Contractors: Why G Suite is a Step Backwards
While many organizations are looking at the best way to move into the cloud, a debate is starting to spark – G-Suite v. Microsoft O365? Which is Better for your organization? While I understand the use case for what many call “Google Apps”, there are many reasons why moving to GSuite away from Microsoft O365 is a step backwards for your organization, and goes against the basic principles of cloud computing.
While G Suite can easily scale with your company as far as email addresses and apps are concerned, the storage limits and production applications simply are not there. There is a reason why when you talk about cloud computing there is really only two companies you bring up: AWS (Amazon Web Services) and Microsoft (powered by Azure). These cloud services allow you to easily scale your business up and down and expand throughout not only the country, but globally. G Suite gives this same opportunity, but on a far less scale – in fact the industry does not consider Google Cloud a “leader” in the industry, and instead sees them as a “Visionary” (see graph).
|Instance Families||Instances types||Regions||Zones|
So what does scalability of the cloud platform have to do with G Suite and Microsoft O365? Microsoft O365 is built on Azure and has easy scale into the vast applications, DevOps environment and storage at scale (yes your email takes up storage the more you grow). By moving into or setting your environment up in GSuite you are hindering your ability to scale and utilize applications that come with Microsoft O365 (like SharePoint, Teams, and integration with Dynamics).
AWS vs Azure vs Google: Networking
Amazon’s Virtual Private Clouds (VPCs) and Azure’s Virtual Network (VNET) allow users to group VMs into isolated networks in the cloud. Using VPCs and VNETs, users can define a network topology, create subnets, route tables, private IP address ranges, and network gateways. There’s not much to difference between AWS vs Azure on this: they both have solutions to extend your on-premise data center into the public (or hybrid) cloud, something that Google Compute Engine cannot do. Google instances belong to a single network, which defines the address range and gateway address for all instances connected to it. This means once you go Google, you’re looking at a major migration if you expect to integrate it with any sort of on-prem environment.
AWS is unique in providing Route 53, a DNS web service.
|Virtual network||Public IP||Hybrid Cloud||DNS||Firewall/ACL|
If you value your customers security and are hesitant to move into a complete cloud environment, GSuite is not for you. In fact, there are entire articles that have a “Top 5 GSuite Security Risks” and they have been an industry topic of discussion of how insecure their network is (compared to Microsoft and AWS). What’s the biggest risk (in my opinion) to the GSuite environment? Third party plugins and collaboration (the two strengths of Microsoft).
While in the majority of third party application cases, the apps are not malicious, the potential exists for hackers to exploit a loophole in insecure code and gain access to your data stored in G Suite via the app. There are also many fake apps around which can be downloaded from third-party app stores and these frequently contain malware. My opinion is if it’s open and free for the public to use, you’re maximizing your risk of hacks, malware, and ransomware.
Collaboration and allowing any user into your system seems like a good idea, until you realize that permissions within the GSuite is a mess and hard to manage. GSuite lacks the MFA that makes Microsoft and AWS choice of the federal government, and opens up your environment to threats.
There are various ways this might happen including:
- Stolen credentials (often via phishing scams in which hackers gain information via a fake website)
- Poor password security (insecure passwords, sharing passwords, writing them down, or telling them to others)
- Malicious hacking attacks
- Gaining access through already logged-in accounts (for example, via a stolen smartphone)
Once an unauthorized person gains access to files in G Suite they could potentially cause all manner of damage by editing or deleting files and gaining access to sensitive information.
G Suite is designed to make sharing and collaboration between many different users easy, however this puts the responsibility on the user or administrator to ensure that only appropriate files are shared with appropriate people.
It is easy to accidentally grant access to a file to the wrong user, or even maliciously for employees to share data with people outside the company if the correct access controls are not put in place.
Permissions can be confusing for many users and it’s also common for files to be shared with users with more permissions than are necessary. For example, granting the permission to edit and delete data rather than read-only. These permissions in GSuite enable you open to users outside your network through permission management systems that are not as complex as Microsoft or AWS and can leave the “Back Door Open” to hacks and users who have left your organization.
While going to GSuite is ultimately your companies decision, it is one we at Capitol Presence strongly advice against. AWS and Microsoft are the clear leaders in the industry, and you can count the number of Google private and Government trusted cloud servers on cow’s fingers… none. GSuite however is FedRamp approved and has the Authority to operate within Federal servers, that are likely running AWS or Microsoft Azure in some form or fashion.