprise network. The feature provides creation of multiple policies based on OU or users.

SSO1 (gControl) IP restriction is one of the most popular features being used by our customers. 25% of our customers uses this feature to control access to their enterprise data from enterprise network or network known to the enterprise.

How SSO1 (gControl) works:
SSO1 (gControl) helps in restricting access control from a perticular device based on IP address on the similar principle of Whitelisting and Blacklisting IP address.

Here is how it works:

- Admin Needs to login first and has to click on the SSO1 (gControl) Icon.
- Click on IP restriction link from Quick Links
- View all existing created policies
- Click on Add policy if a new one has to be added
- Mention the necessary details such as name, policy, description etc..
- You can add Users ID and corporate Network IP's manually or upload the csv by clicking on the respective icons. Now when an end user tries to log in from unauthorized IP's they will get notified that user is not allowed to login from this system.

The SSO1 (gControl) advantage :
- Admin has a choice to whom to give access and whom not to give access.
- Admin can add practically unlimited IP's and users in the policy.
- Admin can retrieve the registered user & IP related details in zip format which can be used to perform periodic checks in an easier and efficient way.
- The Admin has freedom to create a multiple polices for the corporate users so that the admin can choose different IP restriction policies for different services. This allows more flexibility.
- SSO1 (gControl) solves one more challenge which Google Apps poses to an Organization which switches to Google Apps
FAQ of IP Restriction for Google Apps
Which IP address shall be specified in IP restriction policy?
- IP restriction policy must be configured with Public IP or Proxy IP of the organization.

 

  Time Restriction

Time Based restriction to have stronger access control (Access Control Google Apps)

Are you struggling to restrict your employees from completing the work at hand within a particular time slot? It has been noted many a times that employees extend their working hours to get entitled to overtime bonus and other such facilities.

To bind your employees to work only during the stipulated amount of time it is necessary to control their access to cloud application for work.

SSO1 (gControl)'s Time Based access restriction policies allows Google apps admin to restrict users from using google apps after a specific slot in a day. Such Time based restriction or Time based access control (Access control Google Apps) can be set for an organizational unit or for a subset of user to restrict access accordingly. The admin can utilize such time based restriction by defining the time slots during which cloud applications can be accessed.

If the user tries to violate the policy, a report is generated for the admin and the user will not allowed to log into their business email enforcing Google Apps security and access controls.

Watch video for Enable Time Based restriction to have stronger access control

THE CHALLENGE
The users who need to be forced to use Google Apps during working hours.
The users are not allowed to use Google Apps during the weekends.
THE SOLUTION
Time Based  restriction policies or time based access control of Google Apps enables the admin to define policies for an Organizational Unit or Subset of User restricting access control for a particular slot of the day.
FAQ of Enable Time Based restriction to have stronger access control
Can I apply time restriction for Employees working in night shift?
- Yes, absolutely SSO1 (gControl) allows you to set the policies according to your organizational requirement.

 

  Device Restriction

Device restriction to enforce Cloud Firewall Solution
Device restriction is the most important cloud firewall solution for any corporate organization. In the present day scenario an estimated two million laptops are stolen or misplaced in USA alone. 69% of laptops are lost off-site -e.g. working from a home, hotel room or vehicles 11.5% of laptops are lost in-transit while travelling.

The data contained in the laptop is usually worth much more that the value of the device itself.

So, what do you do to protect your company's confidential data from being stolen.

SSO1 (gControl)'s Device Restriction is an extraordinary cloud management tool to help prevent your company data from being stolen in case of thefts or other mishaps

Watch video for Employ Device restriction to enforce Cloud Firewall Solution

SSO1 (gControl) Device Restriction in a Nutshell
Prevent your employees from accessing corporate data from any other device except the one alloted by the company. This ensures that there is no malicious access to company data .For those organizations which do not want to allow their employees to work from any device other than their workplace device,be it a PC or a laptop that is allotted to them Device Restriction feature can become a stepping stone to in achieving security for the enterprise network.
FAQ of Employ Device restriction to enforce Cloud Firewall Solution
Can I configure more than one device in device restriction policy for a single user in multiple device?
Yes absolute you can you configure device restriction policy for a single user in multiple device.

  Session Timeout

Session Timeout to prevent unauthorized activities with Google Apps
By configuring Session Timeout, you can reduce your Google Apps exposure. Users often leave their computers unattended for extended periods and do not close applications before departing. Therefore, an unauthorized person can easily assume the user's identity within Google Apps.

By setting the session timeout, users get automatically logged out of their application after the specified time frame set by Google Apps admin

Watch video for Implement Session Timeout to prevent unauthorized activities with Google Apps

THE CHALLENGE
Users often leave their computers unattended for extended periods and do not close applications before departing.
Therefore, an unauthorized person can easily assume the user's identity within the application.
 Administrators need to provide a mechanism to stop unauthorized access to unattended interactive sessions.
CloudCodes's  gControl allows Google Apps administrator to set the session timeout, users are automatically logged out of their application after the specified timeout

KEY ATTRIBUTES:
 Protects access of corporate mail account from unauthorized usage.
Set the idle time for all domains end users.
It gets activated automatically if mail account is in idle state.
End user's mail account will get automatically logout if no activity is done
HOW IT WORKS:
Now go to "SSO1 (gControl) Chrome Extension Settings" tab

Set idle time from the drop-down
To notify end user before logging out click on check-box & save it.
Now, when end user logs in to his mail account then they need to install "SSO1 (gControl) Chrome Extension" from marketplace if it is user managed.
If it is "admin managed "then admin need to install SSO1 (gControl) chrome extension from "Admin Console "panel into the domain.
The extension will monitor the idleness of open Google apps tabs.
If no activity is done on chrome browser tabs then extension will end the user's session after certain period of time which set by admin.
End user need to login again.
FAQ of Implement Session Timeout to prevent unauthorized activities with Google Apps
After how much time user will be logged out of the google apps account
- You can mention the time requirement in the session timeout policy according your organizational requirements.

  Gmail Block

Block Personal Gmail to ensure Data Security (Gmail Security)

As a Google Apps admin, you may want to prevent users from signing into Google services using any accounts other than the accounts you provided them with. For example, you may not want them to use their personal Gmail accounts or a Google Apps account from another domain (Gmail Security)

Watch video for Block Personal Gmail to ensure Google Data Security (Gmail Security)

THE CHALLENGE
Currently when Google Apps is implemented for an enterprise, it allows the users to use consumer Gmail without any restriction (without Gmail Security).

This becomes a major concern for organization where implementing corporate policy of using personal email within office becomes difficult to implement unless enterprise uses expensive firewall.
For small to medium enterprises, this is a major show stoppers and sometime prevents the organization from going Google.

Organisations that are bound by regulations such as the UK's Financial Services Authority, or the US Health Insurance Portability and Accountability Act (HIPAA) are hesitant about migrating to Google Apps because they have to be able prove that sensitive information cannot be shared between business and personal Google accounts.

CloudCodes SSO1 (gControl) allows Google Apps administrator to control the access of consumer Gmail within the enterprise with the help of gmail block and report violation of Gmail block policy to administrator, reporting manager and HR. The solution is implemented without any hardware dependencies

KEY ATTRIBUTES :
Blocks access of Login on corporate network
No sharing of confidential data with personal accounts
Provide security to corporate network
Apply Gmail blocking policy for users & organization units
Add corporate public networks IP's into policy
Administrators will get notified via mail if users tried to login their account & violated the norms

HOW IT WORKS:
Sign in to the Admin console.
Click on Other Google Services > Chrome Management > Advance settings.
To pre-install specific extensions and applications, click Manage pre-installed apps.
Pre-installed Apps and Extensions dialog box will appear. Select Chrome Web Store from it.
Enter 'CloudCodes SSO1 (gControl)' in search text-box. Press enter.
CloudCodes SSO1 (gControl) Extension will appear in the left column. Choose this extension by clicking 'Add' button.
The selected item appears in the right column, and the Add link changes to Added.
Save the settings
Now click on "More" from the top of the page, scroll it down & click on SSO1 (gControl). Finally Add users into the policy & Save the policy

HOW IT PROTECTS YOU:
An extra layer of security
Visibility into End Users Access of Consumer Gmail
Complete control on Corporate Data
FAQ of Block Personal Gmail to ensure Data Security
Can I track the personal gmail account being accessed by users?
Yes you will come to know about it from violation policy reports.

  Access Restriction

Blacklist Application to strengthen enterprise cloud security
Employees often use Google Apps User Id to register for 3rd party applications like pinterest, Tripdo , podio etc. On the surface these applications looks harmless but a closer looks reveals that therse applications asks for permission to access personal data, at times even the calendar and drive data of the user.

Access to calendar and drive data? The sounds of it must make you feel vulnerable and unsafe.

Though Google Apps provide appropriate administrative control for administrator to take appropriate action and revoke the permissions provided by the user but data is already shared with 3rd party app hence data leakage incident has occurred outside the domain.

SSO1 (gControl)s deals with this problem by providing a preventive mechanism , but prohiting users from signing into any 3rd party application with the Google Apps Id, unless the particular application is whitelisted by the Google app administrator in SSO1 (gControl). This will ensure no data is compromised outside domain.

The solution will be provided through browser extension.

FAQ of Blacklist Application to strengthen enterprise cloud security
Does 3rd party application block require an add on Chrome or extension?
- Yes, The solution will be provided through browser extension.

Contact us +66-2-675-9371 or +66-97-008-6314 for more information.