G Suite for education: data backup rules

G Suite

Cloud environments like Google G Suite are extremely powerful for businesses and enterprises alike.  It is also an extremely robust tool for the education sector as well.  It has helped to modernize the approach of learning in many areas including engaging students, publishing curriculum, communication, and many other aspects.

While making use of the advantages offered by G Suite for Education (GSFE), educational institutions must also give attention to protecting and securing the data in their environments.  With many different cybersecurity threats that risk data in cloud environments, organizations, including educational institutions, must make protecting their data a top priority.

Cybersecurity Threats in Education

There is no question that students are increasingly learning by consuming digital resources.  This can be remote learning, remote instructor lead classrooms, self-paced e-learning, and many others.  Today’s institutions for higher education (IHEs) and also K-12 institutions are making use of e-learning as a considerable component of the learning curriculum.

With all the benefits of cloud SaaS environments for organizations, including education, there are many dangers.  Storing various types of sensitive information on third-party servers as part of cloud environments accessible over the Internet can lead to cybersecurity risks if not properly secured and protected.

Cybercriminals realize that organizations are migrating to cloud environments at a rapid pace.  There is valuable, sensitive, and personally identifiable information (PII) data that can be vulnerable for attack in cloud SaaS without the right protections in place.

What threats are leveraged against educational institutions?  These often include:

1. Ransomware
2. Hacking
3. Unintended or intentional disclosures of data

Why are educational institutions targeted by attackers?  Unlike financial institutions or other corporate businesses that may have data containing credit card numbers or other customer information, education institutions such as IHEs have a wealth of personally identifiable information (PII) that can be of value to attackers.

There may be other types of valuable data to an attacker.  As a case in point, many universities are involved in research activities that can be used by the military for developing new technologies including weaponry and others.  In fact, back in 2017, Chinese hackers targeted educational institutions with “undersea technology” as part of a cybercampaign that compromised the security of several major IHEs.

Also, not to be forgotten, many health care institutions and education institutions are combined for educating medical professionals.  If not properly secured, a breach of the educational “side of the house” can potentially lead to a breach of protected health information (PHI) if these are not properly separated.

One of the pillars of securing data in SaaS environments like G Suite for Education (GSFE) is preparing effectively for the threats.  What does this involve?  It requires a combination of

• Prevention
• Protection
• Mitigation

As part of preparing for cybersecurity threats to your G Suite for Education environment, you want to ensure that you protect your data with proper backups.  In fact the Cybersecurity for Hight Ed Fact Sheet mentions about backups:

“A major element of secure data storage involves the performance of regular data backups. Even if a cyber attacker is successful in retrieving data, data backups can help cybersecurity teams “go back in time” in order to help confirm which systems, applications, etc. were compromised, which will in turn help IHE administrative staff communicate pertinent information to those affected.”

As educational institutions look at backing up the data in G Suite for Education environments, Google offers no native backup solution as such.  There are pseudo backups of data through file versioning, Google Vault, and others.  However, Google does not support tools like Vault as “backups” of your data.  Since the tools mentioned are not truly backup solutions, recovering your data, especially an entire dataset, may be difficult.

Your educational institution must take charge of protecting data inside G Suite with proper backups.  Outside of the native tools mentioned, this must be carried out with a third-party solution.

Best Practice Rules for Data Backups

When backing up data in a cloud environment like G Suite for Education, you need to think about following best practice rules for cloud backups.  What are these?

1. Automatic backups
2. Store backups outside the G Suite environment
3. Encrypt your backups
4. Backup deleted items
5. Monitor your backups

Why are each of these best practice backup rules important?

1.  Automatic backups

Backing up your data in G Suite for Education automatically is extremely important.  This helps to ensure that all existing data and any new data is properly protected.  Using a backup solution that allows proper versioning between the restore points is also important.  This allows restoring data to a specific point in time or “version” if it is accidentally or intentionally changed.

Backup processes that are left to human intervention or relies on a human to initiate can often be forgotten or performed irregularly.  You want to have an automatic process for protecting your data in GSFE, multiple times per day if possible.

2.  Store backups outside the G Suite environment

There is an age-old backup best practice rule known as the 3-2-1 backup methodology.  It states that you need to have at least (3) copies of your data, stored on (2) different types of media, with at least (1) stored offsite.  Having a copy of your data stored in an entirely different physical location is extremely important.

If you have a disaster that affects your main production location, backups stored in the same location will also be affected.  Storing a separate copy of your data from production in another location ensures you will always have a good copy of your production data.

Many third-party cloud backup solutions will store the G Suite data in Google’s own cloud infrastructure.  This is akin to storing your backups in the same environment as production which isn’t good practice.  Look for a G Suite for Education backup solution that allows choosing where your GSFE data is stored.

3.  Encrypt your backups

Your backups themselves need to be safeguarded.  Backups of your G Suite data is production data.  That means if your backups are compromised, your production data is compromised.  Encrypting your backups helps to ensure that no one is able to access the data in your backups without the encryption key.

Make sure your backup solution is able to encrypt your backup data both in-flight and at-rest.  This means your backups are encrypted as they are stored on-disk and as they are communicated across the network.  This also helps to ensure the data contained in the backup is secure end-to-end.

4.  Backup deleted items

When backing up your G Suite data, you want to make sure that backups of your environment also contain deleted items.  This helps to ensure that data that may have been deleted accidentally or intentionally is protected.  This allows for recovery.

5.  Monitor your backups

How do you know the data that you expect to be in your backups is truly contained in your backups?  Are there any gaps in the coverage of G Suite backups?  How do you know?  Monitoring your backups and having visibility to backup operations, data contained therein, and any data that may have been missed is extremely important.

As part of your best practice backup rules in your G Suite environment, you want to ensure you have visibility into the details of your data backups in your G Suite for Education environment.  This will help to ensure that any potential problems with backups are found before you experience a disaster recovery or cybersecurity event.

G Suite for Education Backups with SpinOne

Backing up your G Suite for Education environment is extremely important and helps to ensure you protect your data against ransomware and cybersecurity threats.  It also helps to have the historical forensic data you need to reconstruct changes to your environment.

While G Suite is a very capable cloud Software-as-a-Service environment, it lacks a true native backup solution for your GSFE data.  SpinOne provides both data protection in the form of backups as well as a fully-featured cybersecurity platform, all in a single solution.

SpinOne’s SpinBackup solution meets and exceeds all the data backup best practices mentioned above for Google apps for education backup, now G Suite for Education environments.  A few of the highlights of SpinOne include the following:

• Automated backups 1-3x daily – SpinBackup creates properly versioned backups of your data in G Suite for Education and uses smart incremental backups to copy your data as efficiently as possible
• Backup storage outside of G Suite – One of the robust features offered by SpinBackup is the ability to choose from multiple cloud storage environments for your backups. If you want to store your G Suite for Education backups outside of G Suite environment in accord with best practice, you can easily do that.  SpinOne provides the ability to leverage Google Cloud, Amazon S3, and Azure Blob storage.  This gives your organization many different options to store your cloud-to-cloud backups.
• End-to-end backup encryption – SpinBackup protects cloud-to-cloud backups by encrypting them at rest, on-disk, as well as in-flight with AES 256-bit encryption.
• Deletion control – SpinBackup provides deletion control which contains a lost & found folder that protects all files that are deleted in your G Suite for Education environment.
• Activity reports – With SpinBackup, you get weekly and monthly reports and proactively monitors data loss protection status.

In addition to backups of G Suite environments, SpinOne’s SpinSecurity module provides industry-leading, automated ransomware protection that leverages backups taken of your G Suite environment.  In the event of a ransomware infection, SpinOne:

1. Automatically identifies the source of an active ransomware infection attempt
2. Blocks the source of the attack and terminates the process
3. Identifies any files that were affected by the attack
4. Automatically remediates files identified with good versions from the last backup
5. Administrators are alerted to the attack and remediation

Overview of the SpinOne ransomware protection workflow

Take a look at more information on how SpinOne protects your G Suite environment here.  You can also download a G Suite data migration guide to see how to effectively migrate data between G Suite users.